BlueAlly is a Red Hat Advanced Business Partner focusing on network and cloud automation using Red Hat Ansible Automation Platform. In May of 2023, the BlueAlly Consulting team was invited to the Cisco Federal Innovation Challenge (CFIC) hosted at the GSA Workplace Innovation Lab 1 in Washington, DC.
The goal of the CFIC is to bring together ideas to accelerate modernization across the federal and defense landscape. The focus is NetDevOps, IT modernization, telemetry and visualization.
The team's solution is an extensible architectural framework based on streaming services and Event-Driven Ansible.
Addressing challenges facing network managers
Network managers are often burdened with proving "it's not the network" when applications exhibit poor performance. Increasingly, DevOps principles are fostered in network operations. Among them is the practice that "metrics should be visible" to all stakeholders.
While commercial software solutions are available to monitor application performance, processing and analyzing logs from routers, firewalls and servers is costly due to the sheer volume of data. We need to rethink our approach to data, particularly in relation to IT operations.
Given the severity of data overload and the need to adopt AIOps, organizations should consider investing in the role of a visibility architect to secure, manage and enable access to the organization's telemetry data.
Networks contain a wealth of information that is beneficial to stakeholders outside network operations. Network management at scale benefits by adopting a service-oriented architecture structural style consisting of small, highly extensible, independent components.
The visibility architect must consider how to design, develop and implement in-house remedies using open source solutions and custom code.
BlueAlly's contribution to the Cisco Federal Innovation Challenge (CFIC)
The BlueAlly Consulting solution highlights how Event-Driven Ansible integrates with an event streaming service (Kafka in Confluent Cloud), a bespoke Python Kafka publisher and a control plane configuration managed by GitHub.
BlueAlly customers are increasingly interested in scaling their network management practices by implementing event streaming services. Kafka is often the preferred choice, as it combines the aspects of a messaging system and a database. Telemetry events are accessible to a wide range of infrastructure management systems and offer the functionality of a replay log for forensic analysis.
Confluent Cloud is utilized as a simple yet robust Kafka implementation enabled in minutes via a web browser to facilitate a rapid prototype.
Event-Driven Ansible
Event-Driven Ansible enables automation scenarios in infrastructure domains, including network, infrastructure, DevOps, security and CloudOps. It is available in Ansible Automation Platform 2.4.
At the core of Event-Driven Ansible is a rulebook (example) enabling "if-this-then-that" operational logic to events triggering the rulebook. Event source plugins are available for receiving events (via a Kafka topic or webhook, for example). These plugins must be implemented using a Python asynchronous I/O (asyncio) library to enable concurrency in the code.
The rulebook definition specifies the source of the event (by defining the configuration of the event source plugin) and a rules section that specifies the condition(s) and actions. Typically, the action is an Ansible Playbook. Common playbook tasks open or update a ticket in the IT Service Management (ITSM) system, collect additional information from the system, trigger events, or invoke basic commands to remediate the issue.
Kafka publisher agent
The BlueAlly submission examines a security automation use case: Searching for a client machine in a cloud-managed network. To minimize the volume of data, the Kafka publisher logic includes a configurable control plane defining filter criteria for the device metadata before publishing to the Kafka Topic. This filtering logic addresses the problem of overwhelming the consumer with the sheer volume of data to analyze.
The control plane consists of a filter definition stored in a remote GitHub repository (example). The end-user, a Security Operations Center (SOC) analyst, can clone and commit changes to the filter definition using Git. The publishing agent uses the filter to limit the amount of data written to the streaming service.
Figure 1: Publisher Control Plane
The Python publishing agent is based on a prototype demonstrated at the Programmability and Automation Meetup Introduction to network telemetry using Apache Kafka in Confluent Cloud. This repository is on the Cisco DevNet Code Exchange.
Actionable intelligence
Event-Driven Ansible creates actionable intelligence for the SOC analyst by adding artifacts with the filtered information to a security incident in Splunk SOAR. The extensibility of Ansible Automation Platform is demonstrated through a playbook, rulebook and Ansible Content Collection (https://github.com/netcraftsmen/cfic) that listens for Kafka messages with Event-Driven Ansible, then invokes a playbook and module to update the SOAR ticket.
Wrap up
While commercial Application Performance Managers (APM) and log aggregation and analysis tools are commonly used to visualize and troubleshoot network and application performance, making metrics visible to all is increasingly important to stakeholders. BlueAlly believes that organizations should consider a greater emphasis on the value of network telemetry data by defining the role of the visibility architect. This position focuses on evolving network management to incorporate event streaming with a service-oriented approach.
With minimal software development effort and solutions like Event-Driven Ansible, organizations can minimize the volume of data to be analyzed by intelligent selection through a dynamic, user-configurable control plane.
For additional information on this or other BlueAlly solutions, reach out by email at contact@blueally.com or the contact page at www.blueally.com/contact.
저자 소개
Joel King began his career as a programmer, transitioned to network engineering, then wrote several design guides introducing QoS enabled IPsec encrypted Voice and Video to the industry and has two patents in this area. He developed reference architectures on big data and video surveillance storage. He is currently focused on infrastructure automation and programmable networks.
채널별 검색
오토메이션
기술, 팀, 인프라를 위한 IT 자동화 최신 동향
인공지능
고객이 어디서나 AI 워크로드를 실행할 수 있도록 지원하는 플랫폼 업데이트
오픈 하이브리드 클라우드
하이브리드 클라우드로 더욱 유연한 미래를 구축하는 방법을 알아보세요
보안
환경과 기술 전반에 걸쳐 리스크를 감소하는 방법에 대한 최신 정보
엣지 컴퓨팅
엣지에서의 운영을 단순화하는 플랫폼 업데이트
인프라
세계적으로 인정받은 기업용 Linux 플랫폼에 대한 최신 정보
애플리케이션
복잡한 애플리케이션에 대한 솔루션 더 보기
오리지널 쇼
엔터프라이즈 기술 분야의 제작자와 리더가 전하는 흥미로운 스토리
제품
- Red Hat Enterprise Linux
- Red Hat OpenShift Enterprise
- Red Hat Ansible Automation Platform
- 클라우드 서비스
- 모든 제품 보기
툴
체험, 구매 & 영업
커뮤니케이션
Red Hat 소개
Red Hat은 Linux, 클라우드, 컨테이너, 쿠버네티스 등을 포함한 글로벌 엔터프라이즈 오픈소스 솔루션 공급업체입니다. Red Hat은 코어 데이터센터에서 네트워크 엣지에 이르기까지 다양한 플랫폼과 환경에서 기업의 업무 편의성을 높여 주는 강화된 기능의 솔루션을 제공합니다.