»HashiCorp Cloud Platform (HCP) Architecture

HashiCorp Cloud Platform (HCP) has two main planes for interacting with the platform- a control plane and a data plane.

»Control Plane

The control plane allows you to access the systems that control your product deployments. From the control plane, you can initiate operations such as user management, product deployment, as well as monitoring and maintenance operations. You can initiate operations in the HCP portal to interact with your deployed resources (e.g. HashiCorp Virtual Network (HVN), Consul, Vault).

»Data Plane

The data plane consists of your resource deployments on the cloud platforms you use and are managed by the HashiCorp SRE team. Since there is only one data plane, the data plane is multi-tenant. You are allowed to create as many tenants as you like. In HashiCorp terminology, each tenant is referred to as an organization, and each organization is isolated and secured from other organizations.

Each data plane component is deployed into separately managed segments on the host cloud. For HashiCorp Consul Service (HCS) on Azure, this means that we deploy a new “Managed Resource Group” for every Consul deployment. For HCP Consul, we use a managed Virtual Private Connection(VPC). This VPC is managed by HashiCorp but is unique to each user. User assets, such as Consul or Vault, are always separated into their own VPCs and never share a VPC or other components like networks. You can create as many additional VPCs as needed, but you must have at least one to deploy Consul or Vault on AWS. All of this is handled automatically for you by HCP when you create a new HVN.