Updated on May 2, 2017 by UpGuard
When it comes to software, certain key attributes serve as a litmus test for enterprise-readiness—quality and breadth of support, reporting and policy management capabilities, and scalability are common, among others. Three characteristics in particular are also increasingly important to enterprise automation solutions: the graphical user interface (GUI), integration capabilities, and security.
In this comparison we will look at popular CM/automation solutions Foreman and Ansible Tower and measure each respective tool’s strengths and weaknesses in the context of these three attributes.
Open source tool Foreman bills itself as a complete server lifecycle management solution, handling provisioning from bare metal to the OS and application stack. First making its appearance on the CM/automation scene 6 years ago, the tool is actively maintained by a core team and supported by a legion of community volunteers and contributors. Foreman—like leading automation platforms Puppet and Chef—is built with Ruby (Rails). In fact, the tool has long served as competent graphical management console for automation solutions lacking a GUI—including the two aforementioned. Of course, Puppet and Chef have since created their own visual management consoles, but many continue to leverage Foreman's integration with the two leading automation platforms, as well as other popular solutions—including Ansible.
Though automation tools like Puppet or Chef are controllable through the command line, the ability to visually select servers or server groups and appropriate actions streamlines otherwise unwieldy commands and processes. GUI-based management dashboards are intuitive and easy-to-use, thereby opening up automation responsibilities to a broader audience.
The Foreman UI. Image courtesy of theforeman.org.
Foreman's interface is competent but altogether lackluster; then again, one shouldn't expect high aesthetic value from a community-developed and supported tool. Instead, the GUI's main strength is its ability to pull together multiple different tools under the same visual interface for centralized management.
Foreman’s deep integrations with a wide variety of CM and automation tools is made possible through its Smart Proxy Architecture. At the most basic level, a REST API enables the hooking into and extending of various subsystems like Puppet, Chef, or SaltStack. Smart Proxy components reside on or near machines that perform specific functions and facilitate Foreman’s orchestration efforts. Smart Proxies support DHCP, DNS, TFTP, as well as connectivity to tools like Puppet and Chef out-of-the-box.
Foreman’s Smart Proxy Architecture. Image courtesy of theforeman.org
Again, Foreman is commonly used in conjunction with automation tools like Puppet or Chef. After setting up foundational components from bare metal, it hands the installation/configuration of software, users, and network interfaces to the automation tool of choice for further configuration.
As of this writing, 25 Foreman vulnerabilities have been documented per the CVE database—12 of which are of medium-to-high severity. For more information regarding these vulnerabilities, please see Foreman's own security advisory page.
Ansible was originally developed as a lightweight alternative to automation tools like Puppet and Chef; as such, it takes a few notable departures: it's written in Python (as opposed to Ruby), and employs an agentless SSH-based architecture. The GUI that ships with Ansible's enterprise offering started out as AnsibleWorks AWX, a graphical alternative to the tool's command line interface. It has since expanded to include a simplified dashboard, role-based access control, and a built-in REST API, among others.
Though Ansible Tower encapsulates the above features into a comprehensive enterprise offering, the barebones open source Ansible project is still available on GitHub as a free, public download.
Ansible Tower's UI is streamlined and intuitive; suffice to say, its road to enterprise-readiness has been fraught with shortcomings. Early versions were so bad that the CLI and GUI were often out of sync, presenting conflicting information regarding the state of a certain nodes. These days, however, the GUI is one of the best in its class.
The Ansible Tower interface. Source: Ansible.
The dashboard is especially nifty for getting a high-level summary of your infrastructure's state. Real-time node monitoring, displays of recent job activities, and a list of problematic nodes allow for quick health assessments at-a-glance.
Ansible Tower features a powerful REST API and CLI that makes for easy integration with tools like Jenkins or any others in your continuous integration/delivery pipeline.
Ansible Tower's browsable REST API. Source: Ansible.
Additionally, it works with AWS, Rackspace, OpenStack, Google Compute Engine, Azure & VMware clouds out-of-the-box.
As of this writing, 3 low-to-medium vulnerabilities have been documented per the CVE database. Ansible actively maintains a section on its website for security disclosures regarding its products, and interestingly enough—lists 10 documented vulnerabilites: 7 for Ansible, and 3 for Ansible Tower.
Though Foreman has reliably served as an all-purpose go-to-GUI for automation solutions over the years, commercial enterprise platforms such as Ansible Tower feature visual management consoles that are worthy contenders in their own right. And though Foreman is in fact a solution built for integration with tools like Puppet and Chef, Ansible Tower's REST API makes coupling the platform with other tools a trival affair. However, if cost is a concern, Foreman is still your best bet—as Ansible Tower can cost you a pretty penny. In either case, UpGuard integrates with the automation solution of your choice to validate that tasks have indeed been carried out as expected across disparate environments. Give our platform a free test-drive today.
Misconfigurations are an internal problem that emanate from within the IT infrastructure of any enterprise; no hacker is necessary for massive damage to occur to digital systems and stored data. And the problem is pervasive, with Gartner estimating anywhere from 70% to 99% of data breaches result not from external, concerted attacks, but from internal misconfiguration of the affected IT systems.