1--- 2layout: docs 3page_title: Service Mesh 4description: |- 5 Consul Connect provides service-to-service connection authorization and 6 encryption using mutual TLS. 7--- 8 9# Connect 10 11Consul Connect provides service-to-service connection authorization and 12encryption using mutual Transport Layer Security (TLS). Applications can use 13[sidecar proxies](/docs/connect/proxies) in a service mesh configuration to 14establish TLS connections for inbound and outbound connections without being aware 15of Connect at all. Applications may also [natively integrate with Connect](/docs/connect/native) 16for optimal performance and security. Connect can help you secure your services and provide data 17about service-to-service 18communications. 19 20Review the video below to learn more about Consul Connect from HashiCorp's co-founder Armon. 21 22<iframe 23 src="https://www.youtube.com/embed/8T8t4-hQY74" 24 frameborder="0" 25 allowfullscreen="true" 26 width="560" 27 height="315" 28></iframe> 29 30## Application Security 31 32Connect enables secure deployment best-practices with automatic 33service-to-service encryption, and identity-based authorization. 34Connect uses the registered service identity (rather than IP addresses) to 35enforce access control with [intentions](/docs/connect/intentions). This 36makes it easier to reason about access control and enables services to be 37rescheduled by orchestrators including Kubernetes and Nomad. Intention 38enforcement is network agnostic, so Connect works with physical networks, cloud 39networks, software-defined networks, cross-cloud, and more. 40 41## Observability 42 43One of the key benefits of Consul Connect is the uniform and consistent view it can 44provide of all the services on your network, irrespective of their different 45programming languages and frameworks. When you configure Consul Connect to use 46sidecar proxies, those proxies "see" all service-to-service traffic and can 47collect data about it. Consul Connect can configure Envoy proxies to collect 48layer 7 metrics and export them to tools like Prometheus. Correctly instrumented 49applications can also send open tracing data through Envoy. 50 51## Getting Started With Connect 52 53There are several ways to try Connect in different environments. 54 55- The [Getting Started with Consul Service Mesh collection](https://learn.hashicorp.com/tutorials/consul/service-mesh?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS) 56 walks you through installing Consul as service mesh for Kubernetes using the Helm 57 chart, deploying services in the service mesh, and using intentions to secure service 58 communications. 59 60- The [Secure Service-to-Service Communication tutorial](https://learn.hashicorp.com/tutorials/consul/service-mesh-with-envoy-proxy?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS) 61 is a simple walk through of connecting two services on your local machine 62 using Consul Connect's built-in proxy and configuring your first intention. The guide also includes an introduction to 63 using Envoy as the Connect sidecar proxy. 64 65- The [Kubernetes tutorial](https://learn.hashicorp.com/tutorials/consul/kubernetes-minikube?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS) 66 walks you through configuring Consul Connect in Kubernetes using the Helm 67 chart, and using intentions. You can run the guide on Minikube or an existing 68 Kubernetes cluster. 69 70- The [observability tutorial](https://learn.hashicorp.com/tutorials/consul/kubernetes-layer7-observability?utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS) 71 shows how to deploy a basic metrics collection and visualization pipeline on 72 a Minikube or Kubernetes cluster using the official Helm charts for Consul, 73 Prometheus, and Grafana. 74