Security Through Configuration Control at Scale - An Introduction to Ansible

The ability for companies and individuals to deploy infrastructure to cloud service providers has led to the rapid growth and visibility of numerous new products and services.

While the ease and speed of deployment allows companies to quickly respond to changes in the marketplace, it also presents challenges to ensure secure deployment, configuration, and management of the supporting infrastructure. While proper use of any configuration management tool can improve the reliability and security of a deployment, the relative steep learning curve, agent based host management, and potentially vulnerable communication methods of the major offerings present additional challenges to their secure implementation.

The agentless, Secure Shell (SSH) communication, Python and YAML Ain't Markup Language (YAML) based product Ansible, a relative newcomer to the field of configuration management, provides a capability that is easy to learn while providing secure and scalable implementation at scale.

This paper will identify the major differences between Ansible and other configuration management tools in order to identify possible implications to information security practitioners. Additionally, previously unidentified information security specific uses for Ansible will be identified and discussed as a driver for further research.