mirror of https://github.com/status-im/consul.git
188 lines
16 KiB
Plaintext
188 lines
16 KiB
Plaintext
---
|
|
layout: docs
|
|
page_title: Consul Enterprise
|
|
description: >-
|
|
Consul Enterprise is a paid offering that extends Consul Community Edition to support large and complex deployments. Learn about scaling infrastructure, simplifying operations, and making networks more resilient with Enterprise. Evaluate Enterprise features with the feature availability and compatibility matrix.
|
|
---
|
|
|
|
# Consul Enterprise
|
|
|
|
[Consul Enterprise](https://www.hashicorp.com/products/consul/)
|
|
features address the organizational complexities of collaboration, operations, scale, and governance.
|
|
If you have purchased or wish to try out Consul Enterprise,
|
|
refer to [how to access Consul Enterprise](#access-consul-enterprise).
|
|
|
|
## Enterprise features
|
|
|
|
The following features are [available in several forms of Consul Enterprise](#consul-enterprise-feature-availability).
|
|
|
|
### Multi-Tenancy
|
|
|
|
- [Admin Partitions](/consul/docs/enterprise/admin-partitions): Define administrative boundaries between tenants within a single Consul datacenter
|
|
- [Namespaces](/consul/docs/enterprise/namespaces): Define resource boundaries within a single admin partition for further organizational flexibility
|
|
- [Sameness Groups](/consul/docs/connect/config-entries/sameness-group): Define partitions and cluster peers as members of a group with identical services
|
|
|
|
### Resiliency
|
|
|
|
- [Automated Backups](/consul/docs/enterprise/backups): Configure the automatic backup of Consul state
|
|
- [Redundancy Zones](/consul/docs/enterprise/redundancy): Deploy backup voting Consul servers to efficiently improve Consul fault tolerance
|
|
- [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips): Limit gRPC and RPC traffic to servers for source IP addresses.
|
|
- [Traffic rate limiting for services](/consul/docs/connect/manage-traffic/limit-request-rates): Limit the rate of HTTP requests a service receives per service instance.
|
|
- [Locality-aware routing](/consul/docs/connect/manage-traffic/route-to-local-upstreams): Prioritize upstream services in the same region and zone as the downstream service.
|
|
|
|
### Scalability
|
|
|
|
- [Read Replicas](/consul/docs/enterprise/read-scale): Deploy non-voting Consul servers to enhance the scalability of read requests
|
|
|
|
### Operational simplification
|
|
|
|
- [Automated Upgrades](/consul/docs/enterprise/upgrades): Ease upgrades by automating the transition from existing to newly deployed Consul servers
|
|
- [Consul-Terraform-Sync Enterprise](/consul/docs/nia/enterprise): Leverage the enhanced network infrastructure automation capabilities of the enterprise version of Consul-Terraform-Sync
|
|
|
|
### Complex network topology support
|
|
|
|
- [Network Areas](/consul/docs/enterprise/federation): Support complex network topologies between federated Consul datacenters with pairwise federation rather than full mesh federation
|
|
- [Network Segments](/consul/docs/enterprise/network-segments/network-segments-overview): Support complex network topologies within a Consul datacenter by enforcing boundaries in Consul client gossip traffic
|
|
|
|
### Governance
|
|
|
|
- [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc): Manage user access to Consul through an OIDC identity provider instead of Consul ACL tokens directly
|
|
- [Audit Logging](/consul/docs/enterprise/audit-logging): Understand Consul access and usage patterns by reviewing access to the Consul HTTP API
|
|
- JWT authentication and authorization for API gateway: Prevent unverified traffic at the API gateway using JWTs for authentication and authorization on [VMs](/consul/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-vms) and on [Kubernetes](/consul/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s):
|
|
|
|
### Regulatory compliance
|
|
|
|
- [FIPS 140-2 Compliance](/consul/docs/enterprise/fips): Leverage FIPS builds of Consul Enterprise to ensure your Consul deployments are secured with BoringCrypto and CNGCrypto, and compliant with FIPS 140-2.
|
|
|
|
<Note>
|
|
|
|
FIPS 140-2 builds of Consul Enterprise support all runtimes (VMs, Kubernetes) except for Lambda and ECS. In addition, HCP does not currently support FIPS builds of Consul Enterprise.
|
|
|
|
</Note>
|
|
|
|
## Access Consul Enterprise
|
|
|
|
The method of accessing Consul Enterprise and its features depends on the whether using
|
|
HashiCorp Cloud Platform or self-managed Consul.
|
|
|
|
### HCP Consul
|
|
|
|
No action is required to access Consul Enterprise in a
|
|
[HashiCorp Cloud Platform](https://cloud.hashicorp.com/products/consul) installation.
|
|
|
|
You can try out HCP Consul for free. Refer to the
|
|
[HCP Consul product page](https://cloud.hashicorp.com/products/consul) for more details.
|
|
|
|
### Self-Managed Consul
|
|
|
|
To access Consul Enterprise in a self-managed installation,
|
|
[apply a purchased license](/consul/docs/enterprise/license/overview)
|
|
to the Consul Enterprise binary that grants access to the desired features.
|
|
|
|
Contact your [HashiCorp Support contact](https://support.hashicorp.com/) for a development license.
|
|
|
|
## Consul Enterprise feature availability
|
|
|
|
The Consul Enterprise features that are available depend on your license and the runtimes you use in your deployment.
|
|
|
|
### Feature availability by license
|
|
|
|
Available Enterprise features per Consul form and license include:
|
|
|
|
| Feature | [HashiCorp Cloud Platform (HCP) Consul] | [Consul Enterprise] | Legacy Consul Enterprise (module-based) |
|
|
| -------------------------------------------------------- | --------------------------------------- | ------------------- | ------------------------------------------------- |
|
|
| Consul servers as a managed service | Yes | No (self-managed) | No (self-managed) |
|
|
| [Admin Partitions](/consul/docs/enterprise/admin-partitions) | All tiers | Yes | With Governance and Policy module |
|
|
| [Audit Logging](/consul/docs/enterprise/audit-logging) | Standard tier and above | Yes | With Governance and Policy module |
|
|
| [Automated Server Backups](/consul/docs/enterprise/backups) | All tiers | Yes | Yes |
|
|
| [Automated Server Upgrades](/consul/docs/enterprise/upgrades) | All tiers | Yes | Yes |
|
|
| [Consul-Terraform-Sync Enterprise](/consul/docs/nia/enterprise) | All tiers | Yes | Yes |
|
|
| [Enhanced Read Scalability](/consul/docs/enterprise/read-scale) | No | Yes | With Global Visibility, Routing, and Scale module |
|
|
| [FIPS 140-2 Compliance](/consul/docs/enterprise/fips) | No | Yes | No |
|
|
| [Namespaces](/consul/docs/enterprise/namespaces) | All tiers | Yes | With Governance and Policy module |
|
|
| [Network Areas](/consul/docs/enterprise/federation) | No | Yes | With Global Visibility, Routing, and Scale module |
|
|
| [Network Segments](/consul/docs/enterprise/network-segments/network-segments-overview) | No | Yes | With Global Visibility, Routing, and Scale module |
|
|
| [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc) | No | Yes | Yes |
|
|
| [Redundancy Zones](/consul/docs/enterprise/redundancy) | Not applicable | Yes | With Global Visibility, Routing, and Scale module |
|
|
| [Sameness Groups](/consul/docs/connect/config-entries/sameness-group) | No | Yes | N/A |
|
|
| [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips) | All tiers | Yes | With Governance and Policy module |
|
|
|
|
|
|
[HashiCorp Cloud Platform (HCP) Consul]: https://cloud.hashicorp.com/products/consul
|
|
[Consul Enterprise]: https://www.hashicorp.com/products/consul/
|
|
|
|
### Feature availability by runtime
|
|
|
|
Consul Enterprise feature availability can change depending on your server and client agent runtimes.
|
|
|
|
<Tabs>
|
|
|
|
<Tab heading="Server Runtime: VMs">
|
|
|
|
| Enterprise Feature | VM Client | K8s Client | ECS Client |
|
|
|----------------------------------------------------------------------------------------------------------|:---------:|:----------:| :--------: |
|
|
| [Admin Partitions](/consul/docs/enterprise/admin-partitions) | ✅ | ✅ | ✅ |
|
|
| [Audit Logging](/consul/docs/enterprise/audit-logging) | ✅ | ✅ | ✅ |
|
|
| [Automated Server Backups](/consul/docs/enterprise/backups) | ✅ | ✅ | ✅ |
|
|
| [Automated Server Upgrades](/consul/docs/enterprise/upgrades) | ✅ | ✅ | ✅ |
|
|
| [Enhanced Read Scalability](/consul/docs/enterprise/read-scale) | ✅ | ✅ | ✅ |
|
|
| [FIPS 140-2 Compliance](/consul/docs/enterprise/fips) | ✅ | ✅ | ✅ |
|
|
| [JWT verification for API gateways](/consul/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-vms) | ✅ | ✅ | ❌ |
|
|
| [Locality-aware routing](/consul/docs/connect/manage-traffic/route-to-local-upstreams) | ✅ | ✅ | ✅ |
|
|
| [Namespaces](/consul/docs/enterprise/namespaces) | ✅ | ✅ | ✅ |
|
|
| [Network Areas](/consul/docs/enterprise/federation) | ✅ | ✅ | ✅ |
|
|
| [Network Segments](/consul/docs/enterprise/network-segments/network-segments-overview) | ✅ | ❌ | ❌ |
|
|
| [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc) | ✅ | ✅ | ✅ |
|
|
| [Redundancy Zones](/consul/docs/enterprise/redundancy) | ✅ | ✅ | ✅ |
|
|
| [Sameness Groups](/consul/docs/connect/config-entries/sameness-group) | ✅ | ✅ | ✅ |
|
|
| [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips) | ✅ | ✅ | ✅ |
|
|
| [Traffic rate limiting for services](/consul/docs/connect/manage-traffic/limit-request-rates) | ✅ | ✅ | ✅ |
|
|
|
|
</Tab>
|
|
|
|
<Tab heading="Server Runtime: Kubernetes">
|
|
|
|
| Enterprise Feature | VM Client | K8s Client | ECS Client |
|
|
|---------------------------------------------------------------------------------------------------------------| :-------: | :--------: | :--------: |
|
|
| [Admin Partitions](/consul/docs/enterprise/admin-partitions) | ✅ | ✅ | ✅ |
|
|
| [Audit Logging](/consul/docs/enterprise/audit-logging) | ✅ | ✅ | ✅ |
|
|
| [Automated Server Backups](/consul/docs/enterprise/backups) | ✅ | ✅ | ✅ |
|
|
| [Automated Server Upgrades](/consul/docs/enterprise/upgrades) | ❌ | ❌ | ❌ |
|
|
| [Enhanced Read Scalability](/consul/docs/enterprise/read-scale) | ❌ | ❌ | ❌ |
|
|
| [FIPS 140-2 Compliance](/consul/docs/enterprise/fips) | ✅ | ✅ | ✅ |
|
|
| [JWT verification for API gateways](/consul/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s) | ✅ | ✅ | ❌ |
|
|
| [Locality-aware routing](/consul/docs/connect/manage-traffic/route-to-local-upstreams) | ✅ | ✅ | ✅ |
|
|
| [Namespaces](/consul/docs/enterprise/namespaces) | ✅ | ✅ | ✅ |
|
|
| [Network Areas](/consul/docs/enterprise/federation) | ✅ | ✅ | ✅ |
|
|
| [Network Segments](/consul/docs/enterprise/network-segments/network-segments-overview) | ❌ | ❌ | ❌ |
|
|
| [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc) | ✅ | ✅ | ✅ |
|
|
| [Redundancy Zones](/consul/docs/enterprise/redundancy) | ❌ | ❌ | ❌ |
|
|
| [Sameness Groups](/consul/docs/connect/config-entries/sameness-group) | ✅ | ✅ | ✅ |
|
|
| [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips) | ✅ | ✅ | ✅ |
|
|
| [Traffic rate limiting for services](/consul/docs/connect/manage-traffic/limit-request-rates) | ✅ | ✅ | ✅ |
|
|
</Tab>
|
|
|
|
<Tab heading ="Server Runtime: HCP">
|
|
|
|
| Enterprise Feature | VM Client | K8s Client | ECS Client |
|
|
| ----------------------------------------------------------------------- | :-------: | :--------: | :--------: |
|
|
| [Admin Partitions](/consul/docs/enterprise/admin-partitions) | ✅ | ✅ | ✅ |
|
|
| [Audit Logging](/consul/docs/enterprise/audit-logging) | ✅ | ✅ | ✅ |
|
|
| [Automated Server Backups](/consul/docs/enterprise/backups) | ✅ | ✅ | ✅ |
|
|
| [Automated Server Upgrades](/consul/docs/enterprise/upgrades) | ✅ | ✅ | ✅ |
|
|
| [Enhanced Read Scalability](/consul/docs/enterprise/read-scale) | ❌ | ❌ | ❌ |
|
|
| [FIPS 140-2 Compliance](/consul/docs/enterprise/fips) | ❌ | ❌ | ❌ |
|
|
| [JWT verification for API gateways](/consul/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-vms) | ✅ | ✅ | ❌ |
|
|
| [Locality-aware routing](/consul/docs/connect/manage-traffic/route-to-local-upstreams) | ✅ | ✅ | ✅ |
|
|
| [Namespaces](/consul/docs/enterprise/namespaces) | ✅ | ✅ | ✅ |
|
|
| [Network Areas](/consul/docs/enterprise/federation) | ❌ | ❌ | ❌ |
|
|
| [Network Segments](/consul/docs/enterprise/network-segments/network-segments-overview) | ❌ | ❌ | ❌ |
|
|
| [OIDC Auth Method](/consul/docs/security/acl/auth-methods/oidc) | ❌ | ❌ | ❌ |
|
|
| [Redundancy Zones](/consul/docs/enterprise/redundancy) | n/a | n/a | n/a |
|
|
| [Sameness Groups](/consul/docs/connect/config-entries/sameness-group) | ✅ | ✅ | ✅ |
|
|
| [Server request rate limits per source IP](/consul/docs/agent/limits/usage/limit-request-rates-from-ips) | ✅ | ✅ | ✅ |
|
|
| [Traffic rate limiting for services](/consul/docs/connect/manage-traffic/limit-request-rates) | ✅ | ✅ | ✅ |
|
|
|
|
</Tab>
|
|
</Tabs>
|