Ansible manages machines in an agent-less manner. There is never a
question of how to upgrade remote daemons or the problem of not being
able to manage systems because daemons are uninstalled. Because OpenSSH
is one of the most peer-reviewed open source components, security
exposure is greatly reduced. Ansible is decentralized–it relies on your
existing OS credentials to control access to remote machines. If needed,
Ansible can easily connect with Kerberos, LDAP, and other centralized
authentication management systems.