Automation Analytics Security and Data Handling FAQ

Updated -

Red Hat® Ansible® Automation Platform is a foundation for building and operating automation at scale. Simple to adopt, use, and understand, Red Hat Ansible Automation Platform provides the tools needed to rapidly implement enterprise-wide automation, no matter where you are in your automation journey.

The Red Hat Ansible Automation Platform now includes Automation Analytics, a powerful service built on the Red Hat Cloud Platform.

Customers naturally want to ensure how their data is handled by Automation Analytics. This document describes the practices used by Red Hat in handling customer data for automation analytics.

Can I access Automation Analytics as an on-premise tool so that we do not have to send system data out of our network?

Automation Analytics is an online service provided within the Ansible Automation Platform by Red Hat. There is no on-premise version of the service planned at this time.

What data is collected by Automation Analytics?

Much like Red Hat Insights, Automation Analytics is built to only collect the minimum amount of data needed.

Automation Analytics collects certain classes of data from Ansible Tower:

  • Counts of automation resources (templates, inventories, projects, credentials, etc)
  • Topology and status of the Tower environment and hosts
  • Job execution details (start time, finish time, success), and individual task success and modules used

Importantly, no credential secrets, personal data, automation variables, or task output is gathered.

For a more detailed description, please see the documentation.

Can you limit what data is sent to Automation Analytics?

Content is not currently configurable. For more information on what is sent and how to view it, please see "How can you view and control what data is collected by Automation Analytics?".

How can you view and control what data is collected by Automation Analytics?

The customer controls whether their Tower data is sent to Automation Analytics or not. No data is sent to Red Hat unless an administrator explicitly opts in to data collection. The administrator can perform a sample collection and inspect the data if they so desire.

To review the data that would be sent, the administrator can run `awx-manage gather_analytics', and examine the file created.

What is the impact of disabling data collection for Automation Analytics?

You can not take advantage of Automation Analytics features to see across your automation estate if data collection is not enabled.

Is the type of data collected static or dynamic?

The specification for what data is collected is defined in Ansible Tower and can change with a future Ansible Tower update.

How is my analytics data transmitted and stored?

Data is encrypted throughout the process - from collection, to transmission, to storage on Red Hat infrastructure.

How long will Red Hat retain the data collected?

By default, the service collects and uploads the data four times a day. Hence, the collected data will normally be kept for up to 24 hours for processing into computed analytics data. Data uploaded by previous runs will be discarded when the same client uploads new data as part of the daily run.

As we are building the product to show historical automation data, computed analytics data is currently stored for up to a year.