Questo contenuto non è disponibile nella lingua selezionata.
Chapter 1. Introduction to hardening Ansible Automation Platform
This document provides guidance for improving the security posture (referred to as “hardening” throughout this guide) of your Red Hat Ansible Automation Platform deployment on Red Hat Enterprise Linux.
The following are not currently within the scope of this guide:
- Other deployment targets for Ansible Automation Platform, such as OpenShift.
- Ansible Automation Platform managed services available through cloud service provider marketplaces.
Hardening and compliance for Ansible Automation Platform 2.4 includes additional considerations with regards to the specific Defense Security Information Agency (DISA) Security Technical Implementation Guides (STIGs) for automation controller, but this guidance does not apply to Ansible Automation Platform 2.5.
This guide takes a practical approach to hardening the Ansible Automation Platform security posture, starting with the planning and architecture phase of deployment and then covering specific guidance for installation, initial configuration, and day 2 operations. As this guide specifically covers Ansible Automation Platform running on Red Hat Enterprise Linux, hardening guidance for Red Hat Enterprise Linux will be covered where it affects the automation platform components. Additional considerations with regards to the DISA STIGs for Red Hat Enterprise Linux are provided for those organizations that integrate the DISA STIGs as a part of their overall security strategy.
These recommendations do not guarantee security or compliance of your deployment of Ansible Automation Platform. You must assess security from the unique requirements of your organization to address specific threats and risks and balance these against implementation factors.
1.1. Audience
This guide is written for personnel responsible for installing, configuring, and maintaining Ansible Automation Platform 2.5 when deployed on Red Hat Enterprise Linux. Additional information is provided for security operations, compliance assessment, and other functions associated with related security processes.
1.2. Overview of Ansible Automation Platform
Ansible is an open source, command-line IT automation software application written in Python. You can use Ansible Automation Platform to configure systems, deploy software, and orchestrate advanced workflows to support application deployment, system updates, and more. Ansible’s main strengths are simplicity and ease of use. It also has a strong focus on security and reliability, featuring minimal moving parts. It uses secure, well-known communication protocols like SSH, HTTPS, and WinRM for transport and uses a human-readable language that is designed for getting started quickly without extensive training.
Ansible Automation Platform enhances the Ansible language with enterprise-class features, such as Role-Based Access Controls (RBAC), centralized logging and auditing, credential management, job scheduling, and complex automation workflows. With Ansible Automation Platform you get certified content from our robust partner ecosystem; added security, reporting, and analytics; and life cycle technical support to scale automation across your organization. Ansible Automation Platform simplifies the development and operation of automation workloads for managing enterprise application infrastructure life cycles. It works across multiple IT domains including operations, networking, security, and development, as well as across diverse hybrid environments.
1.2.1. Red Hat Ansible Automation Platform deployment methods
There are three different installation methods for Ansible Automation Platform:
- RPM-based on Red Hat Enterprise Linux
- Container-based on Red Hat Enterprise Linux
- Operator-based on Red Hat OpenShift Container Platform
This document offers guidance on hardening Ansible Automation Platform when installed using either of the first two installation methods (RPM-based or container-based). This document further recommends using the container-based installation method for new deployments, as the RPM-based installer will be deprecated in a future release.
For further information, see Deprecated features.
Operator-based deployments are out of scope for this document.
1.2.2. Ansible Automation Platform components
Ansible Automation Platform is a modular platform composed of separate components that can be connected together, including automation controller, platform gateway, automation hub, and Event-Driven Ansible controller.
Additional resources
For more information about the components provided within Ansible Automation Platform, see Red Hat Ansible Automation Platform components in Planning your installation.
