NAB is continuing to use Red Hat Ansible as part of a long-running effort to transform and optimise its IT operations.
(L-R) Enzo Compagnoni from Red Hat and Jason Cooper from NAB.
The bank’s use of Red Hat Enterprise Linux and the Red Hat Ansible automation platform was on show at the Red Hat Connect forum in Melbourne yesterday, with the program receiving a vendor award.
That led to more details of the work emerging, with the work said to have “evolved through several key phases such as platform security, Linux patching, and disaster recovery automation.”
“NAB is 1725443001 fully optimising [IT] operations after having successfully onboarded multiple teams, including database, digital forensics and cyber security,” Red Hat said in a statement.
Red Hat said the bank had “consolidated various systems and processes into a unified automation framework, improving efficiency and quality of services, benefiting both customers and employees by providing fast and more reliable banking services” – that it said, “contributed to millions of cost savings annually”.
Manager of network application security and automation Jason Cooper said the bank had been looking to “take cost out” of IT operations for a number of years, starting out by insourcing some capabilities that were previously run by Telstra, followed by “a big automation push” in the IT operations space.
“We just can’t throw [more] people at problems,” he said.
“We have to really think about this in a smart way, and we’ve done that with a partnership with Red Hat, and Ansible’s been there for a long time for us.”
Ansible, an infrastructure-as-code tool, was integrated with some of the bank’s cyber security tooling including CyberArk – which it uses for privileged access management – and Hashicorp Vault, a secrets management service used as part of the bank’s cloud operations.
Cooper said that from a security perspective, automation was about doing password rotations, certificate management and patching “easier, faster” and more reliably.
Cooper pointed briefly to work at NAB that sees it implementing newer functionality in the Red Hat Ansible automation platform.
The bank has gone down the path of event-driven Ansible which, according to the vendor, can be used to “increase efficiency in troubleshooting and information gathering”.
“We’ve put a lot of development work into event-driven Ansible, fixing incidents on-the-fly,” Cooper said.
Cooper foreshadowed the use of configuration-as-code and policy-as-code capabilities in the platform as well, the latter also leaning on integration with the bank’s ServiceNow environment.
“Instead of doing intricate change management and incident management, we’re actually looking at how we can set templates in ServiceNow to do policy-as-code,” he said.
NAB is also set to embrace the coding assistant in Ansible, which has the full title of ‘Red Hat Ansible Lightspeed with IBM watsonx Code Assistant’, shortened simply to ‘Lightspeed’.
“One of the issues that we’ve always had was how do we make sure our people are coding [in Ansible] the right way?” Cooper said.
Cooper said his team had informally barred the use of ChatGPT to make coding suggestions.
“[Within] our team, if you use this word you have to buy everyone in the team a coffee, so ChatGPT was banned from being said last year when we were looking at coding problems [in Ansible],” Cooper said.
The arrival of Lightspeed meant an in-ecosystem generative AI tool was available, and Cooper said the bank had decided to back its use.
The tool promises to assist in the creation of playbooks, a structure containing a set of actions that “tell Ansible what to do to which devices.”