Automating Zscaler Platform with Red Hat Ansible Automation Platform

Automating Zscaler Platform with Red Hat Ansible Automation Platform

In today's fast-paced digital world, organizations are under constant pressure to innovate and deliver solutions quickly and efficiently. DevOps and DevSecOps teams play a crucial role in this process, driving the automation of repetitive tasks and ensuring that security is integrated into every stage of the development lifecycle.

However, balancing the need for speed with the necessity of robust security can be challenging. Teams often struggle to manage complex configurations, enforce consistent policies, and maintain visibility across dynamic environments. 

With these challenges in mind, we are proud to announce that Zscaler and Red Hat have joined forces to deliver two new certified Ansible Content Collections for Zscaler Private Access (ZPA) and Zscaler Internet Access (ZIA).

These collections empower DevOps, DevSecOps, and Platform Engineering teams to leverage their Ansible Automation Platform expertise, to automate the deployment and management of security policies thus ensuring that organizational needs are met swiftly and securely.

As a certified content, the new Zscaler collections have undergone rigorous testing by both Zscaler and Red Hat. The software chain of custody is certified and signed with a Red Hat key. 

How Does It Work?

With the certified Zscaler Content Collections, security teams can work from a familiar automation platform by defining and managing related components, configurations, and policies to create highly automated, predictable, and repeatable processes.

The Ansible Content Collection, helps in creating policies and configurations in both ZPA and ZIA with easy-to-use code modules that speed up work, enforce consistency, and minimize human error. This unified framework enables more efficient operations and stronger security across all environments.

What Other Benefits Come with Zscaler Ansible Content Collection?

Additional benefits of this partnership and the Content Collection include:

• A System of Record: By managing ZPA and/or ZIA operations and security policies with Ansible modules, you'll always have a system of record to inspect configurations for change management and audit purposes.
   
• Minimizing Variability and Loss of Knowledge: Manual configurations can cause great variability and potential security gaps across teams. Standardized configurations replicated in an automated “as code” fashion minimize variance and improve continuity even as staffing levels and priorities shift.
   
• Self-Service Provisioning: Repeatable, easy-to-use ZPA and/or ZIA provisioning processes empower teams outside of network and security operations by reducing bottlenecks and empowering DevOps and lines of business working on digital products to move quickly, securely, and with proper governance and oversight.
   
• Scalability Without Worry: For companies already using Ansible Automation Platform, the Certified Content Collection enables Zscaler Private Access and Zscaler Internet Access to be integrated into larger multi-domain workflows. This allows cross-functional use cases of higher value while maintaining the separation of duties and the appropriate level of governance.
   
• Collaborative Automated Changes: Playbooks can be checked into a source code repository, enabling teams to audit and approve changes such as security policy additions, deletions, or modifications. Once approved, they can trigger a CI/CD pipeline job that commits the changes to either ZPA and/or ZIA.
   
• Platform Engineering Advantages: For organizations adopting a platform engineering approach, Ansible provides a powerful tool for creating and managing shared services and infrastructure. Platform engineering teams can leverage Ansible to build reusable, standardized environments that support self-service capabilities, reduce operational overhead, and ensure consistency across the organization.

The Use Cases for Zscaler Management with Ansible Automation Platform

Let’s look at a few use cases for automating both ZPA and ZIA using Ansible:

ZPA Application Segments:

An application segment is a grouping of defined applications based upon access type or user privileges. In the context of the ZPA platform, an application is a fully qualified domain name (FQDN), local domain name, or IP address that you define on a standard set of ports. Applications must be defined within an application segment. Depending on how dynamic your environment is or how much scalability is required, managing multiple FQDNs within a single application segment or multiple application segments may become very time-consuming.

With Red Hat Ansible Automation Platform, you can automate the creation and management of application segments, ensuring that your environment scales efficiently and remains secure. By using Ansible playbooks, you can define application segments in a declarative manner, allowing for consistent and repeatable configurations. This automation reduces manual intervention, minimizes human error, and ensures that your application segments are always up-to-date.

In addition to creating application segments, server groups, segment groups, and app connector groups, you can also use the ZPA Collection to manage:

• Browser access application segments
• Privileged Remote Access (PRA)
• Access policy rules
• Access policy timeout rules
• Access policy forwarding rules
• Access Policy Privileged Remote Access
• . . . and more.

Zscaler Zero Trust Firewall:

Zscaler Zero Trust Firewall delivers cloud-based protection for web (HTTP/HTTPS) and non-web traffic (FTP, DNS, RDP, Telnet, and more) for all users and devices regardless of where they connect. Zero Trust Firewall helps organizations easily meet regulatory standards while universally configuring, managing, and enforcing user- and application-aware threat protection and risk-based policies to ensure network and application visibility with a centralized policy management console.

Using the new ZIA Ansible Collection, you can automate the configuration and management of Zscaler Zero Trust Firewall policies, ensuring that your security posture is robust and adaptive to changing threats. Ansible playbooks allow you to define firewall rules and policies in a standardized, code-driven manner, which can be version-controlled and audited. 

This approach not only enhances security but also ensures that your firewall configurations are consistently applied across all environments.

This playbook automates the deployment of firewall policies, ensuring that your security measures are comprehensive and consistently enforced. By integrating these playbooks into your CI/CD pipeline, you can achieve continuous security compliance and adapt swiftly to new security requirements.

In addition to managing ZIA cloud firewall policies, the provider also supports the management of:

• URL filtering rules
• URL categories
• URL allowed and disallowed lists via advanced threat protection (ATP)
• DLP web rules
• DLP dictionaries
• Sandbox File and Hash Submission
• . . . and more.

How to Get Started

Zscaler Ansible Content Collections are available to Zscaler customers who are also Ansible subscribers. You can find the collection in the Red Hat Automation Hub. If you are new to Red Hat Ansible Automation Platform or not a subscriber, you can try it out with a 30-day free trial. 

Additional Resources

• ZIA Ansible Collection – Automation Hub
• ZPA Ansible Collection – Automation Hub
• ZIA Ansible Collection – Ansible Galaxy
• ZPA Ansible Collection – Ansible Galaxy

Documentation Resources

• ZIA Ansible Collection
• ZPA Ansible Collection