Download Now

Today's enterprise IT infrastructures are comprised of a complex mix of disparate systems: cloud servers, virtual machines, in-house IT assets, legacy platforms, and more. Managing this complexity via manual efforts is virtually impossible, especially given the high rate of configuration change in the average enterprise environment. This is where IT automation and configuration management (CM) solutions like SaltStack and Ansible come into play. 

At the most basic level, IT automation/CM tools alleviate developers and admins from having to write and manage custom scripts for tasks like standing up servers and pushing out software updates. Unsurprisingly, much of this tooling originated from developers/admins addressing their own day-to-day pain points. The leading DevOps tools have followed a similar trajectory over years, usually starting out as popular open source tools and gradually making their way into the enterprise with visual management consoles (versus CLI-only management), advanced reporting features, third party integrations, and more. This is true of the "big four" IT automation platforms, including SaltStack and Ansible.   

SaltStack

Created by Thomas Hatch in 2011, Salt—now known as SaltStack—is a modular, Python-based CM tool designed for high-speed data collection/execution. The tool has gained considerable traction in the enterprise for its performance benefits over competing solutions, including Ansible.

saltstack-enterprise.jpg
The SaltStack Enterprise UI. Source: saltstack.com.

SaltStack's speed and performance benefits are made possible by its lightweight ZeroMQ messaging library: a concurrency framework for establishing persistent TCP connections between the server and agents (i.e., Salt master and minions). The platform is available as an open source project or enterprise commercial offering known as SaltStack Enterprise. 

Ansible

Ansible was developed in 2012 by Michael DeHaan in response to leading IT automation/CM tools' shortcomings, including a dependence on agents and overwhelming focus on the Ruby language; the open source Ansible solution is both agentless and, like SaltStack, based on Python.  

ansible.png
The Ansible Tower UI. Source: ansible.com.

Ansible Tower is the enterprise version that includes a streamlined visual management dashboard, REST API, role-based access control, job scheduling, graphical inventory management, and more. The company was acquired by Red Hat back in October 2015 and is now known as Ansible by Red Hat.  

Read our full post on role-based access control.

Side-by-Side Scoring: SaltStack vs. Ansible

1. Capability Set

As open source projects freely available to the general public, SaltStack and Ansible—despite being highly capable IT automation/CM offerings—lack features and refinements that make them enterprise-ready. For these purposes, SaltStack Enterprise and Ansible Tower are available, at a cost.

SaltStack Ansible
4/5 4/5

2. Usability / Learning Curve

Ansible's simplicity and easy-to-follow documentation give it a leg-up over SaltStack in this category; in fact, it's widely regarded as the easiest to use IT automation/CM platform on the market. SaltStack also provides ample documentation for getting up to speed, and it should: the platform poses a significant learning curve to new users, even seasoned DevOps professionals.

SaltStack Ansible
3/5 5/5

3. Community Support

Both of these IT automation/CM platforms are darlings of the open source community, each boasting a legion of supporters. SaltStack's open source project is currently one of the biggest and most active on GitHub, while Ansible has maintained its popularity amongst the community, even after being acquired by Red Hat. In October 2016, Red Hat also open sourced its Ansible Galaxy code repository, furthering its commitment to the Ansible-focused open source community. 

SaltStack Ansible
5/5 5/5

4. Release Rate

Both platforms have seen regular releases over the years—open source SaltStack follows a date-based system for version numbers (i.e., YYYY.MM.R, R being the bugfix release number increments within that feature release) and is currently on version 2016.11.2, while its Enterprise offering is on version 5. Open source Ansible is currently at version 2.2.1; its enterprise Tower offering is on version 3.

SaltStack Ansible
5/5 5/5

5. Pricing and Support

A monitoring system won't troubleshoot a configuration error. A configuration test script will.

Both SaltStack and Ansible are available for free as open source downloads, but more advanced enterprise features will cost you. Ansible Tower starts at $5,000/year without support; subsequent tiers run up to $14,000/year and include 8x5 or 24/7 support. 

Expect a similar enterprise pricing structure with SaltStack Enterprise, though specifics are not available via the company's website. It does note, however, that the Enterprise offering is subscription license priced by managed node and level of support.

SaltStack Ansible
4/5 4/5

6. API and Extensibility

One of Ansible Tower's key features is its well-documented REST API; open source users are relegated to the more basic Python API. Similarly, SaltStack offers a Python client API as well as a limited "no-frills" REST API.

SaltStack Ansible
4/5 4/5

7. 3rd Party Integrations

Both offerings feature an impressive library of integrations. For example, SaltStack offers streamlined interoperability with leading cloud providers such as AWS, Microsoft Azure, Linode, and Digital Ocean, as well as software tools/technologies like Nagios, Docker, and Jenkins, to name a few. Not to be outdone, Ansible also integrates with a myriad of third party offerings, from virtualization tools like VMware and Vagrant to DevOps solutions such as GitHub and TeamCity.

SaltStack Ansible
5/5 5/5

8. Companies that Use It

Both SaltStack and Ansible have a solid footing in the CM/IT automation space: some of SaltStack's customers include LinkedIn, Comcast, Rackspace, and NASA, to name a few, while Ansible claims Atlassian, Cisco, EA Sports, Allegiant, NASA, and Verizon as some of its marquee customers.

SaltStack Ansible
5/5 5/5

9. Control Capabilities

Both SaltStack and Ansible are battle-tested, powerful IT automation/CM platforms, trusted by the world's largest enterprises for rolling out system changes en masse. As mentioned previously, SaltStack Enterprise's ZeroMQ messaging data bus gives it significant speed advantages, while Ansible's lightweight, agentless architecture make it more lightweight and easier to manage.

SaltStack Ansible
4/5 4/5

10. Security rating

SaltStack's 646 CSTAR score, while okay, falls short of ideal due to a handful of security flaws, namely lack of HTTP strict transport security and missing DMARC/DNSSEC. Similarly, Ansible's 751 CSTAR score is good, but nonetheless flawed as a result of flaws like an insecure SSL/TLS version and lack of DMARC/DNSSEC.

Scoreboard and Summary

  SaltStack Ansible
Capability set 4/5 4/5
Usability / learning curve 3/5 5/5
Community support 5/5 5/5
Release rate 5/5 5/5
Pricing and support 4/5 4/5
API and extensibility 4/5 4/5
3rd party integrations 5/5 5/5
Companies that use it 5/5 5/5
Control capabilities 4/5 4/5
Security rating 646 751
Total 4.3/5 4.5/5

SaltStack and Ansible have come a long ways since their humble beginnings as open source DevOps tools—even today, the two offerings can't be beat for their powerful low/no-cost IT automation and CM capabilities. And enterprises can't go wrong with either Ansible Tower or SaltStack Enterprise, though for speed and performance, users may want to opt for the latter. In contrast, Ansible Tower is better suited for organizations looking for a lightweight, agentless automation solution that's easy to get up to speed with and manage.

Ready to see
UpGuard in action?

Ready to save time and streamline your trust management process?