Cisco Intersight is an operations platform that helps IT operations teams control and automate Cisco UCS, converged, and hyperconverged infrastructure. Intersight consolidates and automates infrastructure lifecycle management from data centers to the edge in one solution delivered as-a-service.
N/A
Ansible
Score 9.2 out of 10
N/A
The Red Hat Ansible Automation Platform (acquired by Red Hat in 2015) is a foundation for building and operating automation across an organization. The platform includes tools needed to implement enterprise-wide automation, and can automate resource provisioning, and IT environments and configuration of systems and devices. It can be used in a CI/CD process to provision the target environment and to then deploy the application on it.
It is highly suited for an organisation pushing for a standardised and centralised configuration of settings using policies, profiles and templates. It is highly suited for customers used to legacy UMM that need to refresh their environment, but instead of deploying them in UMM (which is still possible), to take the time and effort to learn Cisco Intersight Infrastructure Service and IMM as well as familiarise themselves with the differences between UMM and IMM, and the issues in UMM which IMM addresses and improves upon. We deployed in UMM initially then transitioned to IMM with the transition too. I cannot think of a scenario where Cisco Intersight Infrastructure Service would not be suited. Even for small-scale deployments, it provides significant benefits. Maybe if you come from another server vendor management environment, the learning curve may feel steep (e.g. many new concepts and constructs that one has to master).
I'm going to say it is best suited for configuration management. Like I said, patching even with security, things of that nature. Probably less suited is hardware management, but Red Hat IBM/IBM has Terraform for that. So it's a trade off.
Standardising the environment by enforcing use of updating templates.
Show the difference on a profile between what has changed and what setting was last deployed.
Perform bulk deploy operation on profiles (like server profiles).
Policies underpin all settings (e.g. no more defining individual VLANs before being able to use them, or having to clean them up manually when they are no longer in use. You deploy a Domain VLAN policy that states which VLANs are configured on a domain (either standalone) or a domain profile template (if domains profiles are bound to an updating domain profile template).
Debugging is easy, as it tells you exactly within your job where the job failed, even when jumping around several playbooks.
Ansible seems to integrate with everything, and the community is big enough that if you are unsure how to approach converting a process into a playbook, you can usually find something similar to what you are trying to do.
Security in AAP seems to be pretty straightforward. Easy to organize and identify who has what permissions or can only see the content based on the organization they belong to.
It is difficult to spot an added or removed VLAN in an Ethernet Network Group Policy or VLAN Policy. The comparison widget will show you that something has changed, but if you have 100s of VLANs, the difference does not stand out. Workaround: we copy the data out and compare it in a text editor.
If you are transitioning from UMM to IMM, you lose some functionality like vNIC redundancy pairs.
It is not easy to map the UMM version 4.x server firmware version to the equivalent IMM version 5.x firmware version.
It is not possible to configure out-of-band management IP addresses on a per-domain basis. You have to configure these ranges via an IMC Access policy (which contains the IP address range/pool) on the server profile. This leads to "server profile template sprawl" where we have to maintain multiple server profile templates since our domains sit on different ranges, even though the servers are for the most part configured identically.
UCS domains in IMM only support one Ethernet Network Group Policy (VLAN group) per vNIC template.
Better documentation of how all the options/parameters are meant to be used (when creating things like jobs, templates, inventories, etc)
More recommendations of best practices as far as the best way to organize job templates, workflows, roles. Much can be found on how to organize pure Ansible, but not so much for AAP specifically.
I have found some things that seem like they should be easy but are not possible. Things like moving a host from one inventory to a different inventory. As far as I know this is not possible and requires deletion and recreation. Maybe I just don't know how this could be done or don't understand the design decisions behind this?
Even is if it's a great tool, we are looking to renew our licence for our production servers only. The product is very expensive to use, so we might look for a cheaper solution for our non-production servers. One of the solution we are looking, is AWX, free, and similar to AAP. This is be perfect for our non-production servers.
Usability of Cisco Intersight is highly dependent on the licensing purchased. The default (free) license level provides a lot of value for the minimal amount of effort to implement. The paid license levels provide additional features (detailed inventory, configuration management and deployment, etc.)
It's overall pretty easy to use foe all the applications I've mentioned before: configuring hosts, installing packages through tools like apt, applying yaml, making changes across wide groups of hosts, etc. Its not a 10 because of the inconveinience of the yaml setup, and the time to write is not worth it for something applied one time to only a few hosts
Great in almost every way compared to any other configuration management software. The only thing I wish for is python3 support. Other than that, YAML is much improved compared to the Ruby of Chef. The agentless nature is incredibly convenient for managing systems quickly, and if a member of your term has no terminal experience whatsoever they can still use the UI.
I have had servers TAC cases open for issues with Cisco Intersight. Some have yet to be resolved. One case that is still open is where the HCL status ( Hardware Compatibility List ) shows not validated when It should be. We have several servers that have the exact same hardware, OS, and the same firmware. One server will show the HCL is not validated but all others will
There is a lot of good documentation that Ansible and Red Hat provide which should help get someone started with making Ansible useful. But once you get to more complicated scenarios, you will benefit from learning from others. I have not used Red Hat support for work with Ansible, but many of the online resources are helpful.
I personally think that Cisco Intersight Infrastructure Service is at the top of its class when it comes to managing data center hardware. The cloud-connected design feels very modern and easy to use. The mobile app is something I wouldn't expect to get in a server management tool. The way it can update, monitor, and manage our servers is very nice. Overall, we are very happy with it.
I used puppet prior to moving to open source Ansible and eventually to Red Hat Ansible Automation Platform. I appreciate the agentless approach of Red Hat Ansible Automation Platform and feel that its deterministic approach to applying code is superior to puppet
The negative thing is that we prefer to use the UCS Manager in our company because this bare metal is integrated into the FI and no extra appliance is required. SaaS is generally not viewed favorably in Germany.
Telling the user that they have to buy Intersight licenses even if they use UCS Manager annoys our customers.
POSITIVE: currently used by the IT department and some others, but we want others to use it.
NEGATIVE: We need less technical output for the non-technical. It should be controllable or a setting within playbooks. We also need more graphical responses (non-technical).
POSITIVE: Always being updated and expanded (CaC, EDA, Policy as Code, execution environments, AI, etc..)
