In our earlier weblog, “Streamline Operations with Cisco Meraki and Purple Hat Ansible Automation,” we launched the highly effective integration between Cisco Meraki’s cloud-managed networking and Purple Hat Ansible Automation Platform for enhancing IT operations through automation at scale. Now that Ansible Automation Platform is out there from Cisco, we’re diving deeper to discover how this mixture delivers tangible advantages for frequent Meraki use circumstances.
Cisco Meraki presents a strong cloud-managed answer for centralized administration of campus and department community infrastructure.
For companies with quite a few department areas , managing IT manually could be a recipe for human errors and inefficiency on account of inconsistencies, normally intentional, that may create drifts and add complexity into the community operation. That is the place automation turns into the one approach to drive consistency and improve operational governance.
Purple Hat Ansible Automation Platform serves as a robust basis for constructing and working automation providers at scale, offering all the mandatory instruments for end-to-end automation workflows throughout community infrastructure and edge gadgets, together with audit capabilities and a centralized approach to handle and doc automation content material. The Licensed and Validated Ansible content material collections for Cisco Meraki assist customers begin automating and quickly substitute, provision and preserve new community gear as outdated gear nears its final day of service (LDOS). This included use circumstances akin to department provisioning, configuration administration, well being checks, and operational actions in a constant means.
By automating these deployment and administration use circumstances, customers can see a rise in agility, consistency, scalability, and improved visibility and management throughout your Cisco Meraki organizations and networks.
The Energy of Cisco Meraki and Automation at Scale
The Cisco Meraki Dashboard is a robust answer for managing all your Meraki gadgets. It’s wonderful for day-to-day administration and supplies highly effective templating capabilities for consistency.
Nonetheless, whenever you mix the Cisco Meraki dashboard with the ability of Purple Hat Ansible Automation Platform you’ll be able to take issues a step additional by driving consistency and managing the lifecycle of your community infrastructure at scale.
Contemplate these questions:
- How shortly might you provision and guarantee constant configurations for 10, 100, and even 1000 new websites if these duties had been totally automated?
- How lengthy does it sometimes take to detect and proper drift throughout your websites, and what are the potential enterprise impacts (safety, downtime, compliance) throughout that interval?
- How a lot handbook effort is concerned in producing complete compliance experiences to make sure all websites constantly meet inside safety insurance policies (e.g., particular firewall guidelines, firmware variations, wi-fi settings) or exterior regulatory necessities?
Key Benefits of Cisco Meraki and Purple Hat Ansible Automation Platform
By combining Cisco Meraki with Ansible Automation Platform, your group will obtain:
- Speedy Deployment: Effectively provision, configure, and scale branches and distant edge gadgets, shortly responding to altering community situations.
- Proactive Compliance: Proactively detect and implement desired configurations, staying forward of potential points.
- Operational Stability: Cut back human error and preserve a constant, dependable community state.
- Enhanced Safety: Automate vital and recurrent safety duties like PSK rotation and configuration drift remediation throughout areas.
- Elevated Agility: Reply quickly to evolving enterprise and market calls for.
- Boosted Scalability: Automate edge connectivity at scale, adapting workflows to altering community necessities.
Automating Standard Meraki Use Instances with Purple Hat Ansible Automation Platform
Let’s dive into among the hottest use circumstances that turn out to be streamlined and strong when combining Cisco Meraki with Purple Hat Ansible Automation Platform.
1. Department Provisioning: Quick, Constant, and Dependable
Downside: Deploying new websites (retail shops, distant workplaces) is difficult, it historically entails handbook configuration per location, probably resulting in errors, inconsistencies, and safety vulnerabilities. Every web site requires constant configurations for firewalls, switches, and Wi-Fi entry factors, amongst different gadgets, that align with firm safety insurance policies and greatest practices.
Resolution: Ansible Automation Platform lets you create reusable Ansible Playbooks that outline the specified state of your community. These playbooks work together with the Cisco Meraki Dashboard Controller API to carry out configurations throughout all of your gadgets. You possibly can outline a “golden configuration” for a typical department and apply it constantly throughout all new websites, considerably dashing up web site enlargement, and you’ll lengthen the logic utilizing automation workflows so as to add much more intelligence into your provisioning workflows.
Ansible Automation Platform additionally lets you share securely your reusable Ansible Playbooks with different groups, implement Function Based mostly Entry Management to outline who can run every Playbook towards which stock/websites, and doc what was modified or not modified on account of every Playbook run.Use Ansible Automation Platform to create a Workflow automating the important thing Steps :
- Create networks and declare gadgets: Robotically provision networks and convey new gadgets per community into your Meraki dashboard.
- Configure gateway (firewall) and WAN settings: Arrange the bottom equipment configuration, together with WAN setup, insurance policies IP addressing, and ports.
- Configure switches: Apply STP, MTU values, storm management, vitality financial savings scheduling, and port settings.
- Configure entry factors and wi-fi networks: Handle Wi-Fi SSIDs with safety settings and optimize AP radio settings.
- Automate documentation and reporting: Generate stock experiences, and replace enterprise techniques, together with Sources of Reality and CMDBs.
Instance: Making a Community – instance playbook to create a brand new Meraki community which is included within the Ansible Validated Assortment – meraki.ops :
--- - identify: Create a community hosts: meraki_servers connection: native gather_facts: no duties: - identify: Create Meraki Community cisco.meraki.meraki_network: organization_id: "{{ meraki_organization_id }}" identify: "MyNewBranchNetwork" product_types: - wi-fi - equipment - change state: current register: new_network_info - identify: Print new community data ansible.builtin.debug: var: new_network_info.community
This playbook makes use of the cisco.meraki.meraki_network module to create a brand new community, specifying the group ID, identify, and product sorts.
For configuring gadgets (MX, MS, MR), you’d use roles like community.meraki_ops.configure_devices , community.meraki_ops.configure_switch , and community.meraki_ops.configure_ssid . For instance, configuring an MX firewall would contain defining VLANs and port configurations as knowledge that the playbook then pushes.
All the Ansible modules and pattern Playbooks and Roles described on this weblog are included within the Ansible Automation Platform community. meraki_ops Validated Assortment.
2. Audit and Compliance Checks: Keep Forward of the Curve
Downside: Sustaining consistency and making certain compliance with inside insurance policies and exterior rules throughout an enormous community is advanced.
Resolution: Ansible Automation Platform leverages the Cisco Meraki Dashboard API to match a company’s settings and standing towards greatest practices and predefined thresholds, uncovering configurations that want consideration. This contains common checks, in addition to Wi-Fi and change compliance checks.
Instance: Producing a Community Report The community.meraki_ops.report function can generate HTML experiences containing community, system, and firewall knowledge.
--- - identify: Generate community and system report hosts: meraki_servers connection: native gather_facts: no roles: - function: community.meraki_ops.report class: all
This playbook generates a complete HTML report.
For health-specific checks, the community.meraki_ops.health_checks function is particularly designed for validating the operational well being and compliance of Meraki networks. This function can be utilized to invoke well being checks over particular networks or throughout all networks below a company. It performs vital validations, together with checking firmware variations, change settings, and wi-fi utilization. The output of those checks can contribute to producing HTML experiences to validate community well being.
For instance, think about a Meraki consumer with quite a few department workplaces wants to make sure that all their switches are working authorised firmware variations and that wi-fi entry level settings are constantly optimized throughout each location to take care of efficiency and safety. As a substitute of the laborious handbook technique of checking every system or web site dashboard, they may leverage the community.meraki_ops.health_checks function. An Ansible playbook using this function could possibly be configured to robotically scan their total Meraki infrastructure. It could then establish any switches working outdated firmware or spotlight wi-fi entry factors with suboptimal configurations, permitting the consumer to proactively deal with potential efficiency bottlenecks or safety vulnerabilities throughout their distributed community.
Filter plugins like community.meraki_ops.health_check_view and community.meraki_ops.report_view will also be utilized for particular reporting wants.
3. Configuration Drift Audit: Keep a Supply of Reality for Your Firewall Insurance policies
Downside: Configuration drift—unintended deviations from a desired baseline—can result in surprising community habits and demanding safety vulnerabilities.
Resolution: With Ansible Automation Platform, you identify a “golden community” baseline, which serves as your supply of fact. Ansible Automation Platform can periodically evaluate your dwell community configurations to this baseline in examine mode, figuring out any deviations, significantly in vital areas like firewall insurance policies. You possibly can then determine whether or not Ansible Automation Platform robotically corrects these non-compliant configurations or creates a service ticket with all the small print for handbook evaluate. This proactive method considerably reduces danger and streamlines community operations.
Instance: Reverting a Configuration Drift If somebody by chance adjustments a firewall rule from TCP to Any visitors on Port 80, re-running the Ansible Playbook for firewall configuration will detect this drift and revert it again to the specified TCP state on account of idempotency.
--- - identify: Deploy MX Firewall Configuration hosts: meraki_servers connection: native gather_facts: no duties: - identify: Guarantee HTTP visitors is TCP solely on Port 80 cisco.meraki.meraki_network_appliance_firewall_l3_firewall_rule: network_id: "your_network_id" rule_id: "your_rule_id" protocol: "tcp" src_port: "Any" src_cidrs: - "Any" dst_port: "80" dst_cidrs: - "Any" coverage: "permit" remark: "Permit HTTP visitors" state: current
Working this playbook frequently will make sure the firewall configuration matches the “golden” definition. The community.meraki_ops.configure_firewall_rules function is particularly designed for deploying L3/L7 guidelines. For evaluating insurance policies, the community.meraki_ops.firewall_rtt.yaml playbook can be utilized.
4. Scheduled Rotation of Wi-Fi Pre-Shared Keys: Improve Safety
Downside: Often updating Wi-Fi Pre-Shared Keys (PSKs), particularly for visitor networks, is a vital safety greatest observe. Static PSKs are safety vulnerabilities, and manually altering them throughout a number of websites is tedious and error-prone.
Resolution: Ansible Automation Platform can automate the technology of latest, robust PSKs and push these keys to all of your Meraki entry factors. This preventive operational job might be scheduled to run at common intervals, making certain well timed and constant updates with out handbook intervention, thereby enhancing safety and liberating up priceless IT sources.
Instance: Updating a Wi-Fi SSID with a brand new PSK
--- - identify: Replace Visitor SSID with new PSK hosts: meraki_servers connection: native gather_facts: no vars: new_guest_psk: "GeneratedStrongPSK123!" duties: - identify: Configure Visitor SSID cisco.meraki.meraki_network_wireless_ssid: network_id: "your_network_id" ssid_number: 3 identify: "MyGuests" enabled: true authentication_mode: "psk" psk: "{{ new_guest_psk }}" state: current
This playbook leverages the cisco.meraki.meraki_network_wireless_ssid module. The community.meraki_ops.configure_ssid function can be out there for managing SSIDs. This could possibly be mixed with a dynamic PSK technology mechanism and scheduled through Ansible Automation Platform’s automation controller.
