Ansible roadmap steers toward network, security via integrations
Through simply written automation and granular access control, Ansible will attempt to put networking and security teams in step with IT infrastructure and DevOps counterparts.
AUSTIN, Texas -- Many Ansible users picked up the configuration management and automation tool to do one job, and now use it for many others. Now, Ansible hopes to extend that common thread to attract a broader spectrum of users to the tool.
Highlights of the Ansible roadmap in the next year will show a broader role for the configuration management platform, expanding it from automation of VM builds and application deployments to address network devices and security toolsets. Its ambition is to unify the IT department and its legions of assets, silos and tools.
Eran Sery, a DevOps engineer at Delta, has used Ansible for two years. Its appeal is that the format is easy to understand so most people are able to contribute. "It enables a DevOps culture," he said at AnsibleFest here, this week.
Sery said he foresees using Ansible to involve more teams in automated tasks, with services shared via a common platform, such as its Tower management console.
Network automation a logical step
Ansible 2.7, which is set for release this week, includes about 500 modules for 50 network platforms. The Ansible roadmap also includes 12 network roles from Red Hat for network automation, expected in early 2019. It's an area of IT operations where many Ansible users have set their sights.
Mark FoggVP of infrastructure automation, Natixis
"We would love to get into the network and security [automation] with Ansible," said Mark Fogg, VP of infrastructure automation at Natixis, a French financial services company. His team of infrastructure developers writes playbooks for OSes such as Red Hat Enterprise Linux and CentOS, and other elements of the infrastructure.
Added network automation would let them build out virtual LANs and push predefined configurations to network devices, for example. Ansible works without agents, which admins cannot always install on network switches or other devices.
The Ansible roadmap also includes support for multi-cloud computing, with a cloud virtual private network (VPN) to coordinate deployments across hosting providers as well as private clouds. The cloud VPN opens the door for public cloud support with less concern about vendor lock-in, said Caleb Cotton, a Linux engineer at a large, privately held U.S. bank.
Put security tools together
The Ansible roadmap also adds modules to automate and orchestrate disparate enterprise security tools, such as enterprise firewalls, intrusion detection systems and security information, and event management. These tools don't communicate, and integration standards take a long time to reach meaningful adoption -- if they ever do, said Alessandro Perilli, general manager of strategy at Red Hat.
Ansible Automation for security, now in tech preview, provides a common automation layer and language that is easy to understand, write and maintain; modular and open source.
Ansible plans to offer roles, content, playbooks and integration elements to connect security tools, with general availability in early 2019. An example use is to detect suspicious activity, perform threat hunting and respond to incidents. The goal is a self-defending environment that relies on automated sequences to detect, identify and remediate security incidents.
Certified content validation reduces risk
Alongside its extension into network and security automation, Ansible added assurances of validated content for enterprise adopters.
The Red Hat Ansible Automation Certification Program evaluates and validates modules and plugins, and eventually roles, to ensure that they are secure, compatible and functional. Red Hat and partners can submit content for certification, and users subscribe to the service. Initial participants include networking vendors Cisco, CyberArk, F5 Networks, Infoblox, NetApp and Nokia.
The added level of safety and assurance from a certification program fits in with the risk-averse mindset of a bank, Cotton said. "We build custom modules ourselves and we're responsible for anything that happens with it. It's much better to go to Red Hat to get issues fixed," he said.
In addition to certified content, Ansible is developing a scoring system for the community repository Galaxy, to rate modules on usefulness and effectiveness. There are about 2,100 modules available, and it's infeasible for users to sift through all possible options.