Harden the platform security posture
Harden the security posture of your Ansible Automation Platform deployment on Red Hat Enterprise Linux. Applying these guidelines during the planning, architecture, and installation phases helps ensure your automation components remain protected.
Plan your topology and networking configuration Install Ansible Automation Platform using a tested deployment model. Choose between an enterprise reference architecture for high performance and scalability or a growth architecture for resource-constrained environments.
Manage platform credentials Red Hat Ansible Automation Platform uses credentials to authenticate requests to jobs against machines, synchronize with inventory sources, and import project content from a version control system.
Understand how Ansible Automation Platform manages secrets Ansible Automation Platform uses several secrets (passwords, keys, and so on) operationally. These secrets are stored unencrypted on the various Ansible Automation Platform servers, as each component service must read them at startup.
Best practices for securing user accounts When planning user authentication for Ansible Automation Platform, consider both infrastructure-level and application-level authentication requirements.
Best practices for setting up secure logging Visibility and analytics are important pillars of Enterprise Security and Zero Trust architectures. Logging is key to capturing actions and auditing.
Apply the NIST Cybersecurity Framework Ansible Automation Platform should be used to fulfill security policy requirements by applying the NIST Cybersecurity Framework for common use cases, such as:
Secure your Red Hat Enterprise Linux hosts The security of Ansible Automation Platform relies in part on the configuration of the underlying Red Hat Enterprise Linux servers.
Installation settings to secure your platform Installation decisions directly impact the security posture of Ansible Automation Platform. The process involves setting several variables critical to infrastructure hardening. Before installing, review the installation guidance to ensure your configuration meets security standards.
Ensure compliance with host-level security controls You can use Ansible Automation Platform to manage systems where security controls have been applied to managed RHEL nodes to meet the requirements of a compliance profile such as CIS, PCI/DSS, the DISA STIG, or similar.
Recommended security practices for access controls Granting access to certain parts of the system exposes security vulnerabilities. Apply the following practices to help secure access:
RBAC security considerations for day two operations Day 2 Operations include Cluster Health and Scaling Checks, including Host, Project, and environment level Sustainment. You must continually analyze configuration and security drift.
Disaster recovery and operational continuity Regularly back up Red Hat Ansible Automation Platform to ensure effective disaster recovery.
Integrate with HashiCorp to secure sensitive data You can integrate HashiCorp Vault with Ansible Automation Platform to manage and retrieve sensitive data.
Improve the security of nodes managed by Ansible Automation Platform Ansible Automation Platform is an agentless technology that relies on making a remote connection to the devices it manages, called managed nodes, to run automation tasks.
Automate nodes that comply with security profiles Edit specific security controls on your compliance-hardened RHEL nodes so Ansible Automation Platform can manage them properly. This helps ensure smooth automation in environments governed by strict profiles like CIS, PCI/DSS, or DISA STIG.