4 hours 53 minutes
welcome to our next lesson on vault. In this section, we're gonna talk about alternative technologies devote to take a minute to think about multi cloud.
And what are the considerations? Because that's a term that's thrown around a lot. And if you're at a smaller company, you might have a single cloud vendor. You may say we're using Google Cloud
and the entire company. All cloud related activities run on Google Cloud.
Bigger companies, large enterprises. They're gonna have different departments that maybe using different cloud providers, right in a multi car environment.
Things can also happen if you are smaller company and you get acquired or your bigger company and you require a smaller company. That company may not be using the same cloud vendor that you have considered your standard, and it's unlikely that is worth
the entire migration effort, and certainly it would take place
over a long period of time. If you say really want to keep everybody on this lame cloud provider, um,
you're gonna have to have this period of time at least a period of time, if not indefinitely, where you are accommodating multiple clouds. As a result of the acquisition,
fourth cloud vendors themselves will provide discounts and subsidies to different companies during the course of business. So that can also bring a very large incentive to start using one cloud vendor of certain capabilities with one cloud vendor over another at the same time, it doesn't mean you're going to
remove everything and pick up and go from Cloud Vendor A over to cloud vendor. Be right if Google is giving you a great deal on there
AI processing capabilities and integrate subsidy. But at the same time Amazon is is giving you steep discounts on your s three bucket storage. You're gonna end up in a multi cloud situation whether or not you want to do that as a technology really becomes a good business decision. And then finally there is the best of breed consideration.
bring platform as a service. These are so far above and beyond the traditional infrastructures of service. We have virtual machines. You have storage right platform as a service are providing things such as How do you manage your fleet off I O. T devices and communication and event broadcasting
to the devices and registration of the devices.
Other platform as a service may include kubernetes as a service. So rather than spending up a bunch of virtual machines and then installing kubernetes, you use the kubernetes as a service. You now don't have to worry about managing the various
virtual machines that you're different pods are being deployed to. You're dealing with it at a higher level of abstraction.
Other areas include big data, big Data analysis. Instead of managing a farm of virtual machines and then insuring that your spark queries get distributed appropriately, you can work at a higher level
and be abstracted from the fact of what machines thes air working on. We also see databases database platform as a service, right? So you're not managing virtual machines that reduce and create a cluster of databases to you. It's just one connection string. And then there's a bunch of magic that happens behind the scene. Well, the cloud providers taking care of those
and certain cloud providers
are going to get stronger in their offerings as platform as a service over time, based on their own competencies, the areas of strategic vision that these companies have. So these air reasons to say multi cloud is a reality there. There is a lot of probability that you're gonna get into these kind of circumstances.
All of it is a Segway into taking a look at what about the cloud providers themselves? And don't they have
vaults their own implementations of vaults, such as Amazon Kms? Key Management Service Right deserves Key Vault, Google's Cloud Key management service.
These products often focus on having strong encryption and storing keys and storing secrets and storing certificates.
But there are capabilities that we've even already touched on it. We're gonna dive into deeper. That vault provides that you're just not going to get with the cloud provider vaults when we talk about dynamic secrets and rotating the secrets and managing leases and revoking secrets. If, in the event of a compromise
to start closing things out, let's look at Vault enterprise,
we won't be spending a lot of time on it in this training. It's really focused on the open source version of vault, but I do want toe provide you with some of the capabilities in an overview so that you can then go and look into it more in the event that you choose to really adopt vault within your enterprise. Things is such as a cluster replication, right? Getting that
high availability we talked about
HSM supports on Inter Be augmentation Seal rap
performance. Standby, right? If you think about vault and hosting the secrets, there's going to be a whole lot of read operations, and you may want to configure it. So there's multiple vault nodes. One is the source of truth, the one that supports, read and write operations. But then you can set up
the standby nodes
to help with the read operations. In the event that that that the single primary node starts getting overloaded, there's other things, such as multi factors, authentication and sentinel. For more advanced policy knowledge. Mint certainly go to the Hash Corp site.
If you're interested in it, explore these further. I'm sure they'd be happy to give you
a deeper dive into the differences between normal open source vault, which is what we're going to be using in the Enterprise version of vault.
To recap in this video, we talked about the realities of multi cloud situations that air likely to happen with your company with other companies, motivations why you may want to be actually in a motivate a multi cloud situation. Then we touched on cloud provider vaults
took into account the benefits of having a consistent method of managing keys, as opposed to working with the particular cloud provider vault solutions and some of the shortcomings of those vaults solutions.
And then we finalized by touching on major differences between the vault Open source edition that we're gonna be working with and the Vault Enterprise Edition.