kosmin - Fotolia

HashiCorp Vault maturity prompts strategy speculation

HashiCorp is valued at $1.9 billion for its IT management software, such as Vault 1.0, and the IBM-Red Hat merger has set off speculation about the firm's future.

HashiCorp Vault 1.0 and a fresh $100 million funding round marked major milestones in the past two weeks for the IT industry's top remaining independent open source vendor following IBM's Red Hat buy.

HashiCorp's raised profile led some industry watchers to wonder if it might follow Red Hat as the next ripe acquisition target for big vendors hungry to get in on open source IT management tools that handle workloads among multiple cloud locations. HashiCorp's $100 million Series D funding round this week dwarfs the company's previous total investments of $74 million and boosts the company's valuation to $1.9 billion.

"I'd be shocked if someone doesn't try to acquire them. After Red Hat, it seems like HashiCorp is the next target," said Jeremy Pullen, CEO and principal consultant at Polodis Inc., a DevSecOps and Lean management advisory firm in Tucker, Ga., that works with large enterprise clients.

Analysts are skeptical HashiCorp will be acquired after such a large funding round, but given Red Hat's $34 billion price tag, don't rule it out. HashiCorp Vault, in particular, is a potential prize for a would-be buyer. The tool automates often-complex security operations -- particularly secrets management -- in distributed environments, which enterprises value, because it lets them move to modern architectures with less risk.

"The biggest value that I think might drive an acquisition is Vault and the security management angle," said Edwin Yuen, analyst at Enterprise Strategy Group in Milford, Mass. "We consistently see security as a driver for concerns across IT and cloud, and secrets management is an area that I haven't seen given much focus from major providers yet."

In addition to Vault 1.0, Pullen cited HashiCorp's Consul Connect multi-cloud network segmentation product, with its automated Transport Layer Security certificate rotation feature, as another temptation for a potential buyer.

HashiCorp Vault 1.0 raises questions about open source business model

HashiCorp Vault Enterprise, released in 2016, was the company's first commercial product, and it followed the release of open source Vault in 2015. It was later joined by a collection of IT operations tools: Packer, an image builder; Vagrant, a virtual software development environment builder; Terraform, an infrastructure-as-code tool; Nomad, a distributed workload scheduler; Serf, a service orchestration and management tool; Consul, a service discovery key-value store; and Sentinel, which scans Terraform code for security vulnerabilities.

All of the tools are open source, but several of them -- Vault, as well as Terraform, Nomad and Consul -- come in Enterprise versions for a license fee, often with additional premium features that are later released to open source.

All of HashiCorp's tools are used in large enterprise shops with heterogeneous environments to automate infrastructure provisioning and manage application distribution. But Vault, in particular, has won loyalty from enterprises, because it makes distributed security management easy to automate and manage in highly complex, ephemeral cloud and microservices environments.

Vault 1.0 burnishes these features with added support for quickly generated bash tokens in ephemeral infrastructures such as serverless computing environments and very high-scale batch processes. But the item that turned users' heads at the company's annual HashiConf in San Francisco this month was Vault's auto-unseal feature, which was released to open source with version 1.0.

Auto-unseal, previously available only with the Vault Enterprise product, enables users to set up and tear down the HashiCorp Vault software without manual intervention. Users of the open source version made their way without this feature, but it wasn't easy.

I'd be shocked if someone doesn't try to acquire them. After Red Hat, it seems like HashiCorp is the next target.
Jeremy PullenCEO and principal consultant, Polodis

"It was always an issue for us when we spun up a new Vault instance and managed the lifecycle of that instance, which we wanted to regard as disposable," said Rick Rackow, site reliability engineer for the DevOps team at eBay Classifieds Group's global motors vertical division in Germany. "There was no other sane way to automate it without risking security."

Rackow's team previously used Vault Enterprise, but switched to the open source version in 2017 when pricing changes made Vault Enterprise a "seven-figure number" for license renewal, he said. The eBay Classifieds management continues to discuss pricing with HashiCorp, but "the only thing we were using Vault Enterprise for was auto-unseal, and we can pay six engineers to unseal Vaults all year long for that price," Rackow said.

Rackow said he was happy the feature would now be available without a Vault Enterprise license, but it's not lost on him that a major Vault Enterprise selling point is now off the table for HashiCorp.

"It's extremely hard for almost every [open source IT management tool vendor] to find a good way to monetize while staying open source and having many people use their software," Rackow said. "It's a tough business decision."

HashiCorp exit strategy an open question

Armon Dadgar and Mitchell Hashimoto of HashiCorp
Armon Dadgar, left, and Mitchell Hashimoto, founders and co-CTOs of HashiCorp

Red Hat has typically been the poster child for open source business success. But after its acquisition, will HashiCorp follow suit? Company founders and co-CTOs Mitchel Hashimoto and Armon Dadgar were noncommittal when asked this question -- one they get frequently -- at HashiConf.

"Employees always ask this question, and the answer has always been that we don't want to put all our eggs in one basket and do a 'Hail Mary' cash burn in the hopes we'll get bought," Hashimoto said. "Our core model is to be a self-sustaining business. That way every option is open to [us.]"

As for eBay Classifieds' pricing woes, Dadgar said the vendor has continually experimented with its pricing models, but doesn't always get it right for individual customers. However, he pointed out that HashiCorp's target customers for enterprise licenses are blue-chip players in the Global 2000, rather than smaller teams and departments within larger entities, such as Rackow's team.

Moreover, when HashiCorp evaluated whether to make Vault auto-unseal open source nine months ago, in response to demand from open source users, it found the chief differentiating feature for Vault Enterprise among Global 2000 shops was global replication, not Vault auto-unseal, Hashimoto said.

The company also disclosed at HashiConf that it plans a Vault Advisor service to automatically generate security policies for customers based on their individual IT infrastructure type and corporate appetite for risk. The company will recruit beta testers starting this month, Dadgar said in a keynote presentation.

A presentation by Hashimoto also revealed that, on the container management front, Vault integration with Kubernetes secrets, persistent storage FlexVolumes, and Helm charts for automated Vault deployment is planned by the end of 2018.

Dig Deeper on Systems automation and orchestration

Software Quality
App Architecture
Cloud Computing
Data Center