Summary
Founded in 2012, HashiCorp is an infrastructure and workflow automation vendor centered on open source software for provisioning and managing infrastructure, applications, containers, access, secrets
The 451 Take
HashiCorp and its software are timed well with containers, microservices, broader adoption of DevOps, hybrid cloud and the significant role that all of these trends play in enterprise digital transformation. With its different open source software projects and products across a range of infrastructure, container and security management, HashiCorp is similar to a younger Atlassian, a flattering compliment given the latter's successful IPO in 2015. HashiCorp benefits from playing in several leading areas of enterprise IT and digital transformation: DevOps, containers and hybrid clouds. Nevertheless, it still faces the challenge of bringing its products together in a way that drives traction for all of them.
Products
HashiCorp has four main products – Terraform for infrastructure and workflow automation, Vault for secrets management, Nomad for scheduling and Consul for service discovery – all of which are open source software with enterprise versions and support from the company. Its main offering is the Terraform infrastructure provisioning, management and automation software. Timed well with enterprise adoption of hybrid infrastructure, Terraform is intended to provide a consistent workflow for operators managing infrastructure and applications across public clouds, private clouds and external services. Consistency and reuse are key aspects of Terraform, which features a human-readable HashiCorp Configuration Language, separate plan and apply phases, and declarative configurations.
Terraform is commonly used as a cloud management platform and can enableprovisioning and management of any infrastructure without losing the full capabilities of each cloud. This is achieved partly through a network of over 70 infrastructure partners and more than 1,000 resources to assist operators. Terraform's ability to automatically reconcile dependencies also helps. By providing verified modules that give users access to templates and best practices for setting up and running cloud infrastructure, Terraform is also employed by enterprise organizations for self-service infrastructure. Modules are contributed from both vendors and the community, the module registry can be managed with a public UI, and the software features code that is geared for simple reuse.
At HashiConf in September, HashiCorp unveiled the public Terraform Module Registry, a series of over 30 modules or templates on best practices and technology choices with its software. The registry was created with partnership from major cloud providers or their communities, including Alibaba, Amazon, Google, Microsoft, Oracleand Kubernetes. HashiCorp supports modules for its own software, including Vault, Nomad and Consul, as well as others such as CoreOS Tectonic. The company offers two tiers of modules: verified modules that are certified by HashiCorp and its partners, and community modules.
Also announced at HashiConf was a new capability for Terraform and the company's other enterprise products called Sentinel, which is intended to enable infrastructure as code with guardrails to maintain access control of self-service environments via policy. Sentinel basically defines sandboxes of automation where code reviews are not needed so checks can thus be automated. Additionally, the company recently launched the second beta release of Terraform Enterprise, which features a new workspace data model and Sentinel integration. While Terraform Enterprise is similar to HashiCorp's previous effort to bring its products together with Atlas, the software now features a Terraform operator experience. It is designed to scale Terraform up to hundreds of teams or environments.
In 2015, HashiCorp introduced another main offering, Vault, for privileged access management, encryption as a service, and secrets management. The software is designed to centrally secure, store and tightly control secrets across distributed infrastructure and applications. HashiCorp highlights how Vault can change the way organizations manage keys, moving away from vendor-specific platforms and key management servers to more abstracted security primitives that can be more simply audited. At its recent HashiConf, the company introduced native Kubernetes integration for Vault in response to customer and community demand for Kubernetes environments along with public clouds and other infrastructures. The Vault Enterprise commercial edition also features integration of Sentinel.
HashiCorp's third main product is its Nomad scheduler and application lifecycle management software, which is among the top enterprise options for container management and orchestration, although well behind leaders Kubernetes, Mesos/Mesosphere DC/OS and Docker Swarm. Nevertheless, the company says Nomad is commonly used with Kubernetes, which is consistent with our current research that indicates a mixed market for container management and orchestration software. Nomad is intended to allow enterprises to more simply and securely manage applications throughout their lifecycle and across different cloud providers and regions. This includes writing declarative job files and storage in version control; validating changes with Nomad plans and policies; and running applications across a variety of infrastructures, including public clouds, private cloudsand on-premises. Possible Nomad workloads include Docker workflows, non-containerized applications, microservices, batch processing and multi-cloud deployments.
HashiCorp's fourth main offering is Consul, a tool for service discovery, runtime configuration and orchestration, and advanced networking. Consul is deployed for dynamic service discovery via HTTP and DNS to simplify connecting services across distributed applications and infrastructure. The software can also enable runtime configuration updates and orchestrate one-time changes at scale and in distributed environments. Additionally, Consul supports networking for microservices across complex topologies.
Terraform is commonly used as a cloud management platform and can enable
At HashiConf in September, HashiCorp unveiled the public Terraform Module Registry, a series of over 30 modules or templates on best practices and technology choices with its software. The registry was created with partnership from major cloud providers or their communities, including Alibaba, Amazon, Google, Microsoft, Oracle
Also announced at HashiConf was a new capability for Terraform and the company's other enterprise products called Sentinel, which is intended to enable infrastructure as code with guardrails to maintain access control of self-service environments via policy. Sentinel basically defines sandboxes of automation where code reviews are not needed so checks can thus be automated. Additionally, the company recently launched the second beta release of Terraform Enterprise, which features a new workspace data model and Sentinel integration. While Terraform Enterprise is similar to HashiCorp's previous effort to bring its products together with Atlas, the software now features a Terraform operator experience. It is designed to scale Terraform up to hundreds of teams or environments.
In 2015, HashiCorp introduced another main offering, Vault, for privileged access management, encryption as a service, and secrets management. The software is designed to centrally secure, store and tightly control secrets across distributed infrastructure and applications. HashiCorp highlights how Vault can change the way organizations manage keys, moving away from vendor-specific platforms and key management servers to more abstracted security primitives that can be more simply audited. At its recent HashiConf, the company introduced native Kubernetes integration for Vault in response to customer and community demand for Kubernetes environments along with public clouds and other infrastructures. The Vault Enterprise commercial edition also features integration of Sentinel.
HashiCorp's third main product is its Nomad scheduler and application lifecycle management software, which is among the top enterprise options for container management and orchestration, although well behind leaders Kubernetes, Mesos/Mesosphere DC/OS and Docker Swarm. Nevertheless, the company says Nomad is commonly used with Kubernetes, which is consistent with our current research that indicates a mixed market for container management and orchestration software. Nomad is intended to allow enterprises to more simply and securely manage applications throughout their lifecycle and across different cloud providers and regions. This includes writing declarative job files and storage in version control; validating changes with Nomad plans and policies; and running applications across a variety of infrastructures, including public clouds, private clouds
HashiCorp's fourth main offering is Consul, a tool for service discovery, runtime configuration and orchestration, and advanced networking. Consul is deployed for dynamic service discovery via HTTP and DNS to simplify connecting services across distributed applications and infrastructure. The software can also enable runtime configuration updates and orchestrate one-time changes at scale and in distributed environments. Additionally, Consul supports networking for microservices across complex topologies.
Customers
HashiCorp reports about 200 paying customers, driven by growing enterprise adoption of DevOps, application modernization with dynamic and distributed runtime environments, and multi-cloud adoption. Typical Terraform use cases include collaboration on infrastructure management with web-based UI and integrated version control systems to improve both developer productivity and operator efficiency; and infrastructure governance at scale and across the organization with policy controls and reduced exposure to security issues.
For the new Sentinel policy-as-code capability, HashiCorp says it worked with about a dozen clients to enhance Terraform for practitioners, provide capabilities for other enterprise groups and help solve central IT issues. This is where there has beeninterest in Vault as well to include security teams in a more automated approach. Other key Vault use cases include secrets management, encryption as a service and privileged access management.
HashiCorp reports that most of its customers run applications across private clouds, public clouds and on-premises infrastructure, which is consistent with our research. The company says containers are helping customers package applications for multi-cloud and hybrid-cloud scenarios, but many are still figuring out how to run container apps in production.
For the new Sentinel policy-as-code capability, HashiCorp says it worked with about a dozen clients to enhance Terraform for practitioners, provide capabilities for other enterprise groups and help solve central IT issues. This is where there has been
HashiCorp reports that most of its customers run applications across private clouds, public clouds and on-premises infrastructure, which is consistent with our research. The company says containers are helping customers package applications for multi-cloud and hybrid-cloud scenarios, but many are still figuring out how to run container apps in production.
Competition
HashiCorp's most direct competition cuts across its four main product categories. Its Terraform infrastructure workflow and automation software competes with other popular configuration, provisioning and infrastructure automation tools such as Chef, Puppet, Red Hat's Ansible and Salt, all of which are open source with commercial versions and support available. Although it is often used with hyperscale public clouds, Terraform also vies to some extent with Amazon, Google, IBM and Microsoft with their own infrastructure automation software. Additionally, Terraform encounters cloud management platforms and software from vendors such as Cisco, CloudVelox, Dell, Pivotal, Red Hat, RightScale, Scalr and VMware.
HashiCorp's Vault privileged access and secrets management softwarecompetes with similar offerings in the market from the likes of BeyondTrust, CyberArk, Protegrity and Vormetric. Container player Docker has also added secrets management capabilities with its Docker Security Scanning and thus represents competition for Vault. With its Nomad scheduler software, HashiCorp is among the top options in the industry, but it is well behind alternatives such as Kubernetes, Docker Swarm and Mesos/Mesosphere DC/OS. Another Nomad rival is Rancher Labs, which is also often used with Kubernetes, the clear leader in the field. With its Consul service discovery software, HashiCorp mainly vies with open source software such as Zookeeper as well as homegrown approaches.
HashiCorp's Vault privileged access and secrets management software
Jay Lyman
Principal Analyst, Cloud Native and DevOps Development
Jay Lyman is a Principal Analyst with 451 Research’s Applied Infrastructure & DevOps Channel. He covers infrastructure software, primarily private cloud platforms, cloud management
Jeremy Korn
Research Associate
Jeremy Korn is a Research Associate at 451 Research. He graduated from Brown University with a BA in Biology and East Asian Studies and received
Aaron Sherrill
Senior Analyst
Aaron Sherrill is a Senior Analyst for 451 Research covering emerging trends, innovation