Truth in IT
    • Sign In
    • Register
        • Videos
        • Channels
        • Pages
        • Galleries
        • News
        • Events
        • All
Truth in IT Truth in IT
  • Data Management ▼
    • Converged Infrastructure
    • DevOps
    • Networking
    • Storage
    • Virtualization
  • Cybersecurity ▼
    • Application Security
    • Backup & Recovery
    • Data Security
    • Identity & Access Management (IAM)
    • Zero Trust
    • Compliance & GRC
    • Endpoint Security
  • Cloud ▼
    • Hybrid Cloud
    • Private Cloud
    • Public Cloud
  • Webinar Library
  • TiPs
  • DRAW

HashiCorp: Automating vSphere Templates with Packer & Terraform

HashiCorp
04/09/2026
0 (0%)
Share
  • Comments
  • Download
  • Transcript
Report Like Favorite
  • Share/Embed
  • Email
Link
Embed

Transcript


I'm one of the solution engineers here at HashiCorp and today I want you to imagine a world where every minute saved on VM template creation and utilization is a minute you earn For working on some type of new innovation or freeing you up some time to increase your security posture Resolve some kind of environment stability issue Today, I want to talk about revolutionary Revolutionizing vSphere VM management my aim by the end of this session is for you all to gain a little deeper insight into how Packet and Terraform can streamline and enhance Your workflows for creating and utilizing vSphere templates because the thing is most people are managing vSphere templates Inefficiently now just to be super clear on this statement It's not meant to undermine the talent and hard work of our VI admins Instead it's a recognition of the intricate and challenging environment that they work within daily To unpack this a little I want to talk about two particular personas Anita our VI administrator and Scott a developer who just wants to focus on writing and testing application code So let's unfold the narrative of what a common template pattern for both these personas looks like that I've seen numerous times We start with Anita who is our VI administrator now Anita has the responsibility of creating a base template So to do so Anita will need to log into the vCenter UI This allows Anita to have a platform where templates can be created Now Anita's workflow surrounding vSphere templates and the organization stands is heavily reliant on manual effort Involving a multitude of tasks that are both time-consuming and prone to human error First Anita needs to log in with the right account and the right permissions She needs to initialize come up with some type of naming convention for this template She needs to select the right cluster network data store Now comes probably the slowest part which is actually installing the operating system without VMware tools, which can be cumbersome next we have to patch maybe get security involved to patch and make sure it's the right pro level and Then we shut down the VM convert it to a template and then finally we notify our consumers However, if Anita had multiple vCenter servers to manage distinct isolated environments So think you're think you're like your dev test production kind of scenario This compounds the complexity the management overhead and the operational response time Now once the templates created it's over to Scott our developer who can now use it for his application development So Scott's workflow for workflow for utilizing this template looks a little like this First Scott has two options either eats needs to understand the vSphere UI or API or Alternatively, which is a more common approach. He raises a ticket to time some type of system and utilizes a self-service portal In either scenario once the beam is cloned and powered on usually there's a bunch of post provisioning steps that need to occur So Scott has to wait Because we've completed because we haven't completed any real customization on that base template being used that Anita created and that's because Customization is routinely performed after the creation without any integrated early build process Once this has occurred and the initial setup has been completed now Scott gets to do his responsibility that install then up the necessary application injecting configuration files However, even this step introduces a level of complexity keeping track of the configurations applied to this instance of this machine Can be a puzzle determining which version of a template he was utilizing There's another instance. This couldn't quickly become a source of confusion Now I would say there's a few areas in this workflow that could be improved and it might be obvious but the manual process of creating and managing vSphere templates is slow and Challenging burdened by that GUI driven approach It really isn't scalable the tasks Anita had to complete was for creating one base template in one environment Now this would be need to be repeated for any other operating systems Anita supports because we're only talking about one template thus far There's an absence of template layering which can impede prompt security response affecting agility and addressing vulnerabilities From Scott's workflow, there's an uncertainty of what type of template he was using at what time waiting for some type of notification notification from Anita or when a new templates available can be challenging and That post VM provisioning customization that I spoke about lowers the reliability of an inch of chance of an increased failure During Scott's requested workflow. So this begs the question. Is there a better workflow? How do we streamline and automate vSphere templates with Packer? Let's quickly discuss some of the fundamental and foundational solutions that we're going to use from now on. So first is Packer. So Packer Standardizes and automates the process of building systems and container images. It's what will create our templates Which can then be leveraged and managed through HCP Packer Which stores just the metadata about the artifacts that we create with Packer So HCP Packer is really the bridging the gap between artifact creation and Deployment by allowing cross organizational teams to create manage and consume artifacts using a centralized consistent Standardized workflow and then finally terraform So everyone should be familiar and love terraform terraform is the infrastructure as code solution that enables you to safely and predictably provision resources with those imaged artifacts into any cloud So let's take a look at a workflow where we use HashiCorp Packer and terraform where we gain the benefits of automation Consistency versioning and so on this time We're going to use a pipeline if you've never heard of github actions Github actions is an automation tool that basically allows you to simply build test and deploy your code This is a strategic change to leverage a pipeline This becomes a single well-designed workflow that Anita has to establish once and then can it can perform Consistently on her behalf the efficiency gain translates to scalability instead of being constrained to manually craft one Template at a time we can now orchestrate the creation of multiple packet images Concurrently and that's at the heart of scalability doing more with less expanding our capabilities without proportionally increasing our efforts In our pipeline, we've distilled the process into a few series straightforward steps First is simply selecting the image we want to build. Do we want to build one base operating system image? Do we want to build multiple base operating system images or do we want to build multiple application images? It's quite simple. The next is initializing with the packet init command This command is really going to be the first command you ever run with Packer and it essentially just downloads the plug-in binaries Then we execute the Packer build. This is the workhorse and the main process It's basically taking our predefined settings that we have defined in code and using them to produce a suite of artifacts like templates Then we can leverage if we want to Packer provisioners This allows you to enhance it into you know Third-party products and solutions to say I want to execute necessary software onto this up onto this operating system apply system updates Maybe configure certain settings that meet operational standards. And then finally we just register with HTTP Packer So this is the system of recording the metadata about our artifacts You know the creation time, the associated platform, the git commit that correlates to the build. This repository ensures There's traceability Accountability and reproducibility across our pipeline Now let's reintroduce Scott again Our developer who's going to leverage the power of HTTP Packer through Terraform to build the infrastructure he requires We're also going to introduce Jane another skilled developer on the team Jane's workflow is similar to Scott's but there's a key difference Jane wants to use a different version to her builds and that is what HTTP Packer Channels lets you do. A channel allows you to label an artifact with it describe the quality and stability of a build so Scott may want to use the latest channel always integrating with the most recent updates and Features where Jane may want to use the LTS version or the long-term support channel Which offers greater stability and longer intervals between upgrades They can simply use the desired Terraform module to build their virtual machine and then utilize Terraform cloud to direct on their laptops To execute the plan and apply for their infrastructure. So let's have a look at what that looks like in the real world So I'm going to click off over to GitHub where we're going to talk about our action though I spoke about that pipeline. So this is a repository called Packer images It's publicly available more than happy to give this to you guys after the session But basically inside this repository is our code to use Packer I've got an action that we mentioned and I've broken that into two different pipelines or workflows one for base images that will build off an ISO and application images that will clone off the base and leverage what we've done with our base image and just then Layer it with the applications. So this is really easy and simple to use Normally you would schedule your workflows to run on a scheduled process and that's what I have in this environment But for today in the demo, I'm gonna override that and say let's just go and build the latest and greatest Postgres machine so I can click on a particular image that I want to build and click run workflow Now that's going to go and trigger but as I said, you could have this scheduled to say let's execute every Sunday night at 10 o'clock So then following week we have new greatest latest patched templates for our developers to use Now it's been executed by the fact that there's a little anvil dot here So I can click on that particular flow and we can see that our pipeline has executed if I click on it We'll see some information about our build so we can see that we've ran a command called make Ubuntu 2204 underscore Postgres and that's executed the Packer initialize and Packer build commands that I mentioned earlier We're gonna deep dive a little bit further into what that looks like But really what's happening right now is this post this pipeline has gone to execute my pipeline Communicate with the vSphere server and go and build a virtual machine for me inside vSphere So we'll let that go for a little bit and see how we how we progress Let's go over and have a look at the actual underlying Packer images Packer files So what I've got now is Visual Studio Code and this is just a cloned version of that repository that I just showed you So inside the dot github folder, I have those two pipelines in code in YAML inside here There's not too much to really talk about specifically but the fact that I'm executing a pipeline and I'm just executing a makefile and Selecting the image is the key piece of this pipeline Under the hood that makefile is executing our Packer initialize and our Packer build command that you saw in the pipeline What we're doing is we're passing in a Postgres Specific variables file as well as telling it to go and get the additional configuration for Packer inside a directory called builds Linux Ubuntu 2.2.0.4 So let's go and see how Packer is using those files. If I go further into builds Linux Ubuntu 2.2.0.4 There's two key Packer files that I want to mention. The first is our build.packer.html file This file is really defining the plugins that we want to leverage The first one being that vSphere plugin the second may be some type of provisioner like our Ansible plugin that allows me to specify A playbook that I want to execute as part of my provisioning of my template process The last piece in this file is the HCP Packer registry block and this allows me to say after the Packer process is complete Go and register it with HCP Packer and store some metadata about that image This might be the bucket name, which is basically a label as well as any other bits of information about the the image The second file is the sources .packer.html file. In here There's again a little bit of information that we want to focus on. One is the source block So I have a vSphere-iso block So if I want to build a machine from complete scratch like my base images that would be leveraging this block Alternatively, I can also leverage the let me Get to it the The vSphere-clone block so that allows me to execute a clone of an existing template In either scenario, all we're defining inside these files is one How do we connect to vSphere? Where do we want to build the machine? What data center? What cluster? What data store? What folder? And any additional virtual machine configuration that we want to specify as part of our Machine build. So this could be do we want to convert it to a template? Yes or no? True or false? What's the CPU memory? What's the storage configuration? The network configuration? Where's the ISO to go and mount this machine to? And any additional pieces of information about the template that I want to build? They're the two main files that Packer will leverage to go and build a machine The last is basically that variables file and that variables file is a unique to each image that I want to build and so in Postgres all I'm doing is passing it a role which relates to the Ansible playbook to Execute that role called Postgres will go and execute a Ansible playbook that goes and installs Postgres So let's go and take have a look at see what's happened and our image is built That's as quickly as it takes to go and build a new template So we've completed our machine template process and we're good to go. Now. What does that look like from a HCP point of view? So I'm gonna now select over to HCP and this is where HCP Packer has this concept of buckets There's a lot of information here I want to go through some of the fundamentals just to get you familiar The first one is this concept of a bucket. So these buckets are the logical Relationship between those images that I just built. So if we look at our Postgres ubuntu-2204 I can click on that bucket and it's going to give me some information First what is the latest version of a template that I can use so I have version 54 It was created at 144. So a couple of minutes ago and it's active I can go into versions and see other versions that I may have available and you can see here This is where that concept of a channel comes in I have two versions of a Postgres template version 48 Which is the stable or maybe the LTS version and then I have version 54, which is the latest version What that means now is that I can leverage Terraform to consume this template without needing to know any Specific concepts or pieces of information inside vSphere. If I want to do that, that's really simple I can go to use with Terraform and get the data source block that tells me how to leverage this inside Terraform So if I want to modify this I could select what channel to use the latest or the stable and all that's gonna change is This block is going to be dynamic to tell me which piece of information to update on so let's say we want to use the latest I could simply copy that and Now we could go back to Visual Studio Code Where I have two example repositories for Scott and Jane that are using Terraform So in this example here both these directories both these folders are exactly the same thing They're basically some Terraform code to go and build a vSphere machine The important piece here is I can leverage that HCP packer registry to say this is the template I want to use so I could just put that in there and then specify the template for this vSphere virtual machine module to go and leverage that particular Identifier that means from Scott and Jane's perspective They can just do their traditional Terraform apply command and it's going to go and build a machine via Terraform cloud and Use the template that is available from the organization's perspective That is the latest and greatest version or a stable version that they want to use Jane again can do the exact same thing. The only difference is she's using the stable version So again, if I click to Jane's command, I can do Terraform apply and that's going to go and off to the races build my machines for me and That's really as simple as it gets when it comes to consuming Terraform via HCP packer so Why was that much? Why was that much more efficient than previously? Well, the beauty of the automated template pattern is that it liberates a native from the manual toil instead of being bogged down by repetitive Tasks a native is now free to focus on that higher value work the automation not only streamlines the process But ensures this consistency Reducing the potential for human error and accelerates the overall delivery From Scott and Jane's perspective They get to use the power of HTTP packet channels for their delete before their development environments allowing them to choose different Versions of a template like the latest or the LTS or the stable version The key aspect from a developer's point of view is that they can leverage Terraform for vSphere environments just like they have used for public cloud environments And as we transition from on-prem environment, maybe to an AWS environment The process remains comfortably familiar for Scott and Jane the seamless integration with HTTP packer ensures that the switch to a different cloud is Just a matter of specifying a new endpoint It's the same dependable pattern no matter which cloud they choose because you can have multiple clouds But you can't have two ways of operating them so to summarize Hopefully what you've seen today is a portion of the HashiCorp solutions and there's three key themes that we focus on cost control Risk mitigation and increased developer productivity from cost we can think about the operational cost We're taught we are taking while manually conducting all those image related tasks across different environments We can mitigate risk by ensuring our images meet security standards before they even leave the door rather than trying to patch Afterwards we can build the patching process as we build our templates through packer and for speed we can let our developers focus on their core task innovating not waiting for infrastructure needed to support their efforts and That's it from a presentation today. If you have any questions regarding this presentation, please reach out afterwards as well If there's anything comes up afterwards more than happy to discuss

TL;DR

  • Traditional vSphere template management is inefficient, requiring manual GUI-driven processes for creation, lacking versioning, and forcing developers to wait for post-provisioning customization.
  • HashiCorp Packer automates template creation through code-driven pipelines, enabling concurrent builds, scheduled patching, and integration with provisioning tools like Ansible for standardized configurations.
  • HCP Packer provides centralized metadata management with channel-based versioning (latest vs. LTS), allowing different teams to consume appropriate template versions without tracking complexity.
  • Terraform integration enables developers to provision VMs using familiar infrastructure-as-code patterns, with consistent workflows across vSphere and public cloud environments.
  • The automation approach delivers cost savings through reduced operational overhead, improved security posture by building compliance into templates, and faster developer velocity by eliminating infrastructure wait times.

The Manual Template Problem

This presentation addresses the inefficiencies in traditional vSphere template management through the lens of two personas: Anita, a VI administrator, and Scott, a developer. Anita's workflow involves logging into vCenter UI, manually configuring templates with proper naming conventions, selecting clusters and datastores, installing operating systems without VMware tools, patching, and converting VMs to templates—a process that becomes exponentially more complex when managing multiple isolated environments. Scott's experience is equally frustrating, requiring either mastery of the vSphere UI/API or raising tickets through self-service portals, followed by waiting for post-provisioning customization steps. The lack of template versioning creates confusion about which template version is in use, while the absence of integrated build processes means customization happens after creation rather than during it. This manual, GUI-driven approach is slow, not scalable, lacks template layering for security response, and introduces uncertainty and reliability issues for developers.

Automation Through HashiCorp Packer and HCP

The solution leverages HashiCorp Packer to standardize and automate system image creation, integrated with HCP Packer for centralized metadata management and Terraform for infrastructure provisioning. The demonstration showcases a GitHub Actions pipeline that replaces manual workflows with a repeatable, code-driven process. The pipeline executes four key steps: selecting which images to build (base OS or application images), initializing with 'packer init' to download plugin binaries, executing 'packer build' with predefined settings, and registering artifacts with HCP Packer for traceability. Packer configuration files define vSphere connection details, build locations, VM specifications, and provisioning steps using tools like Ansible. The critical innovation is HCP Packer's channel system, which allows teams to label artifacts by quality and stability—Scott can consume the 'latest' channel for cutting-edge updates while Jane uses the 'LTS' channel for stability. This approach enables concurrent template creation, scheduled builds (like Sunday night patching runs), and eliminates the manual toil that previously constrained VI administrators.

Developer Experience and Multi-Cloud Consistency

From the developer perspective, Terraform integration with HCP Packer transforms VM provisioning into a familiar, cloud-agnostic workflow. Developers use Terraform data sources to reference HCP Packer buckets and channels, eliminating the need to understand vSphere-specific details or track template versions manually. The demonstration shows how Scott and Jane can execute 'terraform apply' commands that automatically pull the appropriate template version based on their chosen channel, with Terraform Cloud handling the execution. This pattern remains consistent whether deploying to vSphere or AWS—only the endpoint changes, not the operational model. The presentation emphasizes three core benefits: cost control through reduced operational overhead, risk mitigation by building security and patching into the template creation process rather than applying it afterward, and increased developer productivity by removing infrastructure wait times. The automation liberates administrators from repetitive tasks while giving developers self-service capabilities within guardrails defined by the organization's template standards.

Chapters

0:00 - Introduction and Problem Statement
1:11 - Traditional Template Workflow: Anita's Manual Process
2:36 - Developer Perspective: Scott's Challenges
4:51 - Solution Overview: Packer and HCP
5:56 - Automated Pipeline Workflow
8:04 - HCP Packer Channels for Version Management
9:04 - Live Demo: GitHub Actions Pipeline
11:02 - Packer Configuration Deep Dive
14:29 - HCP Packer Buckets and Metadata
16:00 - Terraform Integration for Developers
17:20 - Benefits and Summary

Key Quotes

0:07 "I want you to imagine a world where every minute saved on VM template creation and utilization is a minute you earn for working on some type of new innovation or freeing you up some time to increase your security posture ..."
1:40 "Anita's workflow surrounding vSphere templates and the organization stands is heavily reliant on manual effort involving a multitude of tasks that are both time-consuming and prone to human error ..."
6:27 "Instead of being constrained to manually craft one template at a time we can now orchestrate the creation of multiple packet images concurrently and that's at the heart of scalability doing more with less expanding our capabilities without proportionally increasing our efforts ..."
8:33 "A channel allows you to label an artifact with it describe the quality and stability of a build so Scott may want to use the latest channel always integrating with the most recent updates and features where Jane may want to use the LTS version or the long-term support channel which offers greater stability and longer intervals between upgrades ..."
18:24 "You can have multiple clouds but you can't have two ways of operating them ..."
18:57 "We can mitigate risk by ensuring our images meet security standards before they even leave the door rather than trying to patch afterwards we can build the patching process as we build our templates through packer ..."
Categories:
  • » Cybersecurity » Application Security
  • » Data Management » DevOps
  • » Cybersecurity » Cloud Security
  • » Data Protection
Channels:
News:
Events:
Tags:
  • Cloud Security
  • DevSecOps
  • Technical Deep Dive
  • Demo
  • Best Practices
  • vSphere template automation
  • Infrastructure as Code
  • VM lifecycle management
  • CI
  • CD for infrastructure
  • Template versioning and channels
  • Multi-cloud consistency
  • DevOps automation
Show more Show less

Browse videos

  • Related
  • Featured
  • By date
  • Most viewed
  • Top rated
  •  

              Video's comments: HashiCorp: Automating vSphere Templates with Packer & Terraform

              Upcoming Webinar Calendar

              • 07/09/2026
                01:00 PM
                07/09/2026
                The HUMAN Experience: Empowering Agentic Trust in Practice
                https://www.truthinit.com/index.php/channel/2026/the-human-experience-empowering-agentic-trust-in-practice/
              • 07/14/2026
                01:00 PM
                07/14/2026
                Crafting a Championship-Worthy Security Team for Unmatched Defense
                https://www.truthinit.com/index.php/channel/2025/crafting-a-championship-worthy-security-team-for-unmatched-defense/
              • 07/14/2026
                02:00 PM
                07/14/2026
                Understanding the Crucial Role of Context in Safeguarding AI-Accessible Data
                https://www.truthinit.com/index.php/channel/2037/understanding-the-crucial-role-of-context-in-safeguarding-ai-accessible-data/
              • 07/21/2026
                04:00 AM
                07/21/2026
                Strategies for Managing AI Governance and Securing App-to-LLM API Traffic
                https://www.truthinit.com/index.php/channel/1967/strategies-for-managing-ai-governance-and-securing-app-to-llm-api-traffic/
              • 07/22/2026
                06:30 AM
                07/22/2026
                Insights and Strategies for Effective Data Privacy and Protection
                https://www.truthinit.com/index.php/channel/2000/insights-and-strategies-for-effective-data-privacy-and-protection/
              • 07/22/2026
                01:00 PM
                07/22/2026
                Insights from Attackers During the FIFA World Cup: A HUMAN Dialogue
                https://www.truthinit.com/index.php/channel/2029/insights-from-attackers-during-the-fifa-world-cup-a-human-dialogue/
              • 07/28/2026
                01:00 PM
                07/28/2026
                Illumio + Netskope: Zero Trust in the Age of AI Autonomy
                https://www.truthinit.com/index.php/channel/2031/illumio-netskope-zero-trust-in-the-age-of-ai-autonomy/
              • 07/29/2026
                04:00 AM
                07/29/2026
                Real-Time Strategies for Safeguarding Against Prompt Injections
                https://www.truthinit.com/index.php/channel/1968/real-time-strategies-for-safeguarding-against-prompt-injections/
              • 07/29/2026
                12:00 PM
                07/29/2026
                Unified Data Security in Action: Uncover, Analyze, and Resolve Threats
                https://www.truthinit.com/index.php/channel/2045/unified-data-security-in-action-uncover-analyze-and-resolve-threats/
              • 07/29/2026
                01:00 PM
                07/29/2026
                Ask Your Cloud Anything: Unlocking Governance Silos in your Environments
                https://www.truthinit.com/index.php/channel/2048/ask-your-cloud-anything-unlocking-governance-silos-in-your-environments/
              • 08/19/2026
                12:00 PM
                08/19/2026
                Becoming Agent Ready: Insights from Cyera's Expertise
                https://www.truthinit.com/index.php/channel/2036/becoming-agent-ready-insights-from-cyeras-expertise/
              • 09/30/2026
                04:00 AM
                09/30/2026
                AI Command Center: Optimizing Visibility and Control in Your Operations
                https://www.truthinit.com/index.php/channel/2024/ai-command-center-optimizing-visibility-and-control-in-your-operations/

              Upcoming Events

              • Jul
                09

                The HUMAN Experience: Empowering Agentic Trust in Practice

                07/09/202601:00 PM ET
                • Jul
                  14

                  Crafting a Championship-Worthy Security Team for Unmatched Defense

                  07/14/202601:00 PM ET
                  • Jul
                    14

                    Understanding the Crucial Role of Context in Safeguarding AI-Accessible Data

                    07/14/202602:00 PM ET
                    • Jul
                      21

                      Strategies for Managing AI Governance and Securing App-to-LLM API Traffic

                      07/21/202604:00 AM ET
                      • Jul
                        22

                        Insights and Strategies for Effective Data Privacy and Protection

                        07/22/202606:30 AM ET
                        More events
                        Truth in IT
                        • Sponsor
                        • About Us
                        • Terms of Service
                        • Privacy Policy
                        • Contact Us
                        • Preference Management
                        Desktop version
                        Standard version