This week we completed the release of Clusters, and while we haven’t blogged much about feature releases in the past, this one in particular is worth talking about. In this post I’ll highlight the motivation for building Clusters, the use cases for JumpWire that it unblocks, and a preview of a feature we are also moving to GA very soon.
JumpWire in the wild world
So far we’ve described topologies using JumpWire that look like a typical three-tier web application infrastructure:
However this is too simplistic a view of how software actually gets developed in a professional engineering setting.
There are multiple environments corresponding to the software development lifecycle, where changes are authored and staged before being released to production. So a more realistic picture would look like this:
Adding JumpWire to the mix
We go to great efforts to build JumpWire in a way that requires no changes to other software to interoperate with our proxies, by implementing wire protocols. This means that apps connect to JumpWire the same way they would to a database or API.
But the practice of staging changes before they are released is only beneficial if the staging environment is identical to the production environment. So our customers expect to use JumpWire in multiple environments that look the same, and Clusters enable this setup to be centrally managed:
This works great for infrastructure teams who work hard on environment parity, but what if the security team wants to test a JumpWire policy change before rolling it out to production?
We’ve added support for policies to be “Cluster aware” as well, so that a new policy can only be enforced on a particular Cluster!
This ensures that any secure data handling enforced by policies work as intended, before applying the same policy to all environments.
Neat! What else you got?
Ok, this is pretty exciting! By replacing application segmentation with logical segmentation, our customers can rapidly prototype and deploy security policies without interrupting operations.
That’s not all though, now JumpWire can also support an order of magnitude more use cases. For example, what if you want to use some production data during testing without scrubbing out sensitive information first? With clusters now you can, and there’s no need to move any data out of the production database:
Or what if you need to give engineers access to production for debugging, but can’t risk that they’ll download sensitive information? JumpWire solves this problem as well!
Now you can see the power that logical segmentation provides for serving lots of use cases across a variety of not-so-uncommon development setups. But wait, there’s one more, what if you…
…aw shucks, I can’t share that yet.