Network automation guide for Red Hat Ansible Automation Platform

It wasn’t long ago that an organization’s network was thought of as an always-on resource to provide connectivity for the rest of IT infrastructure and systems.

Although vital, the network was rarely viewed as a strategic investment as long as everything continued to run smoothly. Even as underlying technologies evolved, network management remained largely the same for decades. Networks are typically built, operated, and maintained by hand—but that’s all changing.

To remain relevant in a hybrid cloud world, organizations know they must modernize. Traditional, manual approaches to network configuration and updates are typically too slow and error-prone to effectively support the needs of rapidly shifting workload requirements, and create added pressure for the people responsible for network maintenance. Automation is an essential part of the transition away from manual configuration, but implementing it does not always increase simplicity, as there is often a plethora of automation tools in use, each with a singular management function.

This means that enterprises and communications service providers are investing heavily in network automation to make sure their networks can support the demands of modern digital infrastructure. It also means that modern networks need remediation more rapidly than can be manually applied, regardless of the size of an organization.

This guide provides network managers, architects, and operators with best practices for an operational framework that supports nextgeneration network operations, managing network Infrastructure as Code (IaC), and connecting teams across your IT organization, including network and cloud experts.

The absence of an organization-wide automation strategy has less to do with a lack of planning or vision, and is more the result of rapidly changing industry and global conditions. Many of these conditions are unavoidable, including:

• A need for digital experiences to get and stay connected to customers, suppliers, partners, and teams.
• The growing shift toward edge and internet of things (IoT) devices that require a managed and secure network.
• Requirement for greater network bandwidth to ensure uptime for artificial intelligence (AI) workloads.
• A rise in hybrid cloud applications.
• The importance of reliability, which is essential for the network and more.

In addition to shifting global and industry conditions, the structure and practices of network operations teams has simply not changed over a long period of time, exposing inefficiencies in many organizations, including:

• Network operations (NetOps) teams being specialized in isolated domains and platforms.
• Network vendors that often focus on individual product capabilities, rather than overall operational improvements.
• Disparate, cross-departmental teams that are not set up to collaborate effectively.
• Legacy, paper-based operational practices that are difficult to update and change.
• Reliance on network device command-line interfaces (CLIs), which are slow and impede automation.
• Existing monolithic, proprietary platforms that either lack automation capabilities or offer singular function and vendor-specific network automation.
• Organizational momentum, which makes it difficult to adapt to changing customer needs.

Together these factors have increased the importance of the IT networks, as well as scope, scale, and complexity. But in the race to meet these shifting conditions in recent years, many organizations and service providers have addressed each factor individually, on an as-needed basis, using narrowly focused management tools from a variety of network solutions vendors. This has resulted in islands of automation.

Setting an effective network automation strategy starts with a single platform. With a solid foundation for automation, you can unify within and across networking domains, and all the IT functions of your organization.

Benefits of a single automation platform

As hybrid cloud environments expand in purpose and complexity, it’s neither sustainable nor feasible to find a different solution for every automation challenge that arises. This is where the benefits of a single automation platform can move your organization beyond ad-hoc incremental efficiencies, and truly accelerate business outcomes across your organization.

A single automation platform can provide many benefits that multiple, disconnected tools cannot, which help you:

• Manage growing complexity. A single platform can help maintain consistency as you incorporate new technologies such as edge devices into your network environment, and mitigate configuration drift with automated configuration and maintenance.
• Enhance communication across teams. Bring teams together under a central view of automation with a single platform deployed across your organization. IT process integration, such as information technology service management (ITSM) solutions like ServiceNow, can help set up systems that define, manage, automate, and structure services, while providing an easily maintained “single source of truth.”
• Boost security and risk management. Give NetOps teams the ability to efficiently respond to dynamic needs for capacity, application security, load balancing, and multicloud integrations.
• Embrace a culture of automation. Break down barriers between teams and standalone automation tools and initiatives in your organization to adopt a culture of automation with a single platform as the foundation.
• Focus on network reliability. Gain consistent ways to change the network that help with governance and control—all at a time when the network is essential to hybrid cloud, remote workforces, and digital business.

No matter where your organization is in its automation journey, consolidating on a single platform can help open up possibilities. So, what should your organization automate? What does your NetOps team need to succeed? And where do you need to run your automation to be successful? Red Hat® Ansible® Automation Platform is a great place to start.

The key to successful automation is to deliver a consistent experience across your entire network, everywhere that automation is running. As networks expand and become more complex, you need a foundation for building and operating automation across your entire organization.

Ansible Automation Platform provides an enterprise framework for building and operating IT automation at scale, from hybrid cloud to the network to the edge. Ansible Automation Platform combines a universal automation language with management services and trusted, certified content for automating, deploying, and operating applications, infrastructure, and services—at enterprise scale, and with a strong security focus.

Red Hat Ansible Automation Platform provides:

• Ansible automation. A scalable implementation for describing, building, and managing many aspects of IT including a growing network, infrastructure, cloud, enterprise IT applications, security-focused needs, and edge devices, amongst others, across diverse enterprise architectures. For example, you can use a single platform to automate across multiple network domains and functions, such as the WAN, campus network, wireless, datacenter, and edge, in addition to integration with solutions such as firewalls, load balancers, ITSM solutions, and more.
• Enterprise grade capabilities. Including WebUI, application programming interface (API) access, ITSM integrations such as ServiceNow, role-based access control (RBAC), identity and access management integrations, audit and insights capabilities, and more. This is covered in more depth in chapter 6.
• Hybrid cloud-based services. Gain the flexibility to scale your business wherever it is. Whether on premise, within a regional footprint, across a global enterprise network, or to your farthest edge nodes, use Red Hat Ansible Automation Platform on Azure, Red Hat Ansible Automation Platform Service on AWS, or other cloud providers to automate the management of IT resources.
• Certified Content Collections. This automation content is certified by Red Hat and supported by Red Hat partners to help you start new automation projects more quickly for technologies across environments.

Look at automation differently

Automation is the ideal approach to free teams from routine tasks so that they can focus on highervalue network engineering needs. Automation can help alleviate pressure on network engineering teams, as it can handle updates and checks for network automation that are often done overnight.

Because networks are required to do more and connect virtually every aspect of your organization, it is important to look at automation in a new way. Consider how automation can unify your extended team, improve communication, and boost collaboration to help you:

• Provide a high level of service to users.
• Deliver resources to application development and IT operations teams on demand.
• Enforce adherence to configurations and standards for governance including GitOps single source of truth processes.
• Understand and manage inventory effectively.
• Maintain configuration standards across disparate network platforms.
• Build a more proactive and self-sufficient NetOps team.
• Rapidly and accurately implement patches when needed, across hundreds or thousands of devices.
• Build toward automation from ServiceNow tickets and toward event-driven automation.

Plan automation for today and tomorrow

Automation is the key to next-generation networking. Figure 1 can help you visualize how automation can help your network today and into the future.

Speak a unified language

Using a common, human readable language, Ansible Automation Platform makes everyday tasks repeatable and scalable using YAML-based playbooks and roles. Its flexible framework lets you choose where you begin to automate, so you can embrace incremental change by starting small and expanding over time.

Ansible Automation Platform workflows let you create simple, effective automation sequences using a visual user interface. The humanreadable language of YAML helps NetOps engineers to implement Ansible Automation Platform more easily and in less time.

Additional features such as Ansible Lightspeed with IBM watsonx Code Assistant, a generative AI service from Red Hat producing usable code, also help lower the barrier to entry to start writing automation content faster. Now available with full Ansible Playbook generation, it accelerates the adoption of automation across teams by empowering more automation content creators.

What is a Certified Content Collection? 

Red Hat Ansible Certified Content includes collections of modules, roles, plugins, playbooks, and documentation that are certified by Red Hat and supported by Red Hat and Red Hat’s partners. This trusted, precomposed content helps you jumpstart new automation projects so your organization can gain the benefits of automation more quickly.

Ready for reference architecture

The latest reference architecture is available to subscribers, to help you get the most value out of your automation. It incorporates key building blocks to optimize your Ansible Automation Platform environments, including:

• Centralized logging.
• Protecting installation inventory passwords using Ansible vault.
• Using a combination of GitOps practices (Configuration as Code capabilities) and Git webhooks to streamline and accelerate the consistent automation and delivery of configurations to multiple Ansible Automation Platform sites.

While every organization may be at a different stage in its network automation journey, the desire to manage the network more efficiently and effectively is common to all. As you assess where your organization is on its path to automated NetOps, it’s helpful to think of that journey as a spectrum.

At 1 end of the spectrum are traditional network operating systems (OSes) that often don’t have the ability to install software, so they cannot run an automation agent that may be required by some automation tools. At the other end is a fully automated NetOps design. No matter if you are just starting out or running fully automated NetOps, Red Hat Ansible Automation Platform can help.

One of the most powerful and unique features of Ansible Automation Platform is that it’s agentless, so you do not need to install an agent on any of the devices in your network. This feature makes Ansible Automation Platform ideally suited for network automation, and it is also extremely scalable to help you rapidly manage broad, global network implementations simultaneously.

Start small 

“Where to start” is a common question with IT automation. Red Hat suggests taking a “start small, think big” approach. The key to getting up and running with automation is to start with processes that are most repetitive and time-consuming to manage. 

Starting small with something like configuration backup and restore, dynamic documentation, and scoped configuration management can build confidence in using automation and serve as steps toward more complex projects.

Think big

After a few smaller victories with automation, you will be ready to think bigger, expanding automation across your organization. With greater confidence in automation you might tackle network compliance, operation state validation, or automated NetOps. In chapter 6, we take a closer look at these automation use cases to illustrate the start small, think big approach in action.

Your network ecosystem is varied and as it grows to include new technologies that need to be hosted and managed on your network, complexity can escalate quickly.

Tools that automate within an area help at the task level but can increase security vulnerabilities.

However, automation can help at a broader level across these domains to improve communication, collaboration, and make processes consistent and repeatable—boosting your security-focused processes. Red Hat Ansible Certified Content Collections can help jumpstart new automation projects across a range of vendors, while helping you to align to compliance needs.

Access Red Hat’s extensive ecosystem of trusted partners to help you:

• Manage multivendor network solutions with a single automation tool. • Set up and run IP address and identity management.
• Authenticate, authorize, and integrate with solutions including domain name service management.
• Manage application security risks and load balancing.
• Administer datacenter and campus networks.
• Control, update, and manage security risks on edge devices.

A diverse ecosystem of technology partners contribute to the Red Hat Ansible Certified Content Collections and Ansible validated content collections to help you to get up and running and manage your multivendor network environment with a single platform.

A single source of truth in IT service management

Creating a single source of truth makes sure you are operating based on standardized, relevant data across your organization. You can improve the value of your service chain using ServiceNow as the single source of truth for information about your IT assets, while using Ansible Automation Platform to programmatically open, close, and update service requests, incidents, problems, and change requests.

This helps you create faster, more efficient IT service management using the Red Hat Ansible Certified Content Collection for ServiceNow that integrates Ansible Automation Platform and ServiceNow solutions.

The combination of these solutions provides many benefits, including:

• Improved service delivery times for greater customer and stakeholder satisfaction.
• Improved time-to-resolution.
• Improved productivity across IT teams.

Using Red Hat Ansible Certified Content Collections, you can dramatically increase value from service chains, while enabling a “closed loop” process that automatically updates your ServiceNow workflows without manual intervention. This helps you to:

• Work across incidents, problems, and change requests to make remediations effective.
• Create playbooks to automate common service request actions, such as resetting a network router.
• Automatically establish a digital trail for audit purposes.
• Automate the retrieval of configurations, eliminating manual steps.
• Simplify with modules and plugins for managing incident tickets, interacting with problem tickets, handling change requests, and managing the configuration management database in ServiceNow.

Ansible validated content is designed for you to incorporate operational tasks across infrastructure, networking, cloud, security processes, and edge use cases.

As every network is configured differently, Ansible validated content covers a variety of needs, with content available for you to adapt and reuse as a reference in the future. Available validated content for network automation includes: backups and restore, inventory report, configuration of routing protocols, interfaces, Virtual Local Area Networks (VLANs), and Access Control Lists (ACLs).

With a Red Hat Ansible Automation Platform subscription, you also have access to the automation hub, where you can browse and download solutions and curate your preferred solutions into a private automation hub.

Network operators are in a challenging position as they expand capabilities on the path to next-generation networking.

The growing shift to hybrid cloud environments and the business opportunity of new applications, data-intensive computing, and new technologies such as AI, edge and IoT, and multicloud provide the perfect opportunity for automation across 3 key use cases as depicted in figure 4.

These use cases can be mapped to 3 broad stages of your automation journey. Let’s take a look at each individually to help you assess and implement automation across your network.

Use case 1: Network visibility

Network visibility is an important use case as your organization ramps up to full network automation because it involves read-only tasks, which do not affect production. Instead, the goal is to run operational tasks to get information from your network, generate dynamic documentation, and improve network visibility and performance.

Network engineers need inventory audits and reports as these are fundamental for operations. Key tasks include opening and tracking support cases with providers and identifying which devices (using serial numbers, models, and specific components) are compliant, which are vulnerable to security risks, and which components need to be replaced, as they might be deprecated or reaching end-of-support.

This also applies to software versions during updates and patches. Software upgrades are complex, and the initial step will always be to generate an inventory report to determine the current versions on each device.

Dynamic documentation is about gathering information from your network, converting it into a usual format or structured data, and then using that information to standardize and enforce best practices.

Structured data is much easier to work with and lets you plug your data into your choice of tools, including websites, reports, databases, or a solution such as Infoblox, so you can glean insights into network performance, devices running on the network, and other workloads.

Network compliance and drift is another critical area to address in the realm of network visibility. IT, including networks, receives increased attention from audits. All modern IT networks must have at least basic hardening and compliance with company policies. Definitions such as network segmentation, banners, disabling telnet, using password obfuscation, removing clear credentials, and managing access are some of the basic requirements for all network administrators.

Applying configuration policies and hardening configurations at scale—across standalone multivendor devices and those behind Software-Defined Network (SDN) controllers—make the end-to-end orchestration of all these configurations extremely challenging if using CLI manual configuration or even basic scripting. Without automation, scripts are difficult to share and maintain across the entire team of network engineers.

Use case 2: Configuration management

At this stage in the journey it’s important to ask, “How can we standardize and enforce configuration best practices in a platformagnostic way?”

Configuration management doesn’t need to be all or nothing. Many organizations struggle with automation because they make the success criteria too complex. As an example, automating and standardizing an entire switching configuration is much more complicated than concentrating efforts on quicker tasks such as ACLs, Simple Network Management Protocol (SNMP), VLANs, or other important configuration resources that are common across all network infrastructure.

The aim is to achieve configuration hygiene in a sustainable way. Incremental successes let team members quickly regain time while enhancing their automation skills. As team members build trust in each other and their automation abilities, the use cases can expand to include more network resources.

Red Hat Ansible Automation Platform simplifies getting started with automation. Teams can see how Ansible Automation Platform works and try features without broadly adopting automation.

With Ansible validated content, covering backup operations provides high value with minimal risk. At this stage you are not affecting production. You are automating readonly tasks that network operators would have to do regardless, using playbooks as illustrated in figure 6.

The 8 lines of code depicted in figure 6 can back up hundreds if not thousands of devices at the same time, saving network operators time without the need to learn a programming language such as Python or having to write, explain, and maintain their own custom scripts. 

Ansible Automation Platform takes this a step further. When 2 or more people are using the same automation jobs, these can be added to the Automation Controller in Ansible Automation Platform, allowing single-step IT and network management. This means automation can be put into action via a web user interface. The Automation Controller also has an API to initiate automation jobs in other tools such as ServiceNow.

Integrate with enterprise sources of truth

Another way to implement NetOps or IaC is using GitOps and other enterprise sources of truth, such as NetBox or Nautobot. This more prescriptive approach uses a single source of truth to consolidate network resources information, prevent drift, and trigger automations via Ansible Automation Platform when there are changes in the source of truth.

This approach helps simplify the adoption of automation, regardless of the skills of the operators across teams, and helps scale automation by centrally managing network resources. It also helps to improve risk posture.

Ansible Automation Platform offers strong support for a GitOps approach through native integration with GitHub and GitLab using webhooks. Included in a subscription are Ansible Content Collections, which provide certified and supported integration with common enterprise sources of truth, helping jumpstart your automation projects.

Apply Infrastructure as Code

Provisioning infrastructure has historically been a time-consuming and costly manual process. As infrastructure management has predominantly moved away from physical hardware in datacenters to virtualization, containers, and cloud computing, the number of infrastructure components has also grown. More applications are being released to production on a daily basis, which means infrastructure needs to be able to be spun up, scaled, and taken down more frequently.

IaC practices help organizations manage IT infrastructure needs while also improving consistency and reducing errors and manual configurations. With IaC, configuration files are created that contain your infrastructure specifications, which makes it easier to edit and distribute configurations. It also ensures that you provision the same environment every time. By codifying and documenting your configuration specifications, IaC aids configuration management and helps you to avoid undocumented, ad-hoc configuration changes.

Defining Policy as Code

It is also important to make sure that your IaC implementation is in compliance with your organization’s standards and policies. While the code may work, it will likely also need to conform to specific company naming conventions, labels, and security requirements—a process that can be time-consuming for network teams.

Policy as Code (PaC) can help make sure automation is running as expected. It can align technical environments, processes, and resources to agreed standards. Learn more about new capabilities and Red Hat’s vision at redhat.com/PaC.

Use case 3: Network operations

This use case focuses on the question, “how do we orchestrate our processes?”

In this example, we’re doing more than automating configurations or backing up a switch. The goal is to look at the operation state and run health check reports, meaning we want to look at show commands, put them into a structured data scheme as we did in figure 5, and work with that data to examine the operational state to check network connectivity and protocols and enhance operational workflows to help measure network intent.

Ansible Automation Platform workflows allow rollbacks, which help make configuration changes simpler. For example, if you made a configuration change such as changing a VLAN, then you checked connectivity across your network and realized it’s down, you can execute a rollback action and create another job template based on the previous template using the information about what worked and what didn’t.

Common use cases also include the automation of network OS upgrades, and the automation of troubleshooting workflows triggered via Event-Driven Ansible after receiving incidents from observability solutions and network monitoring systems.

Workflows combining the previous use cases, including health checks, backups, and network OS upgrades, can be used for a better lifecycle management of network devices, including provisioning, migration, and retirement use cases.

Event-driven automation can be used to go from an “event” that is identified by 1 or more solutions to automated actions that are based on these events.

At this advanced stage, you can employ automation in many ways. For example, if a network device ticket arrives indicating too much latency, a playbook can be automatically kicked off to collect configuration information from that device to help expedite resolution of that ticket.

Event-driven automation is the next step in advanced automation that offers significant benefits when simple, repeatable tasks are done. This can help you retain talent by eliminating mundane tasks, especially those that must be done outside of work hours. It also helps improve resilience by expediting resolution.

AIOps uses AI to enhance—or partially replace—a wide variety of IT operations tasks, helping organizations boost reliability, scalability, and agility in increasingly complex environments. Many of the tools in your network stack today probably already include built-in predictive AI features, but it’s up to you to use these capabilities effectively to unlock their full potential.

Ansible Automation Platform can help you operationalize AI immediately by orchestrating AI capabilities with systems and tools that span your infrastructure. By incorporating your existing AI solutions into these unified workflows, you can use Event-Driven Ansible to turn any kind of observability data into automated action.

You can automatically gather data from your observability tools, which increasingly have AI technologies in place for events and incident management. Event-Driven Ansible will pick up specific events, identify the rules to follow, and trigger the required workflow with the automated resolution. For example, if an observability platform identifies a memory leak in an application, Event-Driven Ansible can trigger the process to patch the application, preventing possible downtime. This data can be incorporated into a full-cycle loop and produce logs to train AI for future incidents.

Edge computing has extended hybrid cloud infrastructure for many organizations, connecting data from remote sources back to the datacenter to support business decisions.

As an organization expands, devices are added, and data volumes grow, automation at the edge can simplify the complexity of the fleet of edge devices and help organizations gain measurable benefits.

Red Hat Ansible Automation can help your organization:

• Focus on security and efficiency. Run updates, patches, and required maintenance automatically without, in some cases, the need to send a technician to the site.
• Increase scalability. Apply configurations consistently across your infrastructure and scale edge devices more efficiently.
• Boost agility. Adapt to changing customer demands using edge resources only as needed.
• Reduce downtime and complexity. Simplify network management across multivendor and multipurpose devices, reduce network failure, and boost your bottom line.
• Improve efficiency. Increase performance and reduce human error with automated analysis, monitoring, and alerting.

As your organization progresses through automation maturity, you may be interested in automating certain tasks without human intervention. For example, perhaps you want to reset a network switch without user intervention, or you want to gather facts about that switch to aid in issue resolution. Automation helps improve response times, security, and control over the infrastructure that supports data generation at the edge of the network. Across every industry, edge and automation can place a business at the epicenter of opportunity to help produce tangible business results.

Both Red Hat Consulting and Red Hat Training and Certification offer a range of services to help get you started with network automation and advance along your network automation journey.

Red Hat Consulting can help you:

• Design architectures.
• Optimize processes and workflows before automating them for the best automation experiences.
• Create automation content designed for your automation use cases.
• Establish communities of practice (CoPs) for automation.
• Determine what to automate next, from network functions to use cases such as cloud or edge automation.

Red Hat Training and Certification can help you:

• Build and develop automation skills and knowledge across IT teams.
• Boost productivity, consistency, and efficiency.
• Test and validate your skills with Ansible Automation Platform through certification.

Learn more about how Red Hat Consulting can help you advance along your automation journey, and get started with training by exploring Red Hat’s automation skills path for network administrators.

Build an automation-first mindset

Successful end-to-end automation is not just a technology change, but also a change in mindset across your organization, which can take time and careful planning. Consider the following tips to move your organization’s mindset toward automation:

• Identify a champion or executives to talk about the value of automation, including staying competitive and innovating quickly.
• Share results and successes as a way to build trust and legitimacy.
• Highlight and reuse trusted content to save time.
• Find the best teams for automation opportunities and work with them to create content and implement automation.
• Show, rather than tell, by offering demonstrations and use cases teams can relate to.
• Once the CoP has momentum, develop standards boards and policies.

With new technology, sometimes it’s hard to know where to start. If you are ready to begin your automation journey, this resource hub can help you build skills, extend automation strategically to new use cases, and share best practices across your organization.

Then you can extend the power of Red Hat Ansible Automation Platform to your entire network by starting a trial or exploring our network automation self-paced labs.