BlueAlly is a Red Hat Advanced Business Partner focusing on network and cloud automation using Red Hat Ansible Automation Platform. In May of 2023, the BlueAlly Consulting team was invited to the Cisco Federal Innovation Challenge (CFIC) hosted at the GSA Workplace Innovation Lab 1 in Washington, DC.
The goal of the CFIC is to bring together ideas to accelerate modernization across the federal and defense landscape. The focus is NetDevOps, IT modernization, telemetry and visualization.
The team's solution is an extensible architectural framework based on streaming services and Event-Driven Ansible.
Addressing challenges facing network managers
Network managers are often burdened with proving "it's not the network" when applications exhibit poor performance. Increasingly, DevOps principles are fostered in network operations. Among them is the practice that "metrics should be visible" to all stakeholders.
While commercial software solutions are available to monitor application performance, processing and analyzing logs from routers, firewalls and servers is costly due to the sheer volume of data. We need to rethink our approach to data, particularly in relation to IT operations.
Given the severity of data overload and the need to adopt AIOps, organizations should consider investing in the role of a visibility architect to secure, manage and enable access to the organization's telemetry data.
Networks contain a wealth of information that is beneficial to stakeholders outside network operations. Network management at scale benefits by adopting a service-oriented architecture structural style consisting of small, highly extensible, independent components.
The visibility architect must consider how to design, develop and implement in-house remedies using open source solutions and custom code.
BlueAlly's contribution to the Cisco Federal Innovation Challenge (CFIC)
The BlueAlly Consulting solution highlights how Event-Driven Ansible integrates with an event streaming service (Kafka in Confluent Cloud), a bespoke Python Kafka publisher and a control plane configuration managed by GitHub.
BlueAlly customers are increasingly interested in scaling their network management practices by implementing event streaming services. Kafka is often the preferred choice, as it combines the aspects of a messaging system and a database. Telemetry events are accessible to a wide range of infrastructure management systems and offer the functionality of a replay log for forensic analysis.
Confluent Cloud is utilized as a simple yet robust Kafka implementation enabled in minutes via a web browser to facilitate a rapid prototype.
Event-Driven Ansible
Event-Driven Ansible enables automation scenarios in infrastructure domains, including network, infrastructure, DevOps, security and CloudOps. It is available in Ansible Automation Platform 2.4.
At the core of Event-Driven Ansible is a rulebook (example) enabling "if-this-then-that" operational logic to events triggering the rulebook. Event source plugins are available for receiving events (via a Kafka topic or webhook, for example). These plugins must be implemented using a Python asynchronous I/O (asyncio) library to enable concurrency in the code.
The rulebook definition specifies the source of the event (by defining the configuration of the event source plugin) and a rules section that specifies the condition(s) and actions. Typically, the action is an Ansible Playbook. Common playbook tasks open or update a ticket in the IT Service Management (ITSM) system, collect additional information from the system, trigger events, or invoke basic commands to remediate the issue.
Kafka publisher agent
The BlueAlly submission examines a security automation use case: Searching for a client machine in a cloud-managed network. To minimize the volume of data, the Kafka publisher logic includes a configurable control plane defining filter criteria for the device metadata before publishing to the Kafka Topic. This filtering logic addresses the problem of overwhelming the consumer with the sheer volume of data to analyze.
The control plane consists of a filter definition stored in a remote GitHub repository (example). The end-user, a Security Operations Center (SOC) analyst, can clone and commit changes to the filter definition using Git. The publishing agent uses the filter to limit the amount of data written to the streaming service.
Figure 1: Publisher Control Plane
The Python publishing agent is based on a prototype demonstrated at the Programmability and Automation Meetup Introduction to network telemetry using Apache Kafka in Confluent Cloud. This repository is on the Cisco DevNet Code Exchange.
Actionable intelligence
Event-Driven Ansible creates actionable intelligence for the SOC analyst by adding artifacts with the filtered information to a security incident in Splunk SOAR. The extensibility of Ansible Automation Platform is demonstrated through a playbook, rulebook and Ansible Content Collection (https://github.com/netcraftsmen/cfic) that listens for Kafka messages with Event-Driven Ansible, then invokes a playbook and module to update the SOAR ticket.
Wrap up
While commercial Application Performance Managers (APM) and log aggregation and analysis tools are commonly used to visualize and troubleshoot network and application performance, making metrics visible to all is increasingly important to stakeholders. BlueAlly believes that organizations should consider a greater emphasis on the value of network telemetry data by defining the role of the visibility architect. This position focuses on evolving network management to incorporate event streaming with a service-oriented approach.
With minimal software development effort and solutions like Event-Driven Ansible, organizations can minimize the volume of data to be analyzed by intelligent selection through a dynamic, user-configurable control plane.
For additional information on this or other BlueAlly solutions, reach out by email at contact@blueally.com or the contact page at www.blueally.com/contact.
About the author
Joel King began his career as a programmer, transitioned to network engineering, then wrote several design guides introducing QoS enabled IPsec encrypted Voice and Video to the industry and has two patents in this area. He developed reference architectures on big data and video surveillance storage. He is currently focused on infrastructure automation and programmable networks.
Browse by channel
Automation
The latest on IT automation for tech, teams, and environments
Artificial intelligence
Updates on the platforms that free customers to run AI workloads anywhere
Open hybrid cloud
Explore how we build a more flexible future with hybrid cloud
Security
The latest on how we reduce risks across environments and technologies
Edge computing
Updates on the platforms that simplify operations at the edge
Infrastructure
The latest on the world’s leading enterprise Linux platform
Applications
Inside our solutions to the toughest application challenges
Original shows
Entertaining stories from the makers and leaders in enterprise tech
Products
- Red Hat Enterprise Linux
- Red Hat OpenShift
- Red Hat Ansible Automation Platform
- Cloud services
- See all products
Tools
- Training and certification
- My account
- Customer support
- Developer resources
- Find a partner
- Red Hat Ecosystem Catalog
- Red Hat value calculator
- Documentation
Try, buy, & sell
Communicate
About Red Hat
We’re the world’s leading provider of enterprise open source solutions—including Linux, cloud, container, and Kubernetes. We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.
Select a language
Red Hat legal and privacy links
- About Red Hat
- Jobs
- Events
- Locations
- Contact Red Hat
- Red Hat Blog
- Diversity, equity, and inclusion
- Cool Stuff Store
- Red Hat Summit