1 of 14

Zero Trust Security and Identity Management with Boundary

Suman Chakraborty�(He/Him)

VMware

2 of 14

  • Senior Cloud Native Architect @ VMware

  • Speaker at Open Source Summit (LF), Hashitalks (2021), Devops India Summit, Docker India Conference

  • Involved in tech community meet-ups and talks around DevOps, Cloud-Native tools, Kubernetes & Serverless technologies

  • Traveller & Foodie

$ whoami

3 of 14

Agenda

  • Understanding the traditional workflow for identity management

  • Challenges with the current model

  • How Boundary aims to solve the challenges in current access workflow

  • Understanding the Boundary workflow

  • Demo

4 of 14

Traditional Workflow

5 of 14

Challenges with current model

  • Offers a wider privilege connecting to systems in a private network

  • Not suited for the cloud with highly ephemeral and dynamic environments

  • Multiple credentials need to be shared which exposes security threat

  • Scaling the solutions as workforces and infrastructure grow creates additional pain points and complexity for administrators to manage.

  • Managing internal firewalls is time consuming and wasteful

  • User de-boarding is a complex process and is barely manageable for larger environments

6 of 14

Boundary to the rescue !!

Boundary offers a secure access

  • Identity management through role-based access control

  • Access automation

  • Sessions visibility

7 of 14

Inside Boundary

8 of 14

Scope Management in Boundary

9 of 14

Boundary access and session management

Initiating boundary session

Reading the target host information

10 of 14

11 of 14

Scenario 1: - Understanding boundary UI and walkthrough common setup

DEMO SCENARIOS

Scenario 2: - Walkthrough automation with Terraform and Boundary

Type

Name

Remarks

Organization

hashitaks_corp

New Organization

Users

Multiple ~ 4

Jose, Joe, Bill, Jai

Group

read-only

Group with 3 users

Roles

multiple

Read-only & Admin

Auth Method

Corp Password

New Auth Method password

Project

core_infra

New project with hashitalks_corp

Host Catalog

backend_servers

Host catalog with one host set

Host Set

backend_servers_ssh

Host set with 2 hosts

Targets

Multiple

ssh_server & backend_server

12 of 14

How Boundary addresses existing problem!

13 of 14

Resources

  • Boundary official docs - https://www.boundaryproject.io/
  • HashiCorp videos - https://www.youtube.com/watch?v=tUMe7EsXYBQ

14 of 14

Thank You !!!

https://www.linkedin.com/in/schakraborty007/

itsmesumanc