Reserving the IP in the IPAM system
Ansible and AWX in practice
With the Ansible Automation Platform, you can automate recurring tasks, ensuring efficient and error-free processes. Ansible offers considerable added value, particularly in network environments, DevOps, and operational IT.
We will show you three real-world use cases that demonstrate the challenges we have been able to solve for our customers with IT automation:
Use Case #1:
Virtual machines with one click
The starting point
In a company, the provision of virtual machines (VMs) is carried out by several employees with a high degree of manual effort. A lot of time is lost on repetitive tasks, and the manual steps leave plenty of room for error, especially in substitution situations.
But how can this process be fully automated while at the same time meeting increasing security requirements and shorter update cycles?
The solution
DICOS worked with the company to develop a fully integrated process that completely rethinks the provisioning of new VMs and takes into account the security requirements demanded by IT security.
The virtual machines are automatically created on the hypervisor using AWX and VMware. The system hardening specifications were integrated directly into the creation process, eliminating the need for manual rework.
The focus was on the end-to-end integration of the existing infrastructure. This includes the automatic creation of CIs in the CMDB, the rollout and activation of monitoring, the maintenance of IP addresses in the IPAM system, and the management of access data in the password management system.
Technical process
Creation of virtual machines based on a template
Entry in the CMDB
Documentation of the established CI (including responsibilities)
Securing access data in the central password manager
System Hardening
Default configuration
Default Software
Connection to monitoring systems
The result
TIME SAVINGS
The provisioning time for new VMs has been reduced to just a few minutes.
QUALITY
The processes are standardized, error-free, and auditable.
TRANSPARENCY
Thanks to logging in AWX, the process is transparent and traceable.
RELIEF
The solution enables bulk deployment of virtual machines for the first time and provides lasting relief for the IT team.
Use Case # 2
Process automation ensures compliance on Linux hosts
The starting point
A technology group operated a large number of Linux hosts—spread across multiple locations, with different distributions such as RHEL, CentOS, Ubuntu, and SLES.
Due to increased security requirements, a way had to be found to update the machines with less effort but at a higher frequency. Due to the heterogeneity of the global landscape, there was no ‘uniform’ patch strategy, different tools and schedules for each system, manual updates, and a lack of logging in some cases, which made operating system updates neither consistent nor traceable.
The solution
DICOS set up a global and centrally controlled patch workflow for Linux operating system updates.
The automation takes care of handling the various Linux derivatives on its own. The connection to the CMDB via dynamic inventory scripts enables end users to manage the desired time centrally.
All results of the patch processes are recorded, documented, and evaluated in a standardized manner in the ITSM system.
Technical process
A patch cycle is selected by the user and recorded in the CMDB.
AWX pulls a dynamic inventory from the CMDB, thereby obtaining all relevant information about a host.
AWX automatically creates schedules based on existing groups that update the systems at the desired time.
Results are logged in both AWX and the ITSM system.
User notifications can be enabled optionally.
The result
TIME SAVINGS
The patching process has been simplified and accelerated.
SAFETY
Patch cycles could be increased with less effort, and compliance requirements were met.
SCALABILITY
New systems or locations can be integrated with just a few adjustments, making the solution future-proof.
Use Case # 3
Automated rollout of security scanners on Windows hosts
The starting point
The company’s server landscape comprised several thousand instances in different data centers and locations.
In order to perform vulnerability scans, threat detection, and compliance checks, the infrastructure must be fully covered with appropriate agents. Until now, the distribution of security scanners has required a high level of manual effort and personnel.
The IT department was therefore looking for a scalable and audit-proof solution to install security scanners on all Windows hosts across the board and keep them constantly up to date.
The solution
To this end, DICOS implemented a workflow for the IT security team in Ansible and AWX. The security agents are automatically distributed and installed, and connect directly to the central security platform thanks to the rolled-out configuration.
The job templates used were made available to the specialist department. This allows those responsible to either carry out selective updates or work with schedules.
Technical process
Central job control via AWX: Creation of reusable job templates for scanner rollout, integration of all Windows hosts via CMDB
Playbook execution: Communication with target systems via WinRM, checking whether the security agent is already present, downloading and installing the agent if necessary, configuration (e.g., scan server, proxy settings, logging), restarting the service
Workflow automation: Using tags and variables to control different deployment scenarios
Central monitoring & logging: Automated transfer of logs and metrics to Splunk, structured visualization of successes/failures per host, installation status and agent versions, rollout progress across regions and time, alerts for errors or failed installations
The result
QUALITY
The processes are reproducible and documented.
RELIEF
IT is relieved by the elimination of manual installations.
SCALABILITY
Future automation projects using the same framework are now possible.
Integration and development
Ansible Service
Would you like to use Red Hat's Ansible Automation Platform in your company? Then you need someone to take care of integration and development. We would be happy to do that for you. Just send us a message.