SaltStack vs Ansible Revisited

Last updated by UpGuard on April 25, 2018

It's been a while since we last covered these two leading IT automation solutions—suffice to say, both SaltStack and Ansible have evolved significantly since then. Let's take a fresh look at how they compare when it comes to enterprise-grade IT automation and orchestration.

Today's enterprise IT infrastructures are comprised of a complex mix of disparate systems: cloud servers, virtual machines, in-house IT assets, legacy platforms, and more. Managing this complexity via manual efforts is virtually impossible, especially given the high rate of configuration change in the average enterprise environment. This is where IT automation and configuration management (CM) solutions like SaltStack and Ansible come into play.   

Get a demo of cyber risk

At the most basic level, IT automation/CM tools alleviate developers and admins from having to write and manage custom scripts for tasks like standing up servers and pushing out software updates. Unsurprisingly, much of this tooling originated from developers/admins addressing their own day-to-day pain points. The leading DevOps tools have followed a similar trajectory over years, usually starting out as popular open source tools and gradually making their way into the enterprise with visual management consoles (versus CLI-only management), advanced reporting features, third party integrations, and more. This is true of the "big four" IT automation platforms, including SaltStack and Ansible.   


Created by Thomas Hatch in 2011, Salt—now known as SaltStack—is a modular, Python-based CM tool designed for high-speed data collection/execution. The tool has gained considerable traction in the enterprise for its performance benefits over competing solutions, including Ansible.


The SaltStack Enterprise UI. Source:

SaltStack's speed and performance benefits are made possible by its lightweight ZeroMQ messaging library: a concurrency framework for establishing persistent TCP connections between the server and agents (i.e., Salt master and minions). The platform is available as an open source project or enterprise commercial offering known as SaltStack Enterprise. 


Ansible was developed in 2012 by Michael DeHaan in response to leading IT automation/CM tools' shortcomings, including a dependence on agents and overwhelming focus on the Ruby language; the open source Ansible solution is both agentless and, like SaltStack, based on Python.  

ansible.pngThe Ansible Tower UI. Source:

Ansible Tower is the enterprise version that includes a streamlined visual management dashboard, REST API, role-based access control, job scheduling, graphical inventory management, and more. The company was acquired by Red Hat back in October 2015 and is now known as Ansible by Red Hat.  


Side-by-Side Scoring: SaltStack vs. Ansible

1. Capability Set

As open source projects freely available to the general public, SaltStack and Ansible—despite being highly capable IT automation/CM offerings—lack features and refinements that make them enterprise-ready. For these purposes, SaltStack Enterprise and Ansible Tower are available, at a cost.

SaltStack score_570.png
Ansible score_570.png

2. Usability / Learning Curve

Ansible's simplicity and easy-to-follow documentation give it a leg-up over SaltStack in this category; in fact, it's widely regarded as the easiest to use IT automation/CM platform on the market. SaltStack also provides ample documentation for getting up to speed, and it should: the platform poses a significant learning curve to new users, even seasoned DevOps professionals.   

SaltStack score_570.png
Ansible score_570.png

3. Community Support

Both of these IT automation/CM platforms are darlings of the open source community, each boasting a legion of supporters. SaltStack's open source project is currently one of the biggest and most active on GitHub, while Ansible has maintainted its popularity amongst the community, even after being acquired by Red Hat. In October 2016, Red Hat also open sourced its Ansible Galaxy code repository, furthering its committment to the Ansible-focused open source community. 

SaltStack score_4.png
Ansible score_570.png

4. Release Rate

Both platforms have seen regular releases over the years—open source SaltStack follows a date-based system for version numbers (i.e., YYYY.MM.R, R being the bugfix release number increments within that feature release) and is currently on version 2016.11.2, while its Enterprise offering is on version 5. Open source Ansible is currently at version 2.2.1; its enterprise Tower offering is on version 3.

SaltStack score_570.png
Ansible score_570.png

5. Pricing and Support

Both SaltStack and Ansible are available for free as open source downloads, but more advanced enterprise features will cost you. Ansible Tower starts at $5,000/year without support; subsequent tiers run up to $14,000/year and include 8x5 or 24/7 support. 

Expect a similar enterprise pricing structure with SaltStack Enterprise, though specifics are not available via the company's website. It does note, however, that the Enterprise offering is subscription license priced by managed node and level of support.

SaltStack score_4.png


6. API and Extensibility

One of Ansible Tower's key features is its well-documented REST API; open source users are relegated to the more basic Python API. Similarly, SaltStack offers a Python client API as well as a limited "no-frills" REST API.

SaltStack score_570.png
Ansible score_570.png

7. 3rd Party Integrations

Both offerings feature an impressive library of integrations. For example, SaltStack offers streamlined interoperability with leading cloud providers such as AWS, Microsoft Azure, Linode, and Digital Ocean, as well as software tools/technologies like Nagios, Docker, and Jenkins, to name a few. Not to be outdone, Ansible also integrates with a myriad of third party offerings, from virtualization tools like VMware and Vagrant to DevOps solutions such as GitHub and TeamCity.

SaltStack score_570.png
Ansible score_5.png

8. Companies that Use It

Both SaltStack and Ansible have a solid footing in the CM/IT automation space: some of SaltStack's customers include LinkedIn, Comcast, Rackspace, and NASA, to name a few, while Ansible claims Atlassian, Cisco, EA Sports, Allegiant, NASA, and Verizon as some of its marquee customers.

SaltStack score_570.png
Ansible score_570.png

9. Control Capabilities

Both SaltStack and Ansible are battle-tested, powerful IT automation/CM platforms, trusted by the world's largest enterprises for rolling out system changes en masse. As mentioned previously, SaltStack Enterprise's ZeroMQ messaging data bus gives it significant speed advantages, while Ansible's lightweight, agentless architecture make it more lightweight and easier to manage.

SaltStack score_5.png
Ansible score_5.png


SaltStack's 836 CSTAR scorewhile good, falls short of ideal due to a handful of security flaws, namely lack of HTTP strict transport security and missing DMARC/DNSSEC. Similarly, Ansible's 828 CSTAR score is good, but nonetheless flawed as a result of flaws like missing sitewide SSL, disabled HTTP strict transport security, and lack of DMARC/DNSSEC.


Screen Shot 2017-02-15 at 10.55.35 PM.png


Screen Shot 2017-02-15 at 10.57.24 PM.png

Scoreboard and Summary

  SaltStack Ansible
Capability Set score_570.png score_570.png
Usability / Learning Curve score_570.png score_570.png
Community Support score_570.png score_570.png
Release Rate score_570.png score_570.png
Pricing and Support score_570.png score_570.png
API and Extensibility score_570.png score_570.png
3rd Party Integrations score_570.png score_570.png
Companies that Use It score_570.png score_570.png
Control Capabilities score_570.png score_570.png

Screen Shot 2017-02-15 at 10.55.35 PM.png

Screen Shot 2017-02-15 at 10.57.24 PM.png

Total  4.3 out of 5 4.6 out of 5

SaltStack and Ansible have come a long ways since their humble beginnings as open source DevOps tools—even today, the two offerings can't be beat for their powerful low/no-cost IT automation and CM capabilities. And enterprises can't go wrong with either Ansible Tower or SaltStack Enterprise, though for speed and performance, users may want to opt for the latter. In contrast, Ansible Tower is better suited for organizations looking for a lightweight, agentless automation solution that's easy to get up to speed with and manage.

Free eBooks on DevOps and Security

More Articles

Datadog vs. New Relic

Monitoring tools have come a long way since the early days of Big Brother. Today's solutions have evolved into powerful software troubleshooting and performance analytics platforms capable of deconstructing and analyzing the entire application stack—infrastructure up—for bugs and issues.



Cisco vs. FireEye for Continuous Security

Who provides better continuous security: the world's largest maker of networking equipment or the first cybersecurity firm certified by the U.S. Department of Homeland Security?

Read Article >

AlienVault vs. Tenable for Continuous Security

As perimeter-based cyber protection falls to the wayside, a new breed of continuous security solutions are emerging that combine traditional endpoint protection with newer technologies like security information and event management (SIEM) and crowdsourced threat intelligence.

Read Article