Ce contenu n'est pas disponible dans la langue sélectionnée.

Chapter 1. Introduction to hardening Ansible Automation Platform


This document provides guidance for improving the security posture (referred to as “hardening” throughout this guide) of your Red Hat Ansible Automation Platform deployment on Red Hat Enterprise Linux.

The following are not currently within the scope of this guide:

  • Other deployment targets for Ansible Automation Platform, such as OpenShift.
  • Ansible Automation Platform managed services available through cloud service provider marketplaces.
Note

Hardening and compliance for Ansible Automation Platform 2.4 includes additional considerations with regards to the specific Defense Security Information Agency (DISA) Security Technical Implementation Guides (STIGs) for automation controller, but this guidance does not apply to Ansible Automation Platform 2.5.

This guide takes a practical approach to hardening the Ansible Automation Platform security posture, starting with the planning and architecture phase of deployment and then covering specific guidance for installation, initial configuration, and day 2 operations. As this guide specifically covers Ansible Automation Platform running on Red Hat Enterprise Linux, hardening guidance for Red Hat Enterprise Linux will be covered where it affects the automation platform components. Additional considerations with regards to the Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs) for Red Hat Enterprise Linux are provided for those organizations that integrate the DISA STIGs as a part of their overall security strategy.

Note

These recommendations do not guarantee security or compliance of your deployment of Ansible Automation Platform. You must assess security from the unique requirements of your organization to address specific threats and risks and balance these against implementation factors.

1.1. Audience

This guide is written for personnel responsible for installing, configuring, and maintaining Ansible Automation Platform 2.5 when deployed on Red Hat Enterprise Linux. Additional information is provided for security operations, compliance assessment, and other functions associated with related security processes.

1.2. Overview of Ansible Automation Platform

Ansible is an open source, command-line IT automation software application written in Python. You can use Ansible Automation Platform to configure systems, deploy software, and orchestrate advanced workflows to support application deployment, system updates, and more. Ansible’s main strengths are simplicity and ease of use. It also has a strong focus on security and reliability, featuring minimal moving parts. It uses secure, well-known communication protocols like SSH, HTTPS, and WinRM for transport and uses a human-readable language that is designed for getting started quickly without extensive training.

Ansible Automation Platform enhances the Ansible language with enterprise-class features, such as Role-Based Access Controls (RBAC), centralized logging and auditing, credential management, job scheduling, and complex automation workflows. With Ansible Automation Platform you get certified content from our robust partner ecosystem; added security, reporting, and analytics; and life cycle technical support to scale automation across your organization. Ansible Automation Platform simplifies the development and operation of automation workloads for managing enterprise application infrastructure life cycles. It works across multiple IT domains including operations, networking, security, and development, as well as across diverse hybrid environments.

1.2.1. Red Hat Ansible Automation Platform deployment methods

There are three different installation methods for Ansible Automation Platform:

  • RPM-based on Red Hat Enterprise Linux
  • Container-based on Red Hat Enterprise Linux
  • Operator-based on Red Hat OpenShift Container Platform

This document offers guidance on hardening Ansible Automation Platform when installed using either of the first two installation methods (RPM-based or container-based). This document further recommends using the container-based installation method for new deployments, as the RPM-based installer will be deprecated in a future release.

For further information, see Deprecated features.

Operator-based deployments are out of scope for this document.

1.2.2. Ansible Automation Platform components

Ansible Automation Platform is a modular platform composed of separate components that can be connected together, including automation controller, platform gateway, automation hub, and Event-Driven Ansible controller.

Additional resources

For more information about the components provided within Ansible Automation Platform, see Red Hat Ansible Automation Platform components in Planning your installation.

Red Hat logoGithubRedditYoutubeTwitter

Apprendre

Essayez, achetez et vendez

Communautés

À propos de la documentation Red Hat

Nous aidons les utilisateurs de Red Hat à innover et à atteindre leurs objectifs grâce à nos produits et services avec un contenu auquel ils peuvent faire confiance.

Rendre l’open source plus inclusif

Red Hat s'engage à remplacer le langage problématique dans notre code, notre documentation et nos propriétés Web. Pour plus de détails, consultez leBlog Red Hat.

À propos de Red Hat

Nous proposons des solutions renforcées qui facilitent le travail des entreprises sur plusieurs plates-formes et environnements, du centre de données central à la périphérie du réseau.

© 2024 Red Hat, Inc.