订阅内容

BlueAlly is a Red Hat Advanced Business Partner focusing on network and cloud automation using Red Hat Ansible Automation Platform. In May of 2023, the BlueAlly Consulting team was invited to the Cisco Federal Innovation Challenge (CFIC) hosted at the GSA Workplace Innovation Lab 1 in Washington, DC.

The goal of the CFIC is to bring together ideas to accelerate modernization across the federal and defense landscape. The focus is NetDevOps, IT modernization, telemetry and visualization.

The team's solution is an extensible architectural framework based on streaming services and Event-Driven Ansible.

Addressing challenges facing network managers

Network managers are often burdened with proving "it's not the network" when applications exhibit poor performance. Increasingly, DevOps principles are fostered in network operations. Among them is the practice that "metrics should be visible" to all stakeholders. 

While commercial software solutions are available to monitor application performance, processing and analyzing logs from routers, firewalls and servers is costly due to the sheer volume of data. We need to rethink our approach to data, particularly in relation to IT operations.

Given the severity of data overload and the need to adopt AIOps, organizations should consider investing in the role of a visibility architect to secure, manage and enable access to the organization's telemetry data.

Networks contain a wealth of information that is beneficial to stakeholders outside network operations. Network management at scale benefits by adopting a service-oriented architecture structural style consisting of small, highly extensible, independent components.

The visibility architect must consider how to design, develop and implement in-house remedies using open source solutions and custom code.

BlueAlly's contribution to the Cisco Federal Innovation Challenge (CFIC)

The BlueAlly Consulting solution highlights how Event-Driven Ansible integrates with an event streaming service (Kafka in Confluent Cloud), a bespoke Python Kafka publisher and a control plane configuration managed by GitHub.

BlueAlly customers are increasingly interested in scaling their network management practices by implementing event streaming services. Kafka is often the preferred choice, as it combines the aspects of a messaging system and a database. Telemetry events are accessible to a wide range of infrastructure management systems and offer the functionality of a replay log for forensic analysis.

Confluent Cloud is utilized as a simple yet robust Kafka implementation enabled in minutes via a web browser to facilitate a rapid prototype.

Event-Driven Ansible

Event-Driven Ansible enables automation scenarios in infrastructure domains, including network, infrastructure, DevOps, security and CloudOps. It is available in Ansible Automation Platform 2.4.

At the core of Event-Driven Ansible is a rulebook (example) enabling "if-this-then-that" operational logic to events triggering the rulebook. Event source plugins are available for receiving events (via a Kafka topic or webhook, for example). These plugins must be implemented using a Python asynchronous I/O (asyncio) library to enable concurrency in the code. 

The rulebook definition specifies the source of the event (by defining the configuration of the event source plugin) and a rules section that specifies the condition(s) and actions. Typically, the action is an Ansible Playbook. Common playbook tasks open or update a ticket in the IT Service Management (ITSM) system, collect additional information from the system, trigger events, or invoke basic commands to remediate the issue.

Kafka publisher agent

The BlueAlly submission examines a security automation use case: Searching for a client machine in a cloud-managed network. To minimize the volume of data, the Kafka publisher logic includes a configurable control plane defining filter criteria for the device metadata before publishing to the Kafka Topic. This filtering logic addresses the problem of overwhelming the consumer with the sheer volume of data to analyze.

The control plane consists of a filter definition stored in a remote GitHub repository (example). The end-user, a Security Operations Center (SOC) analyst, can clone and commit changes to the filter definition using Git. The publishing agent uses the filter to limit the amount of data written to the streaming service.   

Figure 1: Publisher Control Plane

Figure 1: Publisher Control Plane

The Python publishing agent is based on a prototype demonstrated at the Programmability and Automation Meetup Introduction to network telemetry using Apache Kafka in Confluent Cloud. This repository is on the Cisco DevNet Code Exchange.

Actionable intelligence

Event-Driven Ansible creates actionable intelligence for the SOC analyst by adding artifacts with the filtered information to a security incident in Splunk SOAR. The extensibility of Ansible Automation Platform is demonstrated through a playbook, rulebook and Ansible Content Collection (https://github.com/netcraftsmen/cfic) that listens for Kafka messages with Event-Driven Ansible, then invokes a playbook and module to update the SOAR ticket.

Wrap up

While commercial Application Performance Managers (APM) and log aggregation and analysis tools are commonly used to visualize and troubleshoot network and application performance, making metrics visible to all is increasingly important to stakeholders. BlueAlly believes that organizations should consider a greater emphasis on the value of network telemetry data by defining the role of the visibility architect. This position focuses on evolving network management to incorporate event streaming with a service-oriented approach. 

With minimal software development effort and solutions like Event-Driven Ansible, organizations can minimize the volume of data to be analyzed by intelligent selection through a dynamic, user-configurable control plane.

For additional information on this or other BlueAlly solutions, reach out by email at contact@blueally.com or the contact page at www.blueally.com/contact.


关于作者

Joel King began his career as a programmer, transitioned to network engineering, then wrote several design guides introducing QoS enabled IPsec encrypted Voice and Video to the industry and has two patents in this area. He developed reference architectures on big data and video surveillance storage. He is currently focused on infrastructure automation and programmable networks.

Read full bio
UI_Icon-Red_Hat-Close-A-Black-RGB

按频道浏览

automation icon

自动化

有关技术、团队和环境 IT 自动化的最新信息

AI icon

人工智能

平台更新使客户可以在任何地方运行人工智能工作负载

open hybrid cloud icon

开放混合云

了解我们如何利用混合云构建更灵活的未来

security icon

安全防护

有关我们如何跨环境和技术减少风险的最新信息

edge icon

边缘计算

简化边缘运维的平台更新

Infrastructure icon

基础架构

全球领先企业 Linux 平台的最新动态

application development icon

应用领域

我们针对最严峻的应用挑战的解决方案

Original series icon

原创节目

关于企业技术领域的创客和领导者们有趣的故事