Ansible — A battering ram for Cloud Infrastructure Management modernization

Company xyz is an Italian eyewear conglomerate and the world’s largest company in the eyewear industry that has embarked on a digital transformation journey over the past 4 years that has changed the way the company works and provides services (production and delivery, e-commerce platforms, eye care booking).

In their digital transformation journey, one of the key steps to accelerate the transition was migrating the 1500+ applications to the cloud: leveraging the Infrastructure as a Service (IaaS) paradigm, the company improved the performance, security, scalability and flexibility of the infrastructure, decreasing CapEx and enhancing support for Disaster Recovery and Business Continuity of business-critical applications.

The customer has decided to split the entire infrastructure across multiple cloud service provider, keeping the SAP infrastructure on-premise, given the recent €4M+ data center investments, and to avoid any kind of “lock-in”, outsourced the infrastructure to 3 different Managed Services Providers, generating increasingly higher infrastructure management costs that the time has come to cut.

While my company was modernizing the applications by leveraging PaaS and SaaS model to slowly reduce infrastructure management costs, the client, over the previous three quarterly steering meetings, insisted on finding a faster way to accomplish the mission.

As the Service Manager (and principal Cloud Architect) of one of the MSPs, my target was to guide the customer through the digital transformation process, balancing the costs, revenues and people of the infrastructure management service, bringing innovation and managing customer complaints, service improvement KPIs, and overseeing and guiding all infrastructure-related activities.

During the biweekly Service Review Meeting with the customer and all the MSPs it was clear that the patch management process was a real headache for everyone (scheduling, inventory, roll-out) and for us too: every day 2/3 people from 2nd level Infrastructure team (highly specialized team) were supporting the 1st level team and the customer to resolve patch management issues.

So, seizing the opportunity, taking into account what the backfire might be and to efficiently address the cost reduction required by the customer, I decided to propose a new way to manage the infrastructure, leveraging Ansible as configuration management tool.

Ansible is an open source IT automation engine that automates provisioning, configuration management, application deployment and orchestration and can be used to install software, automate daily tasks, provision infrastructure, improve security and compliance, patch systems, and share automation across an organization.

The best way to avoid customer resistance (mostly economic) was to invest in a proof-of-concept that limited Ansible’s scope of use to patch management and only to 10 non-business-critical applications: a two-month PoC in which the overall goal of the project was to lower the complexity of patch management process by reducing the number of incidents raised as a result of applying a patch, reducing applications downtimes during the patch management process and avoiding any delay in applying patches to limit the risk of non-compliance or the exposure to cyber-attack.

The decision was made against my boss opinion who feared a reduction in revenues and who generally saw automation as a possible threat to our Operation & Maintenance team: there is no need for a first level support if you can automate things; unjustified fear, not supported by data. However, the benefits and innovation that the introduction of automation would bring to the customer were countless: lower costs, fewer downtime, improved reliability and productivity, just to name a few, but most importantly, automation provides better data to analyze allowing companies to evolve and embrace change more quickly and easily; this would have been open the customer’s doors for future projects (and revenues).

So, I committed myself to collect data from the ITSM platform, monitoring tools, automatic e-mail and patch scheduling calendar to analyze it and understand “in figures” what the benefits and risks might be: among all, I was proposing to the customer a way to reduce MSPs costs that only my company would benefit from among the 3 players, competitor would not have been happy! I found within the client a willing sidekick to sponsor the activity in order to mitigate any blockages from other vendors and showed them the ‘big picture’ of what the whole operation could bring in the long run.

I dealt with (and I was in charge of) every phase of the PoC, from explaining the solution to the stakeholders with workshop and deep-dives, to delivering it passing through design, implementation and planning, leading (and being part of) the Cloud Infrastructure & Automation team.

The results of the PoC were astonishing!

Patch Management whole process time reduced by 80%, applications downtimes was close to zero and no issue raised! The customer then gave us the opportunity to exit the PoC phase and extend the scope first to all 50+ business-critical applications in our perimeter and then to the entire application stack deployed over the 3 major CSPs: the introduction of Ansible only for the patch management process cut MSPs costs by 35% in the firsts 10 months for the customer (approximately 12% discount from each MSP), and increased our pure margin by dropping MSP costs by 45%, costs emerging also from the effort spent by people involved and not strictly connected to the patch management activities

This was only the beginning: over the next 2 years the customer let us extend the Ansible perimeter to vulnerability management and security compliance processes and network virtual appliance management and configuration, but mainly, thanks to the spreading of the automation adoption within company culture, the customer took a first step into the infrastructure provisioning automation which projected him into the Infrastructure as Code (IaC) era by embracing the DevOps model.

Two years of €800K+ infrastructure projects, MSP revenue growth of more thatn €450K year-over-year and the tremendous growth of my company’s dominance among other MSPs in terms of infrastructure management perimeter, now also dealing with Security&Compliance and Network department.

Don’t be afraid of the “AI TAKEOVER”, automation could simplify long processes with no added values and allow us to focus on the things that really matter.