Announcing HashiCorp Boundary 0.19: Enhancements for a Streamlined Experience
Today marks the release of HashiCorp Boundary 0.19, a significant update now accessible for HCP Boundary, Boundary Enterprise, and Boundary Community Edition. This release builds on the platform’s existing capabilities by further enhancing automatic host discovery and simplifying the configuration of Boundary worker filters. Coupled with the recent introduction of transparent sessions, these improvements underscore HashiCorp’s ongoing commitment to delivering an intuitive experience for both administrators and end users. You can access the release directly on HashiCorp’s official download page.
Understanding HashiCorp Boundary
HashiCorp Boundary serves as an identity-based secure remote access platform, designed to simplify and secure remote access to infrastructure resources, such as Linux and Windows hosts, databases, web applications, and Kubernetes clusters. Unlike traditional methods that rely on VPNs and bastion hosts, Boundary offers a more streamlined approach. It not only facilitates access connections for end users but also centrally manages credential retrieval and injection into sessions, providing a seamless passwordless experience.
The platform supports organizations in achieving compliance with standards like ISO and SOC 2, enhancing their security posture through least-privilege access and detailed logging of user activities. The logging feature is particularly robust, capturing detailed command execution during SSH sessions.
Expanding Boundary Auto-Discovery to Google Cloud
The dynamic host catalog, a feature within Boundary, automates the discovery of virtual machine resources in public clouds and synchronizes the latest details, such as names and IP addresses, with Boundary’s catalog. Previously supporting AWS EC2 instances and Azure virtual machines, this capability has now been extended to include Google Cloud Platform’s Compute Engine VM instances.
Public cloud environments are characterized by constant change, with resources being deployed, altered, or removed frequently. This dynamic nature poses challenges for administrators who must keep their privileged access management (PAM) tools current. While some PAM tools employ agents to reflect these changes, the installation, maintenance, and upgrading of these agents demand considerable effort.
Boundary’s design caters to the needs of modern, dynamic environments, taking a different approach to catalog maintenance for virtual machines across AWS, Azure, and GCP. Instead of relying on agents, Boundary leverages cloud-native tags or labels to automatically discover virtual machines, significantly reducing the administrative burden of managing agents and updating catalogs manually.
This automation extends throughout the lifecycle of virtual machines, as Boundary also removes machines from its catalog when they are destroyed or when their tags or labels are removed.
Improvement in Worker Filter Configuration
In the latest 0.19 release, the Boundary admin UI has been revamped to make it noticeably easier to select the appropriate Boundary workers for routing traffic to any given target resource. This enhancement minimizes the risk of human error during configuration, especially for new administrators.
What are Workers?
Workers in Boundary are essentially proxies through which user connections are routed to their desired target resources. Organizations might have resources spread across various availability zones, regions, networks, or even different cloud platforms, necessitating multiple workers to manage traffic routing to each target. The Boundary admin UI empowers administrators to designate which workers should handle the connection for each target resource.
Previously, selecting these workers required using a specific boolean expression, a method prone to human error. Similar challenges arose when workers were chosen to proxy connections between Boundary and a private Vault instance or when connecting to storage buckets for session recordings.
The Worker Filter Generator
The latest update addresses these configuration challenges by introducing a worker filter generator, which assists administrators in creating accurate boolean expressions for worker selection across various functions. By simply providing a name or tag that corresponds to their desired workers, administrators can generate the necessary boolean expression effortlessly. The new worker filter generator is available when configuring:
- Targets: Generate boolean expressions to select workers for proxying end-user connections to targets.
- Vault Credential Store: Select workers to proxy connections between Boundary and Vault.
- Storage Buckets: Connect workers to storage buckets for session recording.
This enhancement simplifies the configuration process within the admin UI, reducing administrative workload and the likelihood of human error.
Experience the Dynamic Host Catalog
Boundary 0.19 is now generally available for HCP Standard, HCP Plus, Boundary Enterprise, and Boundary Community users. For those interested in exploring the dynamic host catalog feature, additional information is available in the official documentation.
For Existing Boundary Users:
- Self-managed users can download Boundary 0.19.
- A tutorial on upgrading self-managed versions is available here.
- HCP Boundary users will receive notifications, and administrators can initiate updates immediately. Automatic updates occur after 30 days of release.
For New Boundary Users:
- Sign up for a free HCP Boundary account.
- Download the free Boundary Desktop client.
- Follow the getting started with HCP Boundary tutorial.
- To request a Boundary Enterprise trial, contact HashiCorp sales.
For those interested in a quick self-managed test of Boundary’s basic features, the Boundary Community edition is available for free. A comprehensive list of changes can be found in the GitHub changelog.
In conclusion, Boundary 0.19 represents a significant step forward in enhancing the platform’s usability and efficiency. By automating host discovery and simplifying worker configuration, HashiCorp continues to provide a robust solution for secure remote access in dynamic cloud environments. Whether you’re an existing user or new to Boundary, these updates offer valuable improvements to streamline your experience and bolster your security infrastructure.
For more Information, Refer to this article.