What is HCP Consul?
HCP Consul offers a HashiCorp-managed version of Consul and a separate hosted management plane service.
For the HashiCorp-managed Consul service, we install, configure, and maintain the Consul servers on either AWS or Azure to ensure that your Consul clusters are always ready to connect your services. You can connect your existing Consul clients to HCP Consul clusters just as you would connect to a self-hosted Consul cluster. Because HCP Consul uses the same binary as Consul Enterprise, you can use the same features and functionality across infrastructure environments. Refer to the Features section for more details.
The hosted management plane enables global visibility and control for both self-managed and HashiCorp-managed Consul deployments. Refer to the management plane section for more details.
Refer to the Getting started section for more details on bootstrapping a new self-managed kubernetes cluster with the management plane service.
Tutorial: For step-by-step guidance on deploying HCP Consul, complete the getting started tutorial.
How does HCP Consul Work?
HCP Consul employs the same architecture as versions of Consul you host:
- Consul server agents perform resource-intensive functions such as managing cluster states, making catalog changes, and maintaining quorum.
- Consul client agents collect service information in an environment and communicate those changes back to servers.
In HCP Consul, however, HashiCorp installs and maintains the Consul servers, removing the overhead associated with standing Consul clusters up yourself. You are only responsible for managing the Consul clients.
To reduce server deployment and maintenance complexity, HCP Consul uses a HashiCorp Virtual Network (HVN) to connect the clusters associated with your organization.
There are three steps to set up HCP Consul:
- Create an HVN.
- Deploy your Consul cluster.
- Connect the HVN to your infrastructure environment.
Configurations and specific instructions vary by infrastructure environment. Follow the guide for either HVN on AWS or HVN on Azure.
Why HCP Consul?
Consul is a feature-rich and highly-configurable networking solution. Because configuring, deploying, and maintaining Consul infrastructure can be daunting, HCP Consul removes the need for Consul-specific expertise by handling the most complex operations.
There are additional benefits to using HCP Consul:
- Secure by default: HCP Consul servers are deployed with a secure policy that requires connections to have explicit permission. In addition to providing secure network connectivity for features such as datacenter federation, we proactively patch any Common Vulnerabilities and Exposures (CVE) to ensure Consul servers are protected.
- Fully-managed infrastructure: You can expect production-ready servers with guaranteed service level agreements (SLA) that are monitored and maintained by HashiCorp site reliability engineers (SRE). We also provide backup and restore options, freeing you to focus on using Consul and its capabilities.
- Push button deployments: You can use the HCP interface to spin up Consul servers. The interface includes both a guided UI and Terraform automation options for quickly creating new clusters.
Features
Feature availability is based on the tier you use for your Consul clusters. For more information about tier support for multi-region and multi-cloud deployments, refer to cluster tiers. For pricing information about the tiers, refer to HCP Consul Pricing.
HCP Consul includes the same features that are available in Consul Enterprise. For more information about Consul features, configuration, and usage, refer to the Consul documentation.
Consul Server Features
| Feature | Description | Tier |
|---|---|---|
| Access controls | Secure access to your HCP assets without impeding users. | Development Standard Plus Premium |
| Admin partitions | Define administrative and communication boundaries between services that belong to separate stakeholders or are managed by separate teams. | Development Standard Plus Premium |
| Automated backups | Run the snapshot agent in your environment to automatically take snapshots, rotate backups, and send backup files to storage sites. | Development Standard Plus Premium |
| Cluster Peering | Connect two or more independent clusters so that services deployed to different partitions or datacenters can communicate. | Development Standard Plus Premium |
| Federation (single-region) | Connect multiple HCP Consul clusters within a single region to extend your Consul environment. | Development Standard Plus Premium |
| Federation (multi-region) | Connect multiple HCP Consul clusters across multiple regions to extend your Consul environment. | Development Plus Premium |
| HashiCorp management | Create HashiCorp-managed clusters. You can use either HCP's interface or Terraform. | Development Standard Plus Premium |
| Managed upgrades | Update your HCP Consul cluster to the next available major version. You can use either HCP's interface or Terraform. | Development Standard Plus Premium |
| Namespaces | Separate services, Consul KV data, and other Consul data by team so that different teams in the same organization can share Consul datacenters. | Development (testing only) Standard Plus Premium |
| Web UI | Access Consul's web UI, which provides information about nodes, services, and other cluster components. | Development Standard Plus Premium |
On AWS, cluster peering and federation cannot be used on the same cluster concurrently.
Consul Client Features
| Feature | Description | Tier |
|---|---|---|
| Broad runtime support | Deploy clients to a range of runtimes. To learn more, refer to Specifications. | Development Standard Plus Premium |
| Consul API Gateway | Consul API Gateway is a special gateway that allows external network clients to access applications and services running in a Consul datacenter. | Development Standard Plus Premium |
| Gateways | Ingress, terminating, and mesh gateways provide connectivity into, out of, and between Consul service meshes. | Development Standard Plus Premium |
| Health checks | Define checks to monitor the health of nodes in your network. | Development Standard Plus Premium |
| Kubernetes CRDs | Use Custom Resource Definitions (CRDs) to manage custom Consul configuration entries on Kubernetes. | Development Standard Plus Premium |
| Observability integrations | Use L7 observability features in your service mesh. | Development Standard Plus Premium |
| Service discovery | Register services and make them available to the network. | Development Standard Plus Premium |
| Service mesh | Provide secure service-to-service communication within and across infrastructure. | Development Standard Plus Premium |
High Availability
HCP Consul deploys Standard and Plus tier clusters with three server nodes. To provide high availability, HCP Consul deploys each node in a separate availability zone (AZ).
Audit Logging
Note: Currently, audit logging is not available for HCP Consul on Azure environments.
Consul Enterprise Audit Logging is available by default on all Standard and Plus tier clusters. Consul audit logs capture Consul-authenticated events that occur through the HTTP API. Audit logs include timestamps, operations, and the assessor ID associated with the token used in the API call. To learn more about assessor IDs and other token metadata, refer to Access Control List (ACL) Overview.
Audit logging allows security and compliance teams in an organization to get greater insight into Consul access and usage patterns. The HCP Consul instance writes the audit logs and keeps them in encrypted storage in the same region as the cluster. Audit logs can be retrieved in 24-hour increments from the HCP portal.
Management Plane Service
The HCP Consul management plane is a hosted service that enables you to monitor and manage multiple Consul server clusters regardless of where the clusters are hosted. You can use it to view aggregated health information for your clusters and services from a single location.
The management plane is hosted on AWS and is distinct from the HashiCorp-managed Consul server offering.
The management plane service provides the following views into your deployments:
You can also use the management plane to bootstrap self-managed clusters.
Community
Ask questions, make suggestions, and contribute to the community.
- Ask questions in the official HashiCorp forum.
Looking for Consul fundamentals?
Read core Consul documentation and tutorials, including self-hosted open source docs.
