Red Hat Ansible Automation Platform on Microsoft Azure - Network Access - blog #1

Thank you to Hicham Mourad and Scott Harwell for co-authoring this blog.

Introduction

In this blog series we will discuss the deployment of Red Hat Ansible Automation Platform on Microsoft Azure, specifically focusing on the deployment access types and what that means for accessing Red Hat Ansible Automation Platform on Azure after deployment completion.

Deployment Access Types

First let’s start by discussing the different deployment access types.

During deployment, Red Hat Ansible Automation Platform on Azure will present an option called “Access” that determines how you will access the user interfaces.

Access Selection at Deploy Time

Public Access Architecture Diagram

Private Access Architecture Diagram

Note: Regardless of the deployment model for UI access, network peering is required for Red Hat Ansible Automation Platform on Azure to access resources that reside on private networks on Azure networks, or where transit routing between Azure and your on-premises network(s) exists. Red Hat Ansible Automation Platform on Azure requires peering for outbound communication to perform automations against devices on your Azure network(s) and connected on-prem or multi-cloud networks.

With the knowledge of the deployment access types, let’s dive into how to deploy Red Ansible Automation Platform on Azure.

Deploying Red Hat Ansible Automation Platform on Azure

We’ll start by walking through the deployment steps of Red Hat Ansible Automation Platform on Microsoft  on Azure.

Start by navigating to the Azure Marketplace, and selecting the “Private Products” menu option.  Select the catalog item titled “Red Hat Ansible Automation Platform on Azure”

Once you select the catalog tile, you have two screens to complete, and then the deployment will begin. The first screen is a form for input about how Red Hat Ansible Automation Platform on Azure will install into your Azure subscription.  

You need to either create a resource group, or provide one that’s already available.  This is the resource group where the managed application object of your deployment will reside.   

The region field is required and indicates what region the deployment will install to.  

The administrator password is also provided here, and will be the password for the “admin” user of both the automation controller and the private automation hub user interfaces.  

The deployment will create a “Managed Resource Group” that the publisher of Red Hat Ansible Automation Platform  on Azure - in this case Red Hat - has access to in order to perform any management and support tasks against the deployment. The name of the managed resource group is autogenerated, but you do have the ability to change this if needed.

The “Access” field indicates how the UI interfaces and APIs for automation controller and private automation hub will be accessible after deployment. The “Access” field has two options, “Public” and “Private”.

Public indicates that the UI interfaces and APIs for automation controller and private automation hub are accessible via the public internet. These endpoints are protected with Azure Application Gateway and Web Application Firewall. This option is useful for organizations that do not want to configure network peering or want a more turn-key deployment model.

Private indicates that the UI interfaces and APIs for automation controller and private automation hub are only accessible via Azure private networks through network peering. This isolates Red Hat Ansible Automation Platform on Azure from public internet access.

Different organizations choose the access type that works best for them based on their organizational networking policies and Azure networking acumen.

Once the deployment is complete, access information will be available in the managed application record that has been created for the deployment. Navigate to the “Outputs and Parameters” option in the “Settings” section to see the URLs for both automation controller and the private automation hub.

If you’ve selected “Public” for your access method, simply visit the URL to access the corresponding UI.

Log in using “admin” and the administrator password you provided earlier and you're good to go. You may then configure users from within the platform or configure SSO with Azure AD or other identity providers (IDP) .

So.. that was easy! But what if you chose “Private” access? If so, then there are further steps to complete to access the UIs for automation controller and private automation hub.   

In a subsequent blog post we will review how to access the UIs for Red Hat Ansible Automation Platform  on Azure if you select “Private” access. If you do, you have a few options to leverage to access the UIs.

• An Azure hosted virtual machine (VM)
• Azure VPN or Direct Connect
• SSH Tunnel

What can I do next?

Here are a few resources to get started: 

• To learn more about Red Hat Ansible Automation Platform on Azure, visit the following site. 
• Try a hands-on self-paced lab of Red Hat Ansible Automation Platform on Azure.
• Visit other hands-on self-paced lab(s) on Red Hat Ansible Automation Platform.
• Check out the Red Hat Ansible Automation Platform on Azure documentation.
• Would you like to receive updates on Red Hat Ansible Automation Platform on Azure? Sign up here.

Acknowledgements