NASA: INCREASING CLOUD EFFICIENCY WITH ANSIBLE AND ANSIBLE TOWER & OTHER-SECURITY APPLICATION'S

What is Ansible?

Ansible is an open-source automation tool, or platform, used for IT tasks such as configuration management, application deployment, intra-service orchestration, and provisioning. Automation is crucial these days, with IT environments

Advantages of Ansible

• Free:?Ansible is an open-source tool.
• Very simple to set up and use:?No special coding skills are necessary to use Ansible’s playbooks (more on playbooks later).
• Powerful:?Ansible lets you model even highly complex IT workflows.?
• Flexible:?You can orchestrate the entire application environment no matter where it’s deployed. You can also customize it based on your needs.

• Agentless:?You don’t need to install any other software or firewall ports on the client systems you want to automate. You also don’t have to set up a separate management structure.
• Efficient: Because you don’t need to install any extra software, there’s more room for application resources on your server.

Ansible’s Features

1. Configuration Management

2. Application Deployment

3. Orchestration

4. Security and Compliance

5. Cloud Provisioning

NASA uses the Cloud-Provisioning features of Ansible

Ansible Architecture:

1. Modules

Modules are like small programs in Ansible

2. Plugins

As you probably already know from many other tools and platforms, plugins are extra pieces of code that augment functionality.

3. Inventories

All the machines you’re using with Ansible (the control machine plus nodes) are listed in a single simple file, along with their IP addresses, databases, servers, and so on

4. Playbooks

Ansible playbooks are like instruction manuals for tasks. They are simple files written in YAML, which stands for YAML Ain’t Markup Language, a human-readable data serialization language. Playbooks are really at the heart of what makes Ansible so popular is because they describe the tasks to be done quickly and without the need for the user to know or remember any particular syntax.?

5. APIs

Various APIs (application programming interfaces) are available so you can extend Ansible’s connection types

What is Ansible Tower?

Ansible Tower is Red Hat’s commercial web-based solution for managing Ansible. Its best-known feature is an easy-to-use UI (user interface) for managing configurations and deployments, which is a significant improvement over the original UI.

• Ansible Tower contains the essential features of Ansible, especially those that are easier to see in a graphical format rather than a text-based format. It is free for up to 10 nodes.

What is your business challenge?

(Configuration Management)

"NASA WESTPRIME’s initial focus

was to move roughly 65 applications from a traditional hardware based data center in a rapid time-line to a cloud-based environment.

The rapid time-line resulted in many applications being migrated ‘as-is’ to a cloud environment.

• This allowed for NASA to gain significant cost savings from the change in infrastructure but did not allow for immediate cloud optimization of the applications and sites. As a result of the rapid migration requirement we had an environment spanning multiple virtual private clouds (VPCs) and AWS accounts that could not be easily managed.
• This resulted in scenarios where even simple things, like ensuring every system administrator had access to every server, or simple patching, were extremely burdensome."

The solution was to leverage Ansible Tower to manage and schedule the cloud environment.

Hence, to solve the problems that NASA had with lack of centralized management and a diverse environment, they evaluated multiple solutions and decided on an implementation of Ansible Tower. NASA is now leveraging Ansible Tower to manage their environment in a very organized and scheduled way.

How NASA is using Ansible:

1. Ansible Tower provided with a dashboard which provided the status summary of all hosts and jobs which allowed NASA to group all contents and manage access permissions across different departments. It also helped to split up the organization by associating content and control permission for groups as well.
2. Ansible Tower is a web-based interface for managing Ansible. One of the top items in Ansible users’ wishlists was an easy-to-use UI for managing quick deployments and monitoring one’s configurations. Ansible management came up with Ansible Tower in response.
3. Further, Ansible divided the tasks among teams by assigning various roles. It managed the clean up of old job history, activity streams, data marked for deletion and system tracking info. Refer to the diagram below to understand how Ansible has simplified the work of NASA.

Ansible as a Solution !!!

SOLUTION is to Leverage Ansible Tower to manage and schedule the cloud environment

As a result of implementing Ansible Tower, NASA is better equipped to manage its AWS environment. Tower allowed NASA to provide better operations and security to its clients. It has also increased efficiency as a team. By the numbers:

• Updating nasa.gov went from over 1 hour to under 5 minutes
• Patching updates went from a multi-day process to 45 minutes
• Achieving near real-time RAM and disk monitoring (accomplished without agents)
• Provisioning OS Accounts across entire environment in under 10 minutes ?
• Baselining standard AMIs went from 1 hour of manual configuration to becoming an invisible and seamless background process
• Application stack set up from 1-2 hours to under 10 minutes per stack?

The National Aeronautics and Space Administration (NASA) is the agency of the United States government that is responsible for the nation’s civilian space program and for aeronautics and aerospace research.

“Ansible Tower has allowed us to provide better operations and security to our clients. It has also increased our efficiency as a team.”

INTEGRATION:

Security Automation with Ansible

Security and Compliance:?When you define your security policy in Ansible, scanning and remediation of site-wide security policy can be integrated into other automated processes. And it’ll be integral in everything that is deployed.

• ?It means that, you need to configure your security details once in your control machine and it will be embedded in all other nodes automatically. Moreover, all the credentials (admin users id’s & passwords) that are stored within Ansible are not retrievable in plain-text by any user.?

The right automation tool can help security teams to address new complexities and manage tasks at scale across the following practices:

• Response & Remediation
• Vulnerability Management
• Security Compliance

Security Automation with Red Hat Ansible Automation Platform:

• Standardize security tasks: streamlining the actions taken on a similar group of devices or technologies.
• Automate security processes: creating workflows which help support end-to-end security activities and to programmatically operate across the security tools with minimal manual intervention.
• Integrate the security and IT portfolios: providing a more consistent and stable way to interoperate a wide variety of security and IT technologies in place in an enterprise infrastructure, assigning roles and responsibilities to different groups as part of an integrated process.

Main things in the Security as a Concern:

• Intrusion?detection?systems (IDSs) and?intrusion?prevention?systems (IPSs) are among the most sophisticated network security devices in use today. They inspect network packets and block suspicious ones,?as well as?alert administrators about attack attempts

As a security analyst you know that anomalies can be the sign of a potential threat. You have to determine if this is a false positive, that can be simply dismissed or an actual threat which requires a series of remediation activities to be stopped. Thus you need to collect more data points - like from the firewall and the IDS.

• Going through the logs of the firewall and IDPS manually takes a lot of time. In large organizations, the security analyst might not even have the necessary access rights and needs to contact the teams that each are responsible for both the enterprise firewall and the IDPS, asking them to manually go through the respective logs and directly check for anomalies on their own and then reply with the results.
• This could imply a phone call, a ticket, long explanations, necessary exports or other actions consuming valuable time.

And therefore by the Critical Capabilities for Security Information and Event Management 2020

In the 2020 edition of the report, Based on this we will know the value of ogs in the threat detect and prevention purposes

Securonix has received the highest score in three out of five use cases:

1. Basic Security Monitoring,
2. Complex Security Monitoring, and
3. Advanced Threat Detection and
4. Response.

Along with this, Securonix has received the second highest score in Basic Searching and Reporting, and third highest in the Compliance and Control Monitoring use case.

We use the QRadar in Ansible for security use-case.

Splunk Enterprise Security?(ES)

• is a Security Information and Event Management (SIEM) solution that enables security professionals to identify, prioritize and manage security events as part of their investigation and response activities.
• Red Hat Ansible Automation Platform helps organizations better assess risks, remediate issues and develop compliance workflows through specialised?modules?to integrate and orchestrate security tasks and processes.
• These capabilities are designed to enable security analysts and operators to innovate, integrating their existing portfolio of security technologies through Red Hat Ansible Automation.

Security teams are suffering from staff shortages, an increase in the volume of alerts and threats, and the ever-present need to do more with less.

Existing tools, such as firewalls, endpoint protection platforms (EPPs), security information and event management (SIEM), secure web gateways (SWGs) and identity proofing services (IDPSs), have not been improving the breadth and depth of their APIs. This hinders security teams from getting their tools working in concert with each other to solve problems.

Threat intelligence (TI) has matured significantly and is now a front-and-center requirement to improve the context security practitioners need. It is also making many tools and processes smarter and more efficient."

Result is simple and eay to deploy and manage by the ansible tower for security configurations:

finally achieving secuirty automation

This is about the NASA and Security Automation by the ANSIBLE.