Architectural Guide: Self-Hosting the Ansible Automation Platform MCP Server with Managed Cloud Offerings
Overview
As organizations embrace Agentic AI, integrating Large Language Models (LLMs) and AI agents with enterprise IT automation becomes paramount. The Model Context Protocol (MCP) server for Red Hat Ansible Automation Platform (AAP) acts as an intelligent bridge, allowing AI agents (such as Claude, Cursor, and VS Code) to securely interact with and orchestrate your automation estate using natural language.
Many enterprises utilize managed cloud offerings for their automation infrastructure, such as Ansible Automation Platform Managed Service on AWS or the Ansible Automation Platform Managed Application on Microsoft Azure. This guide outlines how customers can bridge the gap by self-hosting the AAP MCP server to leverage Agentic AI alongside their cloud-managed AAP environments.
Current Architecture & Future Roadmap
Currently, the AAP MCP server components are not hosted natively as part of Red Hat’s cloud-managed offerings (AWS Managed Service and Azure Managed Application).
- The Vision: Red Hat is actively exploring how to bring a fully hosted, native MCP server capability into cloud-managed AAP offerings in the near future.
- The Interim Strategy: While native hosting is on the horizon, customers can completely unlock these AI-driven capabilities today by self-hosting the MCP server. A self-hosted MCP server can connect directly to the APIs of your managed AAP instance on AWS or Azure, acting as the secure gateway between your AI clients and cloud automation.
Why Self-Host? Security, Governance, and Control
Self-hosting the MCP server offers immediate deployment capabilities while granting your organization granular control over the AI-to-automation traffic. Key advantages include:
- Enterprise Governance: You manage the exact entry points, access logs, and network routing between external AI agents and your internal or cloud-based infrastructure.
- Dual-Layer Security Model: The AAP MCP server enforces strict authorization. It combines server-level configurations (such as choosing between a safe read-only mode for querying and a read-write mode for executing jobs) with user-level permissions inherited directly from AAP’s Role-Based Access Control (RBAC).
- Data Sovereignty: By keeping the MCP server within your managed perimeter, you control the data, credentials, and context passed back and forth to your LLMs.
Deployment and Architecture Options
When choosing how to self-host the AAP MCP server, customers have two primary deployment architectures depending on their scale and infrastructure preference:
Option 1: Red Hat MCP Gateway on Red Hat OpenShift (Recommended for Enterprise Scale)
For production environments requiring high availability, rigorous traffic control, and centralized management, customers can deploy using the recently announced Model Context Protocol gateway for Red Hat OpenShift (currently in Technology Preview via Red Hat Connectivity Link).
- How it Works: The MCP gateway sits between your AI agents and your self-hosted MCP servers. It provides a single, federated endpoint that simplifies tool discovery for your agents.
- Key Capabilities:
- Federation: Aggregates multiple specialized toolsets behind one unified view.
- Authentication & Authorization: Secures the gateway using enterprise standards like OAuth and JWT validation (e.g., via Keycloak).
- Horizontal Scaling: Uses a Redis-backed session store to spin up multi-replica deployments that match your AI workload demands.
- Traceability: When combined with Red Hat OpenShift AI, it logs LLM calls and tool executions for end-to-end auditability.
For more details, see the official announcement: This content is not included.Control your AI agent traffic at scale: Model Context Protocol gateway for Red Hat OpenShift
Option 2: Local and On-Premise Environments
For smaller footprints, developers, or proof-of-concept deployments, the MCP server can be hosted directly within local infrastructure or standard Red Hat Enterprise Linux (RHEL) environments.
- How it Works: You can pull the officially supported container images directly from the Red Hat Ecosystem Catalog—such as the AAP 2.6 MCP Tools image (mcp-tools-rhel9).
- Deployment Pathways:
- RHEL 9 or 10: Deploy using the AAP containerized installer. The server runs as a pod alongside local components and exposes a secure HTTPS port (8448) to bridge connection requests over to your AWS or Azure managed AAP APIs.
- Local Kubernetes/OpenShift Pods: Deploy via the AAP Operator to automate lifecycle management and automatically generate secure internal or external routes.
To pull the verified container image, visit the Red Hat Ecosystem Catalog: This content is not included.Ansible Automation Platform 2.6 MCP Tools on RHEL 9
Conclusion & Next Steps
Self-hosting the Ansible Automation Platform MCP server allows you to jumpstart your Agentic AI initiatives today without waiting for native cloud-managed hosting. By connecting a self-hosted server or an OpenShift-based MCP Gateway to your AAP managed service on AWS or Azure, you maintain full authority over security and compliance while enabling your teams to command enterprise automation through natural dialogue.
To learn more about configuring your specialized toolsets (Job management, Inventory management, System monitoring, etc.), review the guide on This content is not included.Introducing the MCP server for Red Hat Ansible Automation Platform and consult the official product documentation for step-by-step setup instructions.