Siemens, a global technology company, uses public key infrastructure (PKI) technology to secure communications internally and with third-party partners and Internet of Things (IoT) solutions. To simplify and better automate its PKI environment, Siemens worked closely with Red Hat Consulting to replace its legacy automation solution with Red Hat Ansible Automation. With expert support and training, Siemens’ PKI team is now using Ansible on Windows to automate manual management tasks and improve communications security across the business.
- Optimized Ansible for Windows-based security environment
- Improved IT efficiency by automating management tasks and adopting continuous integration and delivery (CI/CD) approach
- Enhanced in-house Ansible expertise with dedicated, expert consulting and training
Simplifying and scaling communications security
Siemens is a global technology company focusing on electrification—from power generation, transmission, and distribution to smart grid solutions and the efficient application of electrical energy—as well as the areas of medical imaging and laboratory diagnostics. The company is the 10th largest software company in the world and a leader in intelligent infrastructure and sustainable energy.
Digitalization is a key component of Siemens’ vision for the future. One of the tools that supports this vision is public key infrastructures (PKIs), a collection of processes and policies for creating, using, managing, and storing digital certificates and other secure communications components. PKI technology is used by all of Siemens 372,000 employees, as well as 100,000 users from the company’s business partners, to reliably protect access to sensitive information. For example, an email can be encrypted using a PKI and a user’s smart card, a physical authorization device.
The company is increasingly using PKIs to also secure Internet of Things (IoT) communications and now maintains two PKI environments for these different use cases. Additionally, communication between a greater variety of service teams is increasing. These changes have created additional complexity, particularly for configuration, increasing workloads for Siemens’ PKI team.
To support this growth in PKI use, Siemens sought a more robust automation solution that would help its teams accommodate demand while reducing configuration complexity.
“Siemens does not make money by operating computers. Our focus is selling trains, power plants, or computed tomography [CT] imaging technology,” said Rufus Buschart, Head of PKI at Siemens. “Central IT is under time and resource pressure to make the most of its investments.”
Optimizing automation with integrated, supported technology
Siemens chose to replace its legacy automation solution for its PKI environment with Red Hat Ansible Automation. This simple, agentless IT automation solution supports configuration management and other IT functions and automates repetitive tasks for complex deployments. Ansible also offers a userfriendly management interface that can integrate with other services for full visibility into IT automation.
Red Hat Consulting worked with Siemens’ PKI team during a 2-day discovery workshop to draft a strategic project plan for automating its secure, Windows-based environment. Over the following 100 days, Red Hat consultants worked on-site or remotely with the team to quickly implement Ansible Automation with a continuous integration and delivery (CI/CD) pipeline.
“We needed more automation, and for this Red Hat Ansible Automation was the perfect choice, but we were not experts in Ansible,” said Buschart. “We wanted Ansible up and running quickly, but the deployment needed to be correct. It’s important to maximize our IT investment, so we wanted as much detail as possible from Red Hat’s experts.”
Improving IT security with help from Ansible experts
Optimized Windows environment automation
Working with Red Hat Consulting helped Siemens optimize its new Ansible Automation deployment to work effectively in its Windows-based PKI environment. For example, Siemens worked closely with Red Hat consultants to learn how to use infrastructure-as-code and CI/CD practices to write and test playbooks, with all hardening measures now scripted in Ansible.
“Our environment is Windows-based, but Ansible comes from the Linux world,” said Buschart. “We had error messages, particularly around connecting to a server, and we wanted to replace basic usernames and passwords with strong authentication. Red Hat consultants made a big difference in reaching these goals.”
Improved management efficiency
Previously, Siemens’ PKI team spent hours manually checking for minor unwanted changes to the configuration of its Windows-based communications environment. With Red Hat Ansible Automation, supported by Red Hat Consulting, Siemens has automated these audits to improve configuration quality while reducing manual effort.
Additionally, developers can now use Ansible Playbooks to independently deploy and dismantle development environments as needed, as well as automatically deploy and test new PKI software versions before release.
“What we really like about Ansible is being able to check our playbooks into a version control system. We have the configuration of our environment stored in Git, which is very convenient,” said Buschart. “We don’t have to go on the server, just our Git repository, to check that the server looks as it should.”
As a result of these improvements, the company anticipates that its time to market will improve.
Enhanced in-house expertise
To make the most of its automation investment, Siemens worked closely with Red Hat to get hands-on experience and best practices guidance for operating and maintaining its new Ansible Automation technology.
“Our knowledge of Ansible had come from whitepapers and YouTube videos,” said Buschart. “They did not offer enough detail, so the in-person workshops were very important to our technicians gaining a thorough understanding of Ansible to deploy faster and better.”
Now, in the year since the initial deployment, Siemens’ PKI team can independently create its own playbooks, with Red Hat available to check technical details or troubleshoot if needed. “Whenever we need Red Hat, they are there,” said Buschart.
Evolving to Infrastructure-as-Code
In the near future, Siemens plans to work with Red Hat to begin explore using Jenkins, an open source, JavaTM-based automation server, to automate testing processes.
“We need to change our mindset. We’ll stop thinking of computers as boxes and more as just a place where software is running. We need a vision of infrastructure-as-code,” said Buschart. “The role of the typical administrator opening a console, connecting to a server, and starting to configure will disappear in the coming years. It’ll be replaced by someone creating scripts in Ansible that are checked in and implemented automatically. Instead of patching servers, we’ll spin up a new one with the updates and applications we need.”
Siemens AG (Berlin and Munich) is a global technology powerhouse that has stood for engineering excellence, innovation, quality, reliability, and internationality for more than 170 years. The company is active around the globe, focusing on the areas of electrification, automation, and digitalization. One of the largest producers of energy-efficient, resource-saving technologies, Siemens is a leading supplier of efficient power generation and power transmission solutions and a pioneer in infrastructure solutions as well as automation, drive, and software solutions for industry. With its publicly listed subsidiary Siemens Healthineers AG, the company is also a leading provider of medical imaging equipment – such as computed tomography and magnetic resonance imaging systems – and a leader in laboratory diagnostics as well as clinical IT. In fiscal 2018, which ended on September 30, 2018, Siemens generated revenue of €83.0 billion and net income of €6.1 billion.