Introduction to Red Hat Ansible Automation Platform

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi there thank you for joining me my name is gautam nagaraj i am a cloud solutions architect with red hat and today we will be talking about red hat ansible automation specifically how a connected and collaborative team can drive business we already know that within the it organization different domains are already automating whether that be the network team security team the infrastructure team or the application team either they're using scripts or they have internal applications that they've developed or bought but the reality remains that what red hat has seen by working with thousands of customers is that these are introduced silos and silos are not the methodology in which you can transform your organization what we've seen is that if you're able to scale the knowledge rather than scale the team that is when you can actually drive the transformation within your business and what red hat recommends is to have a single automation platform where the line of business the infrastructure teams the application teams the security teams can all view their environment and manage it from a single location so why do we recommend ansible automation platform let's go through it let's talk about the use cases and the environment that ansible can manage ansible can do the orchestration of the entire life cycle that means provisioning the infrastructure deploying the application managing the configuration while keeping it secure and maintaining compliance and what do we mean by the environment we mean load balancers network devices firewalls servers storage vms and cloud environments so there is an integration with literally every vendor that is available this is just a small subset that i'm showing you but the list is actually exhaustive what i want to give from this is that if we have a connected team we can and a collaborative team we can first of all drive digital transformation and we can reduce inefficiencies this has even been proven by the forester report which shows that ansible is the leader in ito automation so let's talk about how adsel actually works the base for our ansible automation platform is the engine ansible engine is at the heart of it and what are the tenants of ansible engine first it's very simple it's written in yamo which is similar to json so it is human readable you don't need to learn a programming language to be able to work with ansible it's powerful because of all the integrations it has it has thousands of integrations and those integrations enable you to have the operational knowledge of how to manage that application or environment or system taken away and you are basically working on just managing the configuration you state what you want and the ansible engine uses those integrations to achieve that end state and finally it's agentless you do not need to manage the installation or the supportability of an agent on the end device it works over the standard protocols of ssh winrm and can be advanced with a plugin that enables whatever protocol that you require but this ensures that basically it's secure and the fact that there is no requirement for a third-party agent to be installed on any device before you can manage it that is for the automation itself when you want to scale it for your organization that's where ansible tower comes in ansible tower acts as a control unit on top of the engine it gives a very interactive ui and api access it gives role-based access control so that way you can control who can access watch device and do what actions and finally it enables you to scale out so that you can have a highly available environment and be able to manage devices in different data centers while having a single pane of glass view on your automation platform so on top of the ansible tower what we give you is the ansible sas service which helps to engage it provides the governance for managing multiple ansible installations gives you the analytics so you have the knowledge of what you're doing gives you the trust because of the collections that are available and it is a hub to collaborate with other uh organizations and users who are using the ansible system so let's go and dig as you get a summary of how ansible works you will have ansible admins so these are people who are in charge of the automation platform who will define what are the use cases that are allowed the ansible users will connect and utilize the use cases that are provided and that is also done through the tower so there is the row based access control enabled on that side the tower will connect to the ansible engine and the sas service as required and will trigger the job that is required on the engine so that it can go ahead and provide the functionality or the use case that you're looking for in your environment be that the creation of a vm the installation of the os the updates of the os the life cycle management of your environment so what does that mean for you let's talk about the use cases that ansible automation enables for your organization to show you the value starting with windows automation so the first example is basically the creation of a user so generally whenever a windows admin has to create a user he has to go to the active directory put in the first name last name email password what groups are they part of now what ansible automation is showing you here is basically we're taking that action out of the active directory and enabling it to be done from a sort of a survey page so any user who's delegated by you can say the windows admin to can go ahead and clear fill out the form to give out the details for this as a new user who's joining the organization and basically that means that myself as gotham i can go and basically fill out this form and then click the submit button and that might go to a windows admin for or for authorization and then once authorized it'll go ahead and create the user within the organization that means that we basically take the access out of the windows active directory and put it into ansible automation and that can be delegated to whoever we want this could be part of an hr process for onboarding a new user so you create the user you give them the permissions the network access the file share access that they want that all can be automated from ansible let's talk about the other use case which is patching servers so with this use case what we're doing is basically enabling an admin or a user to patch a specific server so it could be in the case of yourself a developer who who can then go ahead and say i want to update this server or a a desktop admin who can go ahead and say i want to order this thing upgrade a specific server and choose which patches to include which passwords to exclude which groups to include and make it a self-service sort of catalog item so that instead of having admins to do it which are a precious resource we can instead have the users schedule when they want to do a sort of an update on their system now the next use case is the network automation so what i have here is from the engine the first two use cases that i showed you on windows that is actually from the tower now i'm just digging deep showing a bit of the information of how the actual engine does it and this is a playbook which basically enables a user once they run this playbook to run on a cisco switch or router and get the information from the interface so this is the output as it was run on a specific server a switch or a router now what you can take away from this is that a very uh standard use case that you have your network admin he is going on personal time off but the fact is that the tasks that he does as a daily task needs to be done by someone else that means that needs to be handed over but what you have the scenario where the backup for someone is also unavailable because they're sick or they also have some emergency so what is it what are you supposed to do what we're doing here is showing the ability to scale the knowledge the the actual use case or whatever daily job that the network admin is doing can be scheduled or can be configured inside ansible tower so that would mean that basically that any person who's delegated for that task will be able to run it if you'll notice over here the user who's running the task does not have access to the switch or the router themselves does not have the credentials for it all that been done is delegated from ansible tower you have the authority to run a specific playbook on a specific device and get the output and that output is also within the ansible tower itself so it's never that the is actually accessing the device themselves so that is a very powerful tool i would give you an example of this specifically in network automation so stand the most common task in network at automation is opening ports you have a source machine machine you have a destination machine and you need to open a port in a specific port like a database application reaching a database needs you know the port one five two five or one five two one so what happens me as a server admin will request this from the network team will go through the governance and approval process once approved it gets scheduled to a network admins task the fact is that the network admin not necessarily is waiting just only for that use case right he's doing a 100 of the tasks so what will happen is me as a server admin i have to wait because i'm held up on the task chain and once the network admin finishes his job he will complete the task of on his side which is the network side the firewall or the router or the switch that he's doing the work on and then he'll update the the service ticket to say i've completed my task can you please check and close the ticket now again as a service admin i'm also not only waiting for that i'm doing 100 other tasks so there is always the fact that from end to end a service the delay is never on the person but rather the lead time before they can get to that task so what happens with ansible tower is first of all we can me as a server admin i can go ahead and fill out a form that says this is my server source ip address destination ip address and which port i want opened up once it goes through the governance and approval process it can be scheduled by ansible tower that can go and directly connect to a firewall palo alto cisco whatever the solution that we're talking about open up the required port and say it's done and then you'll come back to me for testing we can take this a step further in a two-stage process where we give another use case which is the testing of ports i can create inansible a use case which will say this is the source machine this is the destination machine and this is the port please test whether the port is open so if there's a service already running i can also have that automated and how does this work out i can either have it so that the network admins can use that to do testing so they can without accessing a server test whether the port is working or not through the telnet test or i could even make it part of the ansible job as a bigger workflow where i give the first job which is to open the port and then the second job which is to basically test after that port is open whether the source machine can reach the destination machine and that gives us an end to end service with a validate validation test done to ensure that the task is completed successfully what this enables is that any user requesting the service can get end-to-end feedback and if there is an issue then ansible can also say okay i was able to open the port but my test failed please send a notification to the network team saying that listen dear mr network team team we've opened up the port but the telnet test is failing let's inform both the server team and the network team so that they can both troubleshoot on their end so that is the way that we basically take it forward the next automation use case is around security and quite frankly we are supported with the n number of security vendors you can see this the famous ones are here already and what the idea between the security automation is is that ansible can be a response tool to a certain incident so let's say you have an ids or an ips so that detects that there is something wrong or that detects a denial of service attack from a specific ip what can happen is a playbook or a use case can be run that says dear firewall device or security device there is an ip address that's you know 10 195.1x.x.x that is attacking me please drop all packets from this external ip address so what will happen is immediately a new rule gets created on your external facing sort of entry point that drops the packet so that protects you first of all second of all we can then go ahead and notify a security admin to say dear security admin we've done this can you please check is there something wrong is this a false alarm but i have blocked this already so that gives you the first mover advantage where you don't have to first get notified before you do an action you are basically doing an action and then also getting notification at the same time so it's a parallel task so that is the advantage that we can basically produce when we have ansible automation the other use cases that i want to discuss is the application automation use case so let's talk about this use case we have in an environment dynatrace which is an application monitoring tool and it's monitoring your application and it detects the first use case that there is a degradation in the service now we've already encountered this before so what's happened is that we in ansible generally what are we automating the most common use cases the ones that we see again and again and again and makes it so that we don't have to do it again right we are basically automating away this the mat the the day-to-day jobs and looking at to towards our users to give the value add service so there is a user degradation activity or a trigger and dynatrace then basically goes and says dear ansible i want you to do the remediation job and that is what answer will do as soon as it's triggered it will go and do a remediation job and also go and give a notification or an email to the admin saying that i've done this job can you please check that everything is fine it can do a feedback loop where dynatrace can then configure and re-test and see whether everything is working fine or not fine or not we have the other use case and this is where i want to show the way that how ansible because of its heterogeneous capability of working across different environments the use cases that we showed till now have been you can say minor use cases across one platform and you could say that i could do that myself but now let's talk about where dynatrace is monitoring an environment and it sees that the capacity is reached or there's a threshold reached so that means it needs to now either increase the capacity but it can't because even that internal capacity has been reached it needs to provision a new server and add that server to the pool and so what it does it triggers the job to ansible which will then trigger multiple jobs first of all it will create a ticket and service now or your itsm tool saying that listen i am doing this creation of a new system because i've been given the trigger from the application monitoring so let's open a ticket so that it's aware of this change that i'm doing next is go to your so let's say vmware environment say provision me a new vm i mean provisioning a new vm from a template that's straightforward but after you provision the vm you go ahead and get inside the os make sure to update it make sure to add it to the domain make sure that it passes your compliant test install the application stack whatever the application stack might be jboss eap for example or weblogic or websphere or you know spring boot or python or ph or whatever stack that we're talking about yeah it can install it then it can also put in the binary and configure it if it's a web server or whatever the case is once that's done it will go to the load balancer and say dear mr load balancer you're doing application load balancing for a specific set of two or three servers now there's a fourth server please add it to that virtual server so that you basically add that to the pool you also make sure to open up the required ports that you need between let's say the application and the database so that is the end to end service that we're talking about that that is possible from ansible so and finally ansible can then close the ticket saying that i have successfully created this this was the start time this was the end time these are the details of the systems that i've interacted with and so that you have it as a record as well on what was the automation that was done so now those are specific use cases these are some of the the studies that we have done and the the metrics that we have that how ansible basically speeds up your mediation how it helps you deploy more often how it may helps you optimize yours your staff and how it any better enables you to be prepared for future this is a reference and we have a reference basically a public reference from microsoft who within their network environment are actually using ansible so you can understand if a company like microsoft is using ansible the capabilities that are possible from ansible and the fact that uh how ubiquitous ansible is within the it industry so how do you start so now you know that what we are suggesting which is ansible automation platform why are we suggesting it so that you have collaboration and better coordination for better business outcomes to have a single pane of glass view on what are the activities that are happening within your organization to be able to better uh schedule to better catalog all the requirements that you have within your it that is what ansible gives you the specific use cases where you can see the most value some of the examples of what we are suggesting and of course these are all dependent on your organization so how do we start what we suggest is first let redhat come and do a discovery let us understand from you what is your environment what are the most common tasks you guys are doing what is the best value that you can get and then let us start with a small pilot where we will build an environment for you the the the automation platform itself and some use cases that will then show the business value it will show you that before you are spending 100 hours on doing a specific task and how many hours it takes post that task and so what is the value that you've gained in terms of man hours from that and then we will give you a journey that takes you from step one to step two to step three towards an automation journey where you can basically have in everything as code automation environment available so that's it from us thank you so much for your time uh and uh if there's any questions we would be more than glad to to hear from you and to take it forward

Info

Channel: Red Hat with Gautham

Views: 3,505

Rating: 4.7818184 out of 5

Keywords:

Id: 8eT-PW2bmfo

Channel Id: undefined

Length: 21min 0sec (1260 seconds)

Published: Tue Mar 02 2021