ANSIBLE Integrations Can Automate anything | NASA case study
No one likes repetitive tasks. With Ansible, IT admins can begin automating their daily tasks. Automation frees admins to focus on some new things . Ultimately, Ansible gives teams the thing they can never get enough of i.e time. Allowing smart people to focus on smart things.
Ansible is a simple automation language that can perfectly describe an IT application infrastructure. It’s easy-to-learn, self-documenting, and doesn’t require a grad-level computer science degree to read. Automation shouldn’t be more complex than the tasks it’s replacing.
NASA CASE STUDY
About NASA and the WESTPRIME contract:
The National Aeronautics and Space Administration (NASA) is the agency of the United States government that is responsible for the nation’s civilian space program and for aeronautics and aerospace research.
The NASA Web Enterprises Services and Technology contract (WESTPRIME) was established to create a standard for public cloud usage within NASA. WESTPRIME deals with everything from the very well known www.nasa.gov site to privately accessible web applications used by NASA staff around the world. InfoZen is the prime contractor for NASA WESTPRIME
“ As a result of implementing Ansible we are better equipped to manage our environment. Ansible has allowed us to provide better operations and security to our clients. It has also increased our efciency as a team.” — Jonathan Davila DevOps Lead, InfoZen
What is business challenge?
NASA WESTPRIME’s initial focus was to move roughly 65 applications from a traditional hardware based data center in a rapid time-line to a cloud-based environment. The rapid time-line resulted in many applications being migrated ‘as-is’ to a cloud environment.
This allowed for NASA to gain signifcant cost savings from the change in infrastructure but did not allow for immediate cloud optimization of the applications and sites. As a result of the rapid migration requirement we had an environment spanning multiple virtual private clouds (VPCs) and AWS accounts that could not be easily managed. This resulted in scenarios where even simple things, like ensuring every system administrator had access to every server, or simple patching, were extremely burdensome.
How is NASA using Ansible?
To solve the problems that they had with lack of centralized management and a diverse environment, they evaluated multiple solutions and decided on an implementation of Ansible Tower. They are now leveraging Ansible Tower to manage our environment in a very organized and scheduled way. As a result of their Ansible Tower implementation they have achieved the following eficiencies:
- NASA web app servers are being patched routinely and automatically through Ansible Tower with a very simple 10-line Ansible playbook.
- Ansible is also being used to re-mediate security issues and was leveraged to re-mediate both OpenSSL issues earlier this year. This not only saved time but allowed to quickly re-mediate a very daunting security issue.
- Every single week both the full and mobile versions of www.nasa.gov are updated via Ansible, generally only taking about 5 minutes to do.
- OS level user accounts for mission critical staff are continually checked and created if missing. We can now say with absolute certainty that everyone who needs access has access, even if that means adding or removing a user almost instantly from all servers.
- They have also integrated Ansible facts into CMDB, CloudAware, for better management visibility of entire AWS inventory. As a result, they are able to organize their inventory of AWS resources in a very granular way that was not possible before.
- Ansible is also used to ensure their environment is compliant with necessary Federal security standards as outlined by FedRAMP and other regulatory requirements
What technology or products used in the past to solve this problem, if any?
While parts of the technical staff would sometimes use Ansible core for some tasks, previously NASA WESTPRIME was using shell scripts and manual SSH-based administration. Afer testing,they decided that Ansible was the best fit for them, due to:
- Ansible does not require agents to be installed on hosts; native use of SSH
- The learning curve is very small and took less than a day to learn
- Non-technical staff can read an Ansible Playbook and know what’s happening
- Most active open source community among its competitors
What are the results with Ansible?
As a result of implementing Ansible we are better equipped to manage our environment. Ansible has allowed to provide better operations and security to our clients. It has also increased eficiency as a team. By the numbers:
- www.nasa.gov update window went from over 1 hour, to 5 minutes or less
- Patching updates went from a multi-day process to a 45 minute process
- Near real-time RAM and Disk monitoring accomplished without agents
- OS Account provisioning across entire environment in less than 10 minutes
- Baselining our standard AMI’s went from 1 hour of manual confguration to becoming an invisible background process
- Application Stacks went from 1–2 hours to set up, to about 10 minutes per stack
What are your plans to grow your Ansible usage moving forward?
As we progress towards a more optimized environment we have strategic modernization plans that include a heavy dependency on Ansible and Ansible Tower. We are working on moving many applications into cycles of Continuous Integration and Deployment, which will be leveraging Ansible as the conductor of these architectures.
In the future, Ansible will be used to manage our stack of Windows servers and perform the same magic we’ve been able to achieve in our Linux environments. The end goal will be for our production environment to be completely automated with system administrators only needing to SSH/ WINRM into instances manually for troubleshooting. All other instance changes would happen exclusively through Ansible (and the occasional CloudFormation template).
Regardless of who your infrastructure vendors are, Ansible can help you automate all your infrastructure from bare metal to virtualization — all without having to expose credentials, or teach your users the specific UIs and APIs for each provider.
- Red Hat Virtualization (RHV)
It’s time that the network teams got to participate in the DevOps revolution. Ansible brings its simplicity and agentless architecture to network automation in a way that enables IT organizations to finally include network teams in DevOps initiatives while simultaneously gaining better control and understanding of how their existing networks are configured and managed.
Ansible supports a wide variety of network providers today, including:
- Dell Technologies
- and others
Ansible has deep and broad capabilities across the cloud ecosystem — on or off-prem, or a bit of both, Ansible can seamlessly automate in an increasingly hybrid world.
Ansible supports clouds, including:
- Amazon Web Services (AWS)
- Google Cloud Platform (GCP)
- Microsoft Azure
- Open Stack
Everyone defines DevOps differently. Here at Ansible, communication and collaboration are central to the idea. But how do you solve the challenge of bringing together separate teams and their chosen tools, while encouraging communication and collaboration
Ansible enables the spirit of DevOps by connecting teams and tools to automate the workflows in your day-to-day operations.
Development: Github, Atlassian Bitbucket Pipelines, Gitlabs, Vagrant…
Integration/Test: Jenkins, Travis CI, Teamcity…
Deployment: Cloud Providers, Containers, ServiceNow, Systems, Virt Platforms…
Securing an enterprise from the growing number of threats is a matter of the highest priority. A well-timed and duplicitous attack on a business can have far-reaching consequences, such loss of productivity, damage to reputation and huge fines. Ansible can help security teams to address new complexities and manage tasks at scale across different practices.
Ansible supports a wide variety of security providers today, including: