Network Device Compliance Measurement Today, Remediation Tomorrow


Network device compliance is critical to ensuring security and stability of your network. Many vendors offer proprietary, targeted compliance solutions which only address a narrow slice of your total device footprint. Ansible Engine provides a single, flexible framework to automate almost any network device. When combined with Ansible Tower, a fully enterprise ready compliance solution becomes viable. Ansible Engine and Ansible Tower can used to construct an automated network compliance measurement framework to ensure DNS, proxy, firewall, VPN, load balancer and AAA servers meet corporate compliance standards. The automation framework lays the groundwork for future full scale remediation of network devices.

This type of approach heavily utilizes Ansible Engine's network device specific modules and command based modules. Ansible Network Engine and command parsers can be utilized to turn unstructured configuration data into Ansible native data structures. Ansible's simple extension capabilities allow for writing action plugins for reporting, extending module functionality and developing dynamic inventory modeled around external data sources. Ansible Tower ties all these capabilities together and provides full featured role based access control to network device compliance measurement runs.

Slides here



Walter Bentley, Red Hat


Marc Petrivelli, Red Hat