From checking health to configuring devices, network engineers have always used their fingers on the good, old command-line interface. CLI is fast, outputs lots of details, and gives them a lot of flexibility to push commands. There is no good network engineer that hasn’t spent hours working on the line interface.
But now, with minimal human intervention, an automated robot is capable of login into a network device and run commands. So if, network automation can take over the job of a network engineer or admin, how can they compete with automation?
“I think, over time, network engineers will become data managers, because they become less concerned about the network, the vendor’s specific configuration, and they’re really managing the data that makes up the configuration,” said Brad Thornton, (pictured center), lead architect of Ansible network automation at Red Hat Inc.
Thornton, Adam Miller (pictured right), senior principal software engineer of security automation at Red Hat, and Jill Rouleau (pictured left), senior software engineer for Ansible at Red Hat, spoke with John Furrier, host of theCUBE, SiliconANGLE Media’s livestreaming studio, during AnsibleFest 2020. They discussed Ansible network modules, public/private cloud use cases and security automation. (* Disclosure below.)
[Editor’s note: The following has been condensed for clarity.]
Why are customers successful with Ansible in networking?
Thornton: I think one of the reasons why Ansible has done well in the networking space and why a lot of network engineers find it very easy to use is because you can still see the CLI. But what we have the ability to do is pull information from the same CLI that you were using manually, show that as structured data, and then let you return that structured data and push it back to the configuration. So what you get when you’re using Ansible is a way to programmatically interface and do configuration management across your entire fleet. It brings consistency and stability and speed to network configuration management.
What should customers think about when they look at the engineering and the development challenges around cloud?
Rouleau: If we step back, Cloud just means any sort of distributed applications, whether it’s on-prem in your own data center, on the edge, in a public hosted environment. And automation is critical for making those things work. And there’s now a lot more architectural complexity, no matter where you’re running that. And so I think if you step back and look at it from that perspective, you can actually apply a lot of the same approaches and philosophies to these new challenges as they come up without having to reinvent the wheel of how you think about these applications.
How do you guys look at tools like Terraform, and how does Ansible compare to that because you guys are very popular in the cloud configuration?
Rouleau: So Terraform and tools like that — things like CloudFormation or Heat in the OpenStack world– they do really, really great at things, like deploying your apps and setting up your stack and getting them out there. Ansible is a phenomenal way of getting in there and saying, “I have these instances, I know about them, but maybe I just need to connect out and run an update or add a package or reconfigure a service that’s running on there.” And I think you can glue these things together and use Ansible with these other stack deployment-based tools really, really effectively.
What’s your thoughts on the source of truth when it comes into play for these security appliances?
Miller: Source of truth is going to be very dependent on the organization. What type of brownfield environment they’ve developed. What type of things that they rely on, and what types of data they store there. So we have the ability for various sources of truth to come in for your inventory source and the types of information you store with that. Because of Ansible’s flexibility and because of the way that everything is put together in a pluggable nature, we have the capability to actually bring in all of these components from anywhere in a Brownfield environment together. [We can] be that infrastructure glue, be that automation component that can tie all these disjoint loosely coupled together.
What kind of security appliances can you guys automate?
Miller: As of today, we are able to [automate] endpoint management systems, enterprise firewalls, security information, and event management systems. We’re able to do security orchestration, automation, remediation systems, privileged access management systems. We’re doing some threat intelligence platforms … and we recently added endpoint security management.
What use cases do you see the Ansible modules in for the public cloud?
Rouleau: In our public clouds, we have support for Amazon Web Services, Azure, GCP, and they all support your main services. And then once you get all of those up there … you can now pull that back down into Ansible, build an inventory from that, and seamlessly then use Ansible to manage those instances.
We can go straight from having deployed all of those services and resources to managing them and going between your instances in your traditional operating system management for those instances and your cloud services. You can use one tool for all of these things, bring all of your different teams together, give them one tool and one view for managing everything end to end.
Why is Kubernetes more important now? What does it mean?
Miller: I think the big thing is the modernization of the application development delivery. When you talk about Kubernetes and OpenShift and the capabilities we have there, you can build a lot of the tooling that you used to have to maintain to be able to deliver sophisticated resilient architectures in your application stack. [These] are now baked into the actual platform, so the container platform itself takes care of that for you and removes that complexity from your operations and development team.
And then Ansible itself is able to build that capability of automating the entire Kubernetes or OpenShift cluster in a way that allows you to go into a Brownfield environment and automate your existing infrastructure, along with your more container native, futuristic, next-generation, net structure.
Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of AnsibleFest 2020. (* Disclosure: TheCUBE is a paid media partner for AnsibleFest 2020. Neither Red Hat Inc., the sponsor for theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
Since you’re here …
Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!
Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> to our YouTube channel.
… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.