13 November, 2023
July 31, 2022
How TeraSky Ensured Their Client is Future-ready with a Secure, Customized AWS and HashiCorp Vault Solution
TeraSky was approached by an Israeli cloud and network security company that develops the first Cybersecurity Experience Platform to streamline SASE through its groundbreaking ease-of-use and unified security stack and secure remote networks, based on the zero trust architecture, for organizations. Their proprietary technology replaces legacy security appliances like VPNs and firewalls. As the pandemic upended traditional work arrangements, the demand for secure remote networks – and this company’s services – skyrocketed. The growth was obviously welcome, but the sudden surge put a strain on their data management, and they were forced to adjust their current open source HashiCorp Vault system to meet the demand and to avoid outages.
The client was using HashiCorp Vault to issue certificates for internal components and end user clients, making Vault a core secret management component. However, the initial setup was not designed for the overwhelming load of their growing number of end users. Further, their concerns extended beyond today’s clients.
“Our system was frequently crashing under the strain of 30,000 end users,” a company representative explained. “We needed to find a solution that would fix our current dilemma as well as address how we would cope with the growth we were projecting, which was headed into the range of 100,000 and eventually 500,000 clients.”
The company approached HashiCorp in search of a partner and were quickly connected with TeraSky. According to HashiCorp, Greg Cooper, Vice President, EMEA Solutions Engineering, “TeraSky frequently produces some of the smartest and most creative implementations of HashiCorp products that we’ve seen. We knew that they would have the necessary expertise – both in our products and the AWS cloud that the client was already using – to achieve the required outcomes.”
TeraSky understood that the system design needed significant improvement in order to meet the demand. In addition to supporting proper scale-out for hyper growth phases, taking into account the centrality of the Secret Manager to the client’s product, reducing downtime to the minimum was important. Finally, everything would need to be encrypted and authenticated end to end; as a zero trust security company, this was one area the client could not afford to compromise.
Together, TeraSky, the client, and HashiCorp began the process of redesigning the existing Vault setup, including refactoring the AWS environment. The process involved spreading Hashicorp Vault servers across multiple Availability Zones, deploying additional disaster recovery regions, and setting up Hashicorp Performance standby servers with an auto scaling group to support the constantly growing number of customers, users and requests. Since end to end encryption and authentication (MTLS) is currently not fully supported by AWS Network LoadBalancer, Terasky creatively leveraged Hashicorp Consul Terraform Sync to dynamically reconfigure Network LoadBalancer based on the Vault Server’s health status. By collaborating between two vendors, the solution bridged the existing gaps in the current functionality.
Vault cluster diagram in a secure AWS environment as it was implemented for the client
The Bottom Line
“This company came to us with a serious need for a system overhaul to help them meet some of their most fundamental business needs,” noted Lev Andelman, TeraSky CTO and official HashiCorp Ambassador. “The project was a perfect fit for our team, and we were able to leverage both our expertise in both AWS and HashiCorp products and our close relationships with those providers to design exactly the solution to fit the bill.”
“The solution TeraSky designed and implemented has lifted a major weight off our shoulders,” added the client representative. “Now we are confident that our system can handle whatever comes next, and we are forging ahead with our growth strategy.”
Thanks to their deep expertise in both AWS and HashiCorp products, TeraSky was able to give their client a flexible, secure solution to meet their needs today and in the future.