Today's enterprise IT infrastructures are comprised of a complex mix of disparate systems: cloud servers, virtual machines, in-house IT assets, legacy platforms, and more. Managing this complexity via manual efforts is virtually impossible, especially given the high rate of configuration change in the average enterprise environment. This is where IT automation and configuration management (CM) solutions like SaltStack and Ansible come into play.
At the most basic level, IT automation/CM tools alleviate developers and admins from having to write and manage custom scripts for tasks like standing up servers and pushing out software updates. Unsurprisingly, much of this tooling originated from developers/admins addressing their own day-to-day pain points. The leading DevOps tools have followed a similar trajectory over years, usually starting out as popular open source tools and gradually making their way into the enterprise with visual management consoles (versus CLI-only management), advanced reporting features, third party integrations, and more. This is true of the "big four" IT automation platforms, including SaltStack and Ansible.
SaltStack
Created by Thomas Hatch in 2011, Salt—now known as SaltStack—is a modular, Python-based CM tool designed for high-speed data collection/execution. The tool has gained considerable traction in the enterprise for its performance benefits over competing solutions, including Ansible.
SaltStack's speed and performance benefits are made possible by its lightweight ZeroMQ messaging library: a concurrency framework for establishing persistent TCP connections between the server and agents (i.e., Salt master and minions). The platform is available as an open source project or enterprise commercial offering known as SaltStack Enterprise.
Ansible
Ansible was developed in 2012 by Michael DeHaan in response to leading IT automation/CM tools' shortcomings, including a dependence on agents and overwhelming focus on the Ruby language; the open source Ansible solution is both agentless and, like SaltStack, based on Python.
Ansible Tower is the enterprise version that includes a streamlined visual management dashboard, REST API, role-based access control, job scheduling, graphical inventory management, and more. The company was acquired by Red Hat back in October 2015 and is now known as Ansible by Red Hat.
Read our full post on role-based access control.
Side-by-Side Scoring: SaltStack vs. Ansible
1. Capability Set
As open source projects freely available to the general public, SaltStack and Ansible—despite being highly capable IT automation/CM offerings—lack features and refinements that make them enterprise-ready. For these purposes, SaltStack Enterprise and Ansible Tower are available, at a cost.
2. Usability / Learning Curve
Ansible's simplicity and easy-to-follow documentation give it a leg-up over SaltStack in this category; in fact, it's widely regarded as the easiest to use IT automation/CM platform on the market. SaltStack also provides ample documentation for getting up to speed, and it should: the platform poses a significant learning curve to new users, even seasoned DevOps professionals.
3. Community Support
Both of these IT automation/CM platforms are darlings of the open source community, each boasting a legion of supporters. SaltStack's open source project is currently one of the biggest and most active on GitHub, while Ansible has maintained its popularity amongst the community, even after being acquired by Red Hat. In October 2016, Red Hat also open sourced its Ansible Galaxy code repository, furthering its commitment to the Ansible-focused open source community.
4. Release Rate
Both platforms have seen regular releases over the years—open source SaltStack follows a date-based system for version numbers (i.e., YYYY.MM.R, R being the bugfix release number increments within that feature release) and is currently on version 2016.11.2, while its Enterprise offering is on version 5. Open source Ansible is currently at version 2.2.1; its enterprise Tower offering is on version 3.
5. Pricing and Support
A monitoring system won't troubleshoot a configuration error. A configuration test script will.
Both SaltStack and Ansible are available for free as open source downloads, but more advanced enterprise features will cost you. Ansible Tower starts at $5,000/year without support; subsequent tiers run up to $14,000/year and include 8x5 or 24/7 support.
Expect a similar enterprise pricing structure with SaltStack Enterprise, though specifics are not available via the company's website. It does note, however, that the Enterprise offering is subscription license priced by managed node and level of support.
6. API and Extensibility
One of Ansible Tower's key features is its well-documented REST API; open source users are relegated to the more basic Python API. Similarly, SaltStack offers a Python client API as well as a limited "no-frills" REST API.
7. 3rd Party Integrations
Both offerings feature an impressive library of integrations. For example, SaltStack offers streamlined interoperability with leading cloud providers such as AWS, Microsoft Azure, Linode, and Digital Ocean, as well as software tools/technologies like Nagios, Docker, and Jenkins, to name a few. Not to be outdone, Ansible also integrates with a myriad of third party offerings, from virtualization tools like VMware and Vagrant to DevOps solutions such as GitHub and TeamCity.
8. Companies that Use It
Both SaltStack and Ansible have a solid footing in the CM/IT automation space: some of SaltStack's customers include LinkedIn, Comcast, Rackspace, and NASA, to name a few, while Ansible claims Atlassian, Cisco, EA Sports, Allegiant, NASA, and Verizon as some of its marquee customers.
9. Control Capabilities
Both SaltStack and Ansible are battle-tested, powerful IT automation/CM platforms, trusted by the world's largest enterprises for rolling out system changes en masse. As mentioned previously, SaltStack Enterprise's ZeroMQ messaging data bus gives it significant speed advantages, while Ansible's lightweight, agentless architecture make it more lightweight and easier to manage.
10. Security rating
SaltStack's 646 CSTAR score, while okay, falls short of ideal due to a handful of security flaws, namely lack of HTTP strict transport security and missing DMARC/DNSSEC. Similarly, Ansible's 751 CSTAR score is good, but nonetheless flawed as a result of flaws like an insecure SSL/TLS version and lack of DMARC/DNSSEC.
Scoreboard and Summary
SaltStack and Ansible have come a long ways since their humble beginnings as open source DevOps tools—even today, the two offerings can't be beat for their powerful low/no-cost IT automation and CM capabilities. And enterprises can't go wrong with either Ansible Tower or SaltStack Enterprise, though for speed and performance, users may want to opt for the latter. In contrast, Ansible Tower is better suited for organizations looking for a lightweight, agentless automation solution that's easy to get up to speed with and manage.