HashiCorp CTO talks AI strategy, Ansible tie-ins, FedRAMP

In a Q&A to wrap up HashiConf, the company's co-founder and CTO gave his outlook on HashiCorp's approach to AI, configuration management and cloud compliance.

BOSTON -- After two years of market saturation in AI hype, the topic was conspicuously absent at this week's HashiConf, and as the conference ended, one company leader explained why.

Although HashiCorp internally uses GitHub Copilot and embraced AI code generation for Terraform tests last year, what's imaginable with AI and what makes sense practically with good return on investment for users are two different things, according to HashiCorp co-founder and CTO Armon Dadgar, during a Q&A session Wednesday afternoon.

"There's a quantum leap between what I'll call demo-ware and production-ware," Dadgar said. "It's very easy to build a few API wires out to -- pick your model of choice -- and build a demo, and very hard to translate that into truly a production-grade thing you would trust."

HashiCorp is therefore treading carefully when it comes to embedding AI in its products and recommending AI use for customers, according to Dadgar.

"That's where we've been a little bit more selective on picking areas that we'll call manageable risk," he said. "A good example is generating tests for Terraform … where, if the test is wrong, it's not production-impacting. Generating Terraform [infrastructure code] and being wrong could be production impacting."

Another generative AI development is that the market focus has shifted quickly from internally training large language models to using LLMs trained and hosted by cloud hyperscalers, Dadgar said.

If you're spending $20 a month per developer, you expect [the copilot] to write everything from Java to C# to JSON to Terraform. You're not going to spend $10 a month just for the Terraform version.
Armon Dadgar Co-founder and CTO, HashiCorp

"We work behind the scenes to make sure we're providing training data, human reinforcement, documentation, all that kind of stuff into the big models, because … fundamentally, every organization is going to be a Copilot customer, or Amazon Q or Google Gemini," he said. "If you're spending $20 a month per developer, you expect it to write everything from Java to C# to JSON to Terraform. You're not going to spend $10 a month just for the Terraform version."

Still, some industry analysts at HashiConf this week were surprised HashiCorp didn't introduce ways to tie its new IT automation tools such as Terraform Stacks and HashiCorp Cloud Platform (HCP) Waypoint in with AI automation.

"Let's even get away from GenAI -- just machine learning and causal AI enhancements around provisioning and best practices and process management, process repetition -- these are interesting things [where] my customers are saying, 'Make it more intelligent; not just easier, but smarter,'" said Andi Mann, global CTO and founder of Sageable, a tech advisory and consulting firm in Boulder, Colo.

Depending on how deeply HashiCorp is absorbed into IBM, more AI integration could be forthcoming, and this year's updates could be laying the groundwork for that, Mann said.

"Terraform's ephemeral workspaces aren't AI functionality, but the idea that you can leave these highly expensive GPUs running and forget about it -- that can blow your entire IT budget in a heartbeat," Mann said. "Being able to deploy modules automatically as a stack and manage it as an ephemeral workspace -- AI workloads need some of that, maybe more than traditional workloads."

Armon Dadgar and Rosemary Wang at HashiConf
HashiCorp co-founder and CTO Armon Dadgar takes questions during a HashiConf session moderated by Rosemary Wang, right, chief developer advocate at HashiCorp.

Ansible overlap, IBM deal close loom

Another elephant in the room during this year's conference is the impending close of IBM's $6.5 billion acquisition of HashiCorp, still tied up in regulatory reviews but expected to close by the end of the year, according to public comments this week by HashiCorp CEO David McJannet.

Dadgar didn't specifically address IBM during his Q&A session but did drop a hint about deepening integration in the future between HashiCorp Terraform infrastructure as code and Ansible configuration management. Ansible is owned by IBM subsidiary Red Hat and potential overlap between the two has been a topic of speculation since the IBM deal was announced in April.

A Q&A audience member who introduced himself as a leader at a large financial institution based in Boston said his company is trying to embrace operations as code, also called everything as code, a concept embraced by Ansible in Playbooks, Rulebooks and Event-Driven Ansible.

But while infrastructure as code tends to take a declarative form, in which resources are destroyed and rebuilt rather than updated, changes made through operations as code can introduce drift in infrastructure-as-code deployments, the customer said. It's a major point of architectural distinction between HashiCorp's Terraform, which tends to be used at the lowest level of infrastructure, and Ansible, which tends to be used for higher-level configuration management.

"There can be a challenge of … how do you keep [operations as code] consistent with things like infrastructure [during] backup [or] disaster recovery?" Dadgar said. "One of the directions we want to take things like Terraform Stacks specifically, is making it a little bit more event-driven … to enable a Terraform Stack to publish events into it, and then react [with] multiple linkages of different environments."

Dadgar went on to mention Ansible specifically in his answer.

"Today, it's a bit disjointed. ... Terraform doesn't really understand configuration management or Day 2 operations as code," he said. "And so there's a bunch of stuff we want to work on next year to enable those to be much more tightly integrated, so you can have a bit more of that interlock and not have to worry about, 'Hey, I provisioned a thing here, but now it's not in my Ansible inventory or not in my Chef and Puppet, so my config management is drifting.'"

Although it's too soon to predict what this integration will look like, new HashiCorp products such as Terraform Stacks and HCP Waypoint and Ansible Playbooks represent one of the biggest areas for potential friction within IBM post-merger, said Rob Strechay, an analyst at TheCube Research.

"[HCP Waypoint] has a very interesting overlap, and I guess you could say slight co-opetition, with Playbooks and Ansible … even though it's at a lower level in the infrastructure," Strechay said. "It could be helpful to allow Ansible to focus more up the stack when the two companies come together."

Armon Dadgar second-day keynote at HashiConf
HashiCorp co-founder and CTO Armon Dadgar presents the second-day keynote at HashiConf.

HashiCorp cloud FedRamp plans reflect upmarket shift

There were also signs this week that HashiCorp is increasing its focus on bigger enterprise customers than it has previously. For example, this year's HashiConf was the first to offer a CIO-level business session track. Household name customers presenting on high-scale HashiCorp usage in business track sessions included The Hartford, Adobe and LPL Financial.

A representative from SAP Concur also appeared on the keynote stage with Dadgar Wednesday morning to discuss the company's usage of HashiCorp Vault, which Sageable's Mann noted as meaningful, calling SAP the "enterprise vendor's enterprise vendor."

"[SAP Concur's] story [was] clearly, intentionally very enterprise-y," Mann said. "Moving from open source Vault to Vault Enterprise, adopting tighter controls, better auditing, enabling larger scale, expanding self-service -- it all spoke to the challenges of enterprise scale and control."

However, during the Q&A session with Dadgar, another HashiCorp customer asked whether the company plans to beef up compliance, especially in HCP, with stringent regulations such as FedRAMP as it begins to push customers more aggressively into cloud services.

"The reality is, we sell enterprise software to enterprise companies," Dadgar said. "An enormous part of our roadmap is actually now pivoted over to that, [beginning] with data sovereignty and data residency in Europe."

FedRAMP compliance for HCP might take longer, Dadgar said, but it is part of the company's plans.

"The European region, PCI and HIPAA are larger opportunities," he said. "But FedRAMP, for example, is absolutely identified as a must-do. It's just a matter of sequencing."

Beth Pariseau, senior news writer for TechTarget Editorial, is an award-winning veteran of IT journalism covering DevOps. Have a tip? Email her or reach out @PariseauTT.

Dig Deeper on DevOps