rvlsoft - Fotolia
Ansible Tower revamp adds analytics, security automation
Ansible Tower and Ansible Engine are now one product, Ansible Automation Platform, which also includes automation analytics, security automation integrations and certified content.
Ansible Tower users got their first look at a newly consolidated Ansible Automation Platform this week, which they hope will simplify purchasing and cut down on the manual effort required to create Ansible modules and playbooks.
Red Hat Ansible Automation Platform brings the Red Hat Ansible Tower management interface, Red Hat Ansible Engine configuration management software, Red Hat Ansible Network Automation and newly added Red Hat Security Automation under one SKU, and it's a free upgrade for Ansible Tower subscribers. This was welcome news for some large enterprise customers who were tired of tracking separate licenses for each of those pieces.
"I don't want to keep paying for things, with a new SKU for everything," said Abraham Snell, senior IT infrastructure analyst at Southern Company, an electric and natural gas utility based in Atlanta. "I don't want to manage multiple entitlements when I'm not sure what I'm getting [with each one]."
Ansible Automation Platform, which will ship in November, will also include Ansible Content Collections and Automation Hub. Content Collections is a set of Red Hat-certified Ansible content, including modules, plugins, roles and playbooks, created by Red Hat and third-party partners such as Cisco, F5, Google Cloud, Microsoft and NetApp. Automation Hub is a repository where Content Collections will be delivered as they are created, rather than being tied to the six-month Ansible release cycle. Automation Hub represents a curated version of the Ansible Galaxy community content repository.
"The certified library should speed up some development, instead of us having to chase down different playbooks certified by different vendors," said Mark Wedge, lead automation engineer for infrastructure at Sabre Corp., a travel industry software provider in Southlake, Texas.
Built-in integrations, such as for ServiceNow and DNS vendor Infoblox, were among the selling points for Ansible Tower, which Sabre purchased last year after years of using Ansible open source, Wedge said.
Abraham Snell Senior IT infrastructure analyst, Southern Company
"Those modules can be limited when they're very new -- we had to make changes to the HP iLO 5 module, for example," he said. "Fingers crossed there are no hiccups, but [Content Collections] should make for smoother uptake with things ready to go."
Ansible Tower security, analytics require further evaluation
Ansible Automation Platform also offers Red Hat Security Automation, a set of integrations with security tools such as intrusion detection and prevention systems and firewalls. Analysts say this type of automation will be key for organizations embracing DevSecOps.
"[There's a] need for SecOps to be more directly involved in infrastructure automation," said Chris Gardner, an analyst at Forrester Research. "In order to pull off zero trust principles, they need to be part of the infrastructure design process."
However, at many of the large enterprises that form the bulk of the Ansible Tower user base, Southern Company and Sabre included, security and IT infrastructure monitoring are often handled by different teams than infrastructure automation. That means Red Hat Security Automation must appeal to a different set of buyers.
"Security-wise, I'd need to work with the security team to determine which tools they already use" to know if Red Hat Security Automation would be useful, Sabre's Wedge said.
At Southern Company, Ansible's Automation Analytics feature, an offshoot of Red Hat Insights, could help demonstrate the cost benefits of automation to upper management, Snell said.
Meanwhile, he added, Content Collections also have security and compliance implications.
"Security teams always have concerns about content repositories and how they're governed," he said. "[Content Collections] are going to help mitigate some of the risks security comes to me about."
Ansible Tower roadmap broadens integrations
A private version of Ansible Galaxy is in the works for organizations that are highly security- and compliance-conscious. Users can now pause for approval at any step in the Ansible Tower workflow, said Tom Anderson, senior director of Ansible automation and management at Red Hat.
Continued expansion of infrastructure automation integrations and an updated interface for infrastructure modelling should also be at the top of Red Hat's to-do list for Ansible development, Forrester's Gardner said.
"Ansible for a long time has taken a text-driven approach to [infrastructure] modelling, [and] their GUI is OK in Tower, but not great," he said. "Integrations are key to everyone in this space -- they have a good number, but others are farther along."
For example, Southern Company's Snell said he'd like to see the Red Hat Enterprise Linux infrastructure management tool, Satellite, merged into a shared interface with Ansible Tower. Red Hat did not comment on whether such an integration is in the works.
In the meantime, Red Hat rolled out a tech preview of a new integration between Ansible and the OpenShift container management platform that allows OpenShift Operators to be created using Ansible's scripting language, rather than the more complex Golang programming language.
Ansible Tower and Ansible Engine were previously priced per node, but the Red Hat Ansible Automation Platform has a flat price in two editions: Standard, which comes with 8/5 support, at $13,000, and Premium, with 24/7 support, at $17,000.