Tetration Analytics - Network Analytics & Machine Learning Enhancing Data Center Security and Operations
|
|
- Vernon Crawford
- 6 years ago
- Views:
Transcription
1
2 Tetration Analytics - Network Analytics & Machine Learning Enhancing Data Center Security and Operations Mike Herbert, Principal Engineer, INSBU BRKDCN-2040
3 Okay what does Tetration Mean? Tetration (or hyper-4) is the next hyperoperation after exponentiation, and is defined as iterated exponentiation It s bigger than a Google [sic] (Googol) And yes the developers are a bunch of mathematical geeks BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 3
4 Tetration Analytics Platform Introduction
5 We Are at the Cusp of a Major Shift TRADITIONAL DATA CENTRE CLOUD DATA CENTRE HYBRID CLOUDS Adoption Curve Efficiency We are here AUTOMATION IT as a Service IaaS PaaS SaaS XaaS Flexible Consumption Models CONSOLIDATION VIRTUALISATION EFFICIENCY SIMPLICITY SPEED DIGITAL EXPERIENCES The Next 5+ Years BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 5
6 Modern data centers are getting increasingly complex Big and fast data Hybrid cloud Rapid app deployment Increase in east-west traffic Expanded attack surface Open source Zero trust model Multi cloud orchestration Application portability Continuous development Application mobility Micro services BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 6
7 What if you could actually look at every data packet header that has ever traversed the network without sampling? BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 7
8 Tetration Analytics Platform Every Packet, Every Flow, Every Speed Network Policy Cisco Tetration Analytics Pervasive Visibility and Forensics Compliance Application Insight BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 8
9 Cisco Tetration Analytics Application Insights Policy Simulation and Impact Assessment Automated Whitelist Policy Generation Forensics: Every Packet, Every Flow, Every Speed Policy Compliance and Auditability BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 9
10 Cisco Tetration Analytics Pervasive Sensor Framework Provides correlation of data sources across entire application infrastructure Enables identification of point events and provides insight into overall systems behavior Monitors end-to-end lifecycle of application connectivity BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 10
11 Datacenter Wide Traffic Flow Visibility Detail information about the flow Information about Consumer Provider and type of traffic BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 11
12 Application Discovery and Endpoint Grouping BM VM VM VM BM Bare-metal, VM, & switch telemetry VM BM Cisco Nexus 9000 Series Network-only sensors, host-only sensors, or both (preferred) VM VM BM VM VM BM Brownfield Bare-metal & VM telemetry Cisco Tetration Analytics Platform BM VM VM BM Bare metal and VM VM BM BM VM VM BM On-premises and cloud workloads (AWS) VM telemetry (AMI ) Unsupervised machine learning Behavior analysis VM BM BM BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 12
13 Whitelist Policy Recommendation Application Discovery Web Tier App Tier DB Tier Storage Storage Whitelist Policy Recommendation (Available in JSON, XML, and YAML) Policy Enforcement (Future Roadmap) BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 13
14 Real-Time and Historical Policy Simulation BM VM VM BM VM VM VM BM VM VM VM Cisco Tetration Analytics Platform VM VM Validating policy impact assessment in real time Simulating policy changes over historic traffic View traffic outliers for quick intelligence Audit becomes a function of continuous machine learning BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 14
15 Policy Compliance BM VM VM BM VM VM VM VM BM VM VM VM VM VM BM VM Cisco Tetration Analytics Platform Identify policy deviations in real-time Review and update whitelist policy with one click Policy lifecycle management BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 15
16 Application Dependency Application Performance Compliance Enforcement Infrastructure Behavioral Anomalies Tetration Analytics Servers Network flows Buffer Stats Automation & Ecosystem Partners Process User Compute Application Insights Policy Forensics Network Tetration Analytics Engine PB Scale Secure Appliance BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 16
17 Tetration Analytics Platform Architecture - Sensors
18 Tetration Analytics Architecture Overview Data Collection Analytics Engine Visualization and Reporting Host Sensors VM Tetration Telemetry Web GUI Network Sensors Cisco Nexus 92160YC-X Cisco Nexus 93180YC-EX Cisco Tetration Analytics Platform REST API 3rd-Party Metadata Sources Configuration Data Push Events BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 18
19 Pervasive Sensors Host Sensors NW Sensors 3 rd Party Linux VM Windows Server VM Bare Metal (Linux and Windows Server) Hypervisors Containers Nexus 9200-X Nexus 9300-EX Geo Whois IP Watch Lists Load Balancers Available at FCS Next Generation 9K switches Future releases 3rd party Data Sources Low CPU Overhead (SLA enforced) Highly Secure (Code Signed, Authenticated) Low Network Overhead (SLA enforced) Every flow (No sampling), NO PAYLOAD BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 19
20 Traditional Monitoring Is Showing Its Age Not suited for Modern Network and Security Operations Where Data Is Created Where Data Is Useful SNMP SNMP Server Non Real time Syslog Syslog Collector Storage & Analysis CLI Scripts Strong burden on back-end Normalize different encodings, transports, data models, timestamps BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 20
21 Streaming Telemetry is a game changer Monitoring becomes a big data problem Where Data Is Created Where Data Is Useful Removing limitations and complexity Real time Streaming paradigm Dense Sensor Framework Increased Data Granularity Update on every event Multiple Data Sources Volume Scale of Data Velocity Analysis of Streaming Data Variety Different Forms of Data Big Data and Machine Learning Problem BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 21
22 Why Multiple Sensors? Example monitoring temperature in a room Lamp Sensor Plug Sensor Heater BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 22
23 Tetration Sensors Locations Hardware Sensor Packet and Flow Events Buffer and Switch State 92160CY-X 93180Y-EX 9732C-EX LC Software Sensor Processes & Socket Packet and Flow Events HYPERVISOR HYPERVISOR HYPERVISOR Tetration Cluster BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 23
24 Hardware Sensor Embedded Module (Flow Cache) Nexus 92160CY-X Nexus 93180Y-EX & 9732C-EX Line Cards Extracts Meta-Data from the forwarding pipeline No latency impact, no performance impact Flow Cache PRX LUA LUB LUC BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 24
25 Software Sensor Not in the data path Sits in User Space Designed by Kernel Developers Secure Code Signed SLA Enforcement CPU and BW throttling FCS availability Windows 2008 / 2008 R2 / 2012 / 2012 R2 Linux RedHat (5.3+, 6.x) CentOS (5.11+, 6.x) Ubuntu (12.04, 14.04, 14.10) Tetration Sensor libpcap Application Network Stack Driver NIC BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 25
26 PKI within the Cluster/Sensor Tetration Cluster runs an internal PKI Root CA is per cluster, inserted at Image creation Not accessible outside the cluster Cannot connect to an external PKI Certificate based authentication is performed for the Control Channel CN of the certificate is the IP address Certificates are rotated every 60 days Sensors are code signed Signature Authority is Cisco s code signing certificate Code Signature is validated at process start BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 26
27 How Sensor Communicate with the Cluster the First Time? Register with web server via ssl Assign UUID Rails Sensor Register with web server via ssl Download config Config Server Send meta data to collectors Collector BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 27
28 Components & Communication Hardware Sensor NXOS Agent Control Channel TCP/443 Guest Shell ASIC Cisco Nexus 9000 Agent Communication Unix Socket Sensor Data UDP/5640 Tetration Cluster BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 28
29 Components & Communication Software Sensor Software Sensor Control Channel TCP-SSL 443 Sensor Data TCP-SSL 5640 Agent Communication Unix Socket Tetration Cluster LINUX/Windows/ BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 29
30 Currently Supported Platforms Windows 2008 Datacenter, Enterprise, Essentials, Standard Windows 2008 R2 Datacenter, Enterprise, Essentials, Standard Windows 2012 Datacenter, Enterprise, Essentials, Standard Windows 2012 R2 Datacenter, Enterprise, Essentials, Standard RedHat Enterprise Server 5.3 & above 6.x CentOS 5.11 & above 6.x Ubuntu This list will grow based on what you need and ask for BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 30
31 Methods to deploy the sensor BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 31
32 Coming soon to a GitHub near you github.com/datacenter BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 32
33 Tetration Analytics Platform Architecture - Sensor Data
34 Looking Beyond Connectivity Application Processes and Sockets Socket > 1023 Socket = 443 Chrome NGINX Consumer Process Provider/Service Process Application developers implement business logic as code that runs as processes and threads TCP/IP which forms a foundation of the Internet was designed to allow these application processes to interact via sockets Application logic can be viewed on one level as the interaction between a group of processes and their associated sockets Understanding the inter-process communication and mapping that directly to the infrastructure provides a direct correlation between the application and the infrastructure BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 34
35 Looking Beyond Connectivity Application Processes and Sockets Socket > 1023 Socket = 80 Chrome NGINX Consumer Process Provider/Service Process #create an INET, STREAMing socket s = socket.socket( socket.af_inet, socket.sock_stream) #now connect to the web server on port 80 # - the normal http port s.connect((" 80)) #create an INET, STREAMing socket serversocket = socket.socket( socket.af_inet, socket.sock_stream) #bind the socket to a public host, # and a well-known port serversocket.bind((socket.gethostname(), 80)) #become a server socket serversocket.listen(5) BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 35
36 What do we mean by Application Visibility Internet Stack Application Application Process Process Process Process Sockets Sockets Transport Transport Network Network Network Network Data Link Data Link Data Link Data Link Physical Physical Physical Physical BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 36
37 What Does Tetration Sensor Collect Socket Connectivity, the data flows Application Application Process Process Process Process Sockets Sockets Transport Transport Network Network Network Network Data Link Data Link Data Link Data Link Physical Physical Physical Physical BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 37
38 What does the Sensor Collect Context Application Process Information: Which process is it, who started it, etc. Device Information: Buffer/ACL Drops, etc. Application Process Process Process Process Sockets Sockets Transport Transport Network Network Network Network Data Link Data Link Data Link Data Link Physical Physical Physical Physical BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 38
39 Sensor Data Process Information Host Sensor collects information about the consumer and provider processes /proc runtime system information (e.g. system memory, devices mounted, hardware configuration, etc). BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 39
40 Additional Context External Data Sources CMDB, DNS, whois, Talos (future), etc. Application Application Process Process Process Process Sockets Transport Sockets Transport Network Network Network Network Data Link Data Link Data Link Data Link APIC Physical Physical Physical Physical Pervasive Sensors Tetration Analytics Engine BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 40
41 What does the Sensor Collect Socket Level Flow Information + Context Information Understanding of what happens TO and INSIDE a flow Distributions (packet sizes, TCP windows ) Burstiness Anomaly detection Latency (application and network) Events VXLAN information Per Packet Variations Length 66 Length 9000 Accumulated Flow Information (Volume ) BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 41
42 Full vs. Sampled What happens when you sample? Full Packet Stream Flow A Flow B Flow C Flow D SYN SYNACK ACK FIN BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 42
43 Full vs. Sampled Reasons and Use Cases for Both Sampled Sampling has it s use cases, in SP environments for example High Volume, no behavioral analysis Sampling provides a good statistical model For Trends For Traffic Visibility For Volume Indication Full Depending on the number of flows and type of flows Mice flows can go completely unseen Connection Oriented flows may not be tracked properly (missed flags) Accuracy of the flow increases with the packet count Type of sampling and quality of entropy Entropy is very important BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 43
44 Tetration Examines every packet Full Packet Stream Variability within the flow Variability between the flows Changes within the flow BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 44
45 Collects the Meta-Data not the Packet Meta-Data Including Overlay VXLAN/GRE/IPinIP Encapsulated Header Ethernet Header IP Header UDP Header VXLAN Header Ethernet Header IP Header TCP Header Payload Ethernet Header IP Header TCP Header Payload Ethernet Header IP Header UDP Header Payload Privacy Risk BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 45
46 Sensor Data Flow Data Forwarding COS Overlay Type (Native, 802.1q / 802.1p, VXLAN, ivxlan, NVGRE, NSH, other) Source TEP or Port ID Destination TEP Disposition (RPF or Port Security failure, Policy drop, redirect or span) Port type (spine to leaf or leaf to host) BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 46
47 Sensor Data Accumulated Flow Information Bytes, Packet Count IP options present IP length error DF bit set Fragment seen Last TTL Accumulated TCP flags Last ACK / SEQ Sampled Packet length Sampled Packet ID BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 47
48 Sensor Data Histogram Bins #1 82 bits #2 82 bits #3 0 bits #4 165 bits Flow Cache has the notion of bins to build histograms TCP options length (8 bits) Payload length (12 bits) Receive window (6 bits) This means more visibility on the activity of flow #5 82 bits #6 82 bits #7 130 bits #8 165 bits Export Bin sizes are configurable Bins don t need to be of equal size (but need to be contiguous) Last bin will capture the configured size and above = Histogram of the flow Export BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 48
49 Sensor Data Burst Measure the burstiness of a flow Current Burst Max Burst Burst Index Flowlets Burst are measured in 32k interval Each export period is divided by 128 Flowlets are activity after a silence period (configurable) Current 128 Max 128 Burst Index - 0 Current 256 Max 256 Burst Index - 3 Current 32 Max 256 Burst Index - 3 Current 1024 Max 1024 Burst Index - 80 Current 0 Max 1024 Burst Index Flowlet #1 Silence Flowlet #2 Max Burst occurred at 62.5ms with a value of 1024 and 2 flowlets BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 49
50 Sensor Data Anomaly List TTL changed IP reserved flags are not 0 DF bit has changed Ping of death Fragment is too small to contain L4 header (TCP, UDP and SCTP) TCP SYN and FIN are set TCP SYN and RST are set TCP FIN, PSH and URG are set TCP flags are zero d TCP SYN with data TCP FIN with no ACK TCP RST with no ACK TCP SYN, FIN, RST and ACK zero d URG set but no URG pointer URG pointer with no URG flag TCP seq outside the expected range TCP seq is less than expected (rexmit) BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 50
51 Sensor Data Events RTT Sample Way of approximating the RTT based on specific packet characteristics Preset ACK & SEQ Approximation as this includes the OS network stack Uses sampling, sample taken every 8192 bytes (by default, configurable) Tracks ACK for these specific SEQ and creates an event for each By using this global configuration, if return path is via another switch the ACK is still tracked BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 51
52 RTT Sample Example Event Triggered Event time stamped Event time stamped TCP SEQN 100 TCP ACK 100 TCP SEQN 8192 TCP ACK 8192 RTT = Event ACK TS Event SEQ TS BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 52
53 Sensor Data Events Mouse Packet Export the first n packets of a flow (configurable) Analytics Changed A parameter of the flow has changed (bit mask comparison), 1 mask configurable Packet Value Match A packet field contains a specific value, 1 field configurable (mask + value) BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 53
54 Sensor Data Example Let s take this Web page request as an example Assumption is that it s the first connection, this is a new flow One flow is created per direction Flow Export Flow A B A A B B A A B B A BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 54
55 First Packet Event Event Triggered BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 55
56 Mouse Packet Event Event Triggered n = 2 (2 nd packet of a flow, within an export interval) Length BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 56
57 Analytics Changed Event Event Triggered Bitmask = sampled packet length (in the flow analytics TCAM) Sampled Length BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 57
58 Packet Value Match Event Event Triggered TTL = 64 TTL BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 58
59 Pervasive Visibility Flow Search and Forensics
60 BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 60
61 BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 61
62 BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 62
63 BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 63
64 BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 64
65 Tetration Analytics Platform Architecture - Cluster
66 Tetration Analytics Architecture Overview Data Collection Analytics Engine Visualization and Reporting Host Sensors VM Tetration Telemetry Web GUI Network Sensors Cisco Nexus 92160YC-X Cisco Nexus 93180YC-EX Cisco Tetration Analytics Platform REST API 3rd-Party Metadata Sources Configuration Data Push Events BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 66
67 The Analytics Cluster Components Hadoop Based Platform Self managed One touch deployment Tiered System Heavy Compute for Machine Learning Caching for light speed queries Extensibility (future) Messaging Bus API Access Front End Compute (Data Cleaning and Analytics) Caching (Search) Long Term Storage (Data Lake) BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 67
68 The Analytics Cluster Appliance The Analytics Cluster operates as an appliance Avoids the need for in house Big Data, Analytics expertise Supported by Cisco TAC Self Monitoring The cluster leverages a sensor architecture to track it s state and provides event based notifications for Software upgrades and full install are all automated BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 68
69 Cluster Monitoring and Maintenance BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 69
70 Collector Monitoring and Maintenance BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 70
71 Sensor Monitoring and Maintenance Sensor Throttled BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 71
72 Hardware Sensor Monitoring BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 72
73 FCS Analytics Cluster Configurations 4 x 3-Phase PDU 22.5 KW Peak Power 4 x 1-Phase PDU 11.5 KW Peak Power BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 73
74 Options for Future Cluster Models BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 74
75 Analytics Engine The Platform Hadoop Based Platform Self managed One touch deployment Tiered System Heavy Compute for Machine Learning Caching for light speed queries Extensibility (future) Messaging Bus API Access Front End Compute (Data Cleaning and Analytics) Caching (Search) Long Term Storage (Data Lake) BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 75
76 Front End GUI, RESTful API, Messaging BUS Servers hosting front end processes GUI and Operational Interfaces RESTful API (post FCS) Messaging BUS (post FCS) BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 76
77 Data Processing Pipeline Data Ingest and Processing Multiple Pipelines for different processing activities Scaled to Millions of events per second BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 77
78 Caching Layer Natural Language Search BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 78
79 Caching Layer Search Caching Layer provides a large in memory and flash based data store for real time searches e.g. 16 weeks of policy delta data accessible for real time search BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 79
80 Data Lake HDFS Storage Long Term Storage for collected observations, for pipeline processing tasks, etc Usage is based on Time Based Retention Space Based Retention Greedy Retention Max possible Retention period will depend on cluster size and observation rate K hours of available capacity at the current collection rates (587 days) BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 80
81 Standard Data Analytics Pipeline Tetration Data Analysis Various Pipelines (e.g. ADM) process the data to derive appropriate insights Data Aggregation Automated Data Discovery& Evaluation Data Prep & cleansing Statistical Analysis & Prediction Tools Reporting, Visualization or Alerts Sensor Collectors De-duplication, unification of unidirectional flows into bi-directional, annotate flows with context information, etc. GUI, REST API, Kafka, Policy Export, BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 81
82 Data Collection Sensor to Collector Data Aggregation Automated Data Discovery& Evaluation Data Prep & cleansing Statistical Analysis & Prediction Tools Reporting, Visualization or Alerts BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 82
83 Process Process Process Process Data Prep Application Sockets Transport Network Data Link Physical Network Data Link Physical Network Data Link Physical Application Sockets Transport Network Data Link Physical Collector Collector De-duplication, unification of unidirectional flows into bi-directional, annotate flows with context information, etc. Data Aggregation Automated Data Discovery& Evaluation Data Prep & cleansing Statistical Analysis & Prediction Tools Reporting, Visualization or Alerts BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 83
84 Analyzing the Data Endpoints are iteratively compared with each other to find which profiles are most similar Sensor Data: Ports provided and consumed, Addresses sent and received from, Properties of network flows, Running processes, Process originating flow, Hostname, External Context: Load balancers / DNS / route tags Human approved clusters from current or other workspaces and base cluster definition This is an example of where we use machine leaning Data Aggregation Automated Data Discovery& Evaluation Data Prep & cleansing Statistical Analysis & Prediction Tools Reporting, Visualization or Alerts BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 84
85 Machine Learning Cognitive Computing - Finding and remembering all the relationships between data, querying the matrix of relationships (Watson) Machine Learning - Remember what has happened before and then look at new data coming in that context to try and find patterns, build up a body of knowledge and then use that data to make a decision based on the new data. Can machines remember and apply what they remember to new data Deep Learning - Not trying to maintain data and relationships over time but analyze that data through better representations and create model to learn these representations from large scale unlabeled data. Succession analysis BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 85
86 Machine Learning A "Field of study that gives computers the ability to learn without being explicitly programmed Arthur Samuel (1959) The programmers construction of algorithms that can learn from and make predictions on data (as opposed to static programming instructions). 7:00 am = 65 degrees 8:00 am = 75 degrees 9:00 am = 85 degrees 77.5 degrees How warm will it be at 8:30 am tomorrow? Supervised learning: Linear regression, Logistics regression, SVMs Unsupervised learning: K-means, PCA, Anomaly detection BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 86
87 ADM Clustering Machine Learning Example BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 87
88 K-means Algorithm Finding the Clusters Randomly initialize cluster centroids Repeat { for = 1 to := index (from 1 to ) of cluster centroid closest to for = 1 to := average (mean) of points assigned to cluster } BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 88
89 BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 89
90 BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 90
91 BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 91
92 BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 92
93 BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 93
94 BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 94
95 BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 95
96 BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 96
97 BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 97
98 Silhouetting Validation of the Cluster The silhouette value is a measure of how similar an object is to its own cluster (cohesion) compared to other clusters (separation) Produces a higher degree of probability that the clustering is representational BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 98
99 Results of the Clustering Machine Learning BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 99
100 Tuning Cluster Granularity Tuning the Algorithms BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 100
101 Analyzing the Data Fitting the Curve Every data set (e.g. flow) is examined to find the best function that describes it s behaviour Comparison within and between flows can be used to find outlier or anomaly conditions Data Aggregation Automated Data Discovery& Evaluation Data Prep & cleansing Statistical Analysis & Prediction Tools Reporting, Visualization or Alerts BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 101
102 Visual Query with Flow Exploration Replay flow details like a DVR Information mapped across 25 different dimensions Thick lines indicate common flows Faint lines indicate uncommon flows BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 102
103 Outliers Switch on Outlier view to highlight uncommon flows What does ot look like it fits Outlier dimension is highlighted with purple circle BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 103
104 Tetration Application Insight
105 Why This Approach Is Different App Insight derived based on actual communication Automated grouping of similar endpoints in a cluster Keep your App Insight up-to-date based on application evolution Flexibility of using hardware or software sensors BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 105
106 Dependencies Why should I understand them? BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 106
107 Why should I understand them? What can I do with this information? BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 107
108 Why should I understand dependencies? Identify a single point of failure that should be replicated Find all the parts of a service that should be migrated together to the cloud Replace infrastructure components of an undocumented application ACI application profiles, end point groups, and contracts based on applications BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 108
109 Application Dependency Mapping Load Balancer Database App BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 109
110 Understand the communication Load Balancer Database App BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 110
111 Initial recommendations Cache Database Load Balancer App BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 111
112 Optional and minimal human supervision Load Balancer Database Cache App BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 112
113 Approve the clustering Load Balancer Database App BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 113
114 BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 114
115 Enforcement Anywhere Whitelist policy Cisco Tetration Analytics Data Whitelist policy { "src_name": "App", "dst_name": "Web", "whitelist": [ {"port": [ 0, 0 ],"proto": 1,"action": "ALLOW"}, {"port": [ 80, 80 ],"proto": 6,"action": "ALLOW"}, {"port": [ 443, 443 ],"proto": 6,"action": "ALLOW"} ] } Amazon Web Services Public Cloud Microsoft Azure Google Cloud Linux and Microsoft Windows Servers and VM Cisco ACI and Cisco Nexus 9000 Series Standalone Cisco ACI EGP/Contract Integration via Cisco ACI Toolkit Traditional Network ACL Firewall Rules Host Firewall Rules BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 115
116 Application Centric, Okay but how do I get there?
117 Policy Creation Flow Cisco Tetration Analytics Application Policy APIC Export Clusters and Policies in JSON/XML format Data ACI Toolkit Network Policy Import Policy using ACI Toolkit Automatic creation of EPGs and Contracts Nexus 9K BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 117
118 ACI Toolkit Simple toolkit built on top of APIC API Set of simple python classes Python Library Used to generate REST API calls Runs locally NX-OS like CLI Linux Commands ACI Toolkit Custom Python Scripts Small number of classes ~30 currently Intuitive names Not full functionality, most common Focused primarily on configuration APIC Preserves ACI basic concepts Tenants, EPGs, Contracts, etc. BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 118
119 Configpush Application Runs as a command line tool or a REST service. The initial expected usage is as a command line tool. Command line tool is here: tool.py Takes the JSON provided by Tetration and pushes to the APIC. It requires the APIC credentials and which tenant/app profile to place the EPGs. BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 119
120 Configpush Application Syntax python apic_tool.py -h usage: apic_tool.py [-h] [--maxlogfiles MAXLOGFILES] [--debug [{verbose,warnings,critical}]] [--config CONFIG] [-u URL] [-l LOGIN] [-p PASSWORD] [--displayonly] [--tenant TENANT] [--app APP] optional arguments: -h, --help show this help message and exit --maxlogfiles MAXLOGFILES Maximum number of log files (default is 10) --debug [{verbose,warnings,critical}] Enable debug messages. --config CONFIG Configuration file -u URL, --url URL APIC IP address -l LOGIN, --login LOGIN APIC login ID. -p PASSWORD, --password PASSWORD APIC login password. --displayonly Only display the JSON configuration. Do not actually push to the APIC. --tenant TENANT Tenant name for the configuration --app APP Application profile name for the configuration BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 120
121 Policy Simulation and Compliance
122 We know the expected communication Load Balancer Database App BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 122
123 Publish, export, and enforce Policy App Load Balancer Database BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 123
124 Publish, export, and enforce Policy App Load Balancer Database Load Balancer Provides Port 3306 BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 124
125 Publish, export, and enforce Policy App Load Balancer Database Load Balancer Provides Port 3306 Database Provides Port 3306 BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 125
126 But how do we map this to real life? App Load Balancer Database BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 126
127 But how do we map this to real life? App Load Balancer Database BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 127
128 But how do we map this to real life? App Load Balancer Database Misdropped packets! BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 128
129 But how do we map this to real life? App Load Balancer Database Misdropped packets! Escaped out of policy flow! BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 129
130 BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 130
131 BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 131
132 Policy Compliance Verification & Simulation What was seen on the network that was out of Policy Permitted Traffic Seen on the network BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 132
133 Summary
134 ACI Architecture ACI Intent (May) Traffic Analysis Lots of Data Configuration Analysis Very Large State-Space Analytics (Did) ADM Security Forensics Guarantees Compliance Consistency Assurance (Can) BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 134
135 Summary VM Pervasive flow telemetry that supports infrastructure for multiple data centers at scale Ready-to-use solution to address critical data center operational use cases Self-monitoring and eliminate the need for in-house big data expertise Open platform and northbound APIs enable transparent integration Accelerated adoption and comprehensive Solution support with Services BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 135
136 Q & A
137 Complete Your Online Session Evaluation Give us your feedback and receive a Cisco 2016 T-Shirt by completing the Overall Event Survey and 5 Session Evaluations. Directly from your mobile device on the Cisco Live Mobile App By visiting the Cisco Live Mobile Site Visit any Cisco Live Internet Station located throughout the venue T-Shirts can be collected Friday 11 March at Registration Learn online with Cisco Live! Visit us online after the conference for full access to session videos and presentations. BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 137
138 Continue Your Education Demos in the Cisco campus Walk-in Self-Paced Labs Lunch & Learn Meet the Engineer 1:1 meetings Related sessions BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 138
139 Thank you
140
Self-driving Datacenter: Analytics
Self-driving Datacenter: Analytics George Boulescu Consulting Systems Engineer 19/10/2016 Alvin Toffler is a former associate editor of Fortune magazine, known for his works discussing the digital revolution,
More informationCisco Tetration Analytics Demo. Ing. Guenter Herold Area Manager Datacenter Cisco Austria GmbH
Cisco Tetration Analytics Demo Ing. Guenter Herold Area Manager Datacenter Cisco Austria GmbH Agenda Introduction Theory Demonstration Innovation Through Engineering
More informationCisco Tetration Analytics + Demo. Ing. Guenter Herold Area Manager Datacenter Cisco Austria GmbH
Cisco Tetration Analytics + Demo Ing. Guenter Herold Area Manager Datacenter Cisco Austria GmbH Agenda Introduction Theory Demonstration Innovation Through Engineering
More informationPSOACI Tetration Overview. Mike Herbert
Tetration Overview Mike Herbert Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click Join the Discussion
More informationCisco Tetration Analytics
Cisco Tetration Analytics Real-time application visibility and policy management using advanced analytics Yogesh Kaushik, Sr. Director Product Management PSOACI-2100 Agenda Market context Introduction:
More informationCisco Tetration Analytics
Cisco Tetration Analytics Enhanced security and operations with real time analytics John Joo Tetration Business Unit Cisco Systems Security Challenges in Modern Data Centers Securing applications has become
More informationCisco Tetration Analytics
Cisco Tetration Analytics Enhanced security and operations with real time analytics Christopher Say (CCIE RS SP) Consulting System Engineer csaychoh@cisco.com Challenges in operating a hybrid data center
More informationTetration Hands-on Lab from Deployment to Operations Support
LTRACI-2184 Tetration Hands-on Lab from Deployment to Operations Support Furong Gisiger, Solutions Architect Lawrence Zhu, Sr. Solutions Architect Cisco Spark How Questions? Use Cisco Spark to communicate
More informationTitle DC Automation: It s a MARVEL!
Title DC Automation: It s a MARVEL! Name Nikos D. Anagnostatos Position Network Consultant, Network Solutions Division Classification ISO 27001: Public Data Center Evolution 2 Space Hellas - All Rights
More information2018 Cisco and/or its affiliates. All rights reserved.
Beyond Data Center A Journey to self-driving Data Center with Analytics, Intelligent and Assurance Mohamad Imaduddin Systems Engineer Cisco Oct 2018 App is the new Business Developer is the new Customer
More informationThe Why, What, and How of Cisco Tetration
The Why, What, and How of Cisco Tetration Why Cisco Tetration? With the above trends as a backdrop, Cisco has seen specific changes within the multicloud data center. Infrastructure is changing. It is
More informationIntuit Application Centric ACI Deployment Case Study
Intuit Application Centric ACI Deployment Case Study Joon Cho, Principal Network Engineer, Intuit Lawrence Zhu, Solutions Architect, Cisco Agenda Introduction Architecture / Principle Design Rollout Key
More informationIntroducing Cisco Network Assurance Engine
BRKACI-2403 Introducing Cisco Network Assurance Engine Intent Based Networking for Data Centers Sundar Iyer, Distinguished Engineer Head Cisco Network Assurance Engine Team Dhruv Jain, Director of Product
More informationSDN Security BRKSEC Alok Mittal Security Business Group, Cisco
SDN Security Alok Mittal Security Business Group, Cisco Security at the Speed of the Network Automating and Accelerating Security Through SDN Countering threats is complex and difficult. Software Defined
More informationCisco IT Tetration Deployment, Part 1 of 2
Cisco IT ACI Deployment White Papers Cisco IT Tetration Deployment, Part 1 of 2 This is the fifth white paper in a series of case studies that explain how Cisco IT deployed ACI to deliver improved business
More informationCisco Tetration Platform
Data Sheet Cisco Tetration Platform The Cisco Tetration platform addresses data center operational and security challenges by providing comprehensive workload-protection capability and unprecedented insights
More informationArchitectural overview Turbonomic accesses Cisco Tetration Analytics data through Representational State Transfer (REST) APIs. It uses telemetry data
Solution Overview Cisco Tetration Analytics and Turbonomic Solution Deploy intent-based networking for distributed applications. Highlights Provide performance assurance for distributed applications. Real-time
More informationCisco Tetration Platform
Data Sheet Cisco Tetration Platform The Cisco Tetration platform addresses data center operational and security challenges by providing comprehensive workload-protection capability and unprecedented insights
More information2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
2018 Cisco and/or its affiliates. All rights reserved. Cisco Public PSODCN-1030 Intent Based Systems Deliver Automation Dave Malik Cisco Fellow and Chief Architect Advanced Services @dmalik2 2018 Cisco
More informationModelos de Negócio na Era das Clouds. André Rodrigues, Cloud Systems Engineer
Modelos de Negócio na Era das Clouds André Rodrigues, Cloud Systems Engineer Agenda Software and Cloud Changed the World Cisco s Cloud Vision&Strategy 5 Phase Cloud Plan Before Now From idea to production:
More informationCisco Container Platform
Cisco Container Platform Pradnesh Patil Suhail Syed Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click
More informationCisco Nexus Data Broker
Data Sheet Cisco Nexus Data Broker Product Overview You used to monitor traffic mainly to manage network operations. Today, when you monitor traffic you can find out instantly what is happening throughout
More informationCisco Application Centric Infrastructure and Microsoft SCVMM and Azure Pack
White Paper Cisco Application Centric Infrastructure and Microsoft SCVMM and Azure Pack Introduction Cisco Application Centric Infrastructure (ACI) is a next-generation data center fabric infrastructure
More informationCisco Tetration Platform: Network Performance Monitoring and Diagnostics
Data Sheet Cisco Tetration Platform: Network Performance Monitoring and Diagnostics The Cisco Tetration platform, extends machine learning capability to provide unprecedented insights into network performance
More informationCisco Virtual Networking Solution for OpenStack
Data Sheet Cisco Virtual Networking Solution for OpenStack Product Overview Extend enterprise-class networking features to OpenStack cloud environments. A reliable virtual network infrastructure that provides
More informationAlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment
BRKPAR-2488 AlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment Edy Almer How to Secure and Automate Your Heterogeneous Cisco Environment Yogesh Kaushik, Senior Director Cisco Doug
More informationCisco SDN 解决方案 ACI 的基本概念
Cisco SDN 解决方案 ACI 的基本概念 Presented by: Shangxin Du(@shdu)-Solution Support Engineer, Cisco TAC Aug 26 th, 2015 2013 Cisco and/or its affiliates. All rights reserved. 1 Type Consumption Delivery Big data,
More informationCloudCenter for Developers
DEVNET-1198 CloudCenter for Developers Conor Murphy, Systems Engineer Data Centre Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the
More information5 days lecture course and hands-on lab $3,295 USD 33 Digital Version
Course: Duration: Fees: Cisco Learning Credits: Kit: DCAC9K v1.1 Cisco Data Center Application Centric Infrastructure 5 days lecture course and hands-on lab $3,295 USD 33 Digital Version Course Details
More informationRunning RHV integrated with Cisco ACI. JuanLage Principal Engineer - Cisco May 2018
Running RHV integrated with Cisco ACI JuanLage Principal Engineer - Cisco May 2018 Agenda Why we need SDN on the Data Center What problem are we solving? Introduction to Cisco Application Centric Infrastructure
More informationTechnologies for the future of Network Insight and Automation
Technologies for the future of Network Insight and Automation Richard Wade (ricwade@cisco.com) Technical Leader, Asia-Pacific Infrastructure Programmability This Session s Context Service Creation Service
More informationCisco Tetration Analytics, Release , Release Notes
Cisco Tetration Analytics, Release 2.3.1.41, Release Notes This document describes the features, caveats, and limitations for the Cisco Tetration Analytics software. The Cisco Tetration Analytics platform
More informationCisco UCS Director and ACI Advanced Deployment Lab
Cisco UCS Director and ACI Advanced Deployment Lab Michael Zimmerman, TME Vishal Mehta, TME Agenda Introduction Cisco UCS Director ACI Integration and Key Concepts Cisco UCS Director Application Container
More informationPSOACI Why ACI: An overview and a customer (BBVA) perspective. Technology Officer DC EMEAR Cisco
PSOACI-4592 Why ACI: An overview and a customer (BBVA) perspective TJ Bijlsma César Martinez Joaquin Crespo Technology Officer DC EMEAR Cisco Lead Architect BBVA Lead Architect BBVA Cisco Spark How Questions?
More informationDeveloping Microsoft Azure Solutions (70-532) Syllabus
Developing Microsoft Azure Solutions (70-532) Syllabus Cloud Computing Introduction What is Cloud Computing Cloud Characteristics Cloud Computing Service Models Deployment Models in Cloud Computing Advantages
More information70-532: Developing Microsoft Azure Solutions
70-532: Developing Microsoft Azure Solutions Exam Design Target Audience Candidates of this exam are experienced in designing, programming, implementing, automating, and monitoring Microsoft Azure solutions.
More informationKuber-what?! Learn about Kubernetes
DEVNET-1999 Kuber-what?! Learn about Kubernetes Ashley Roach, Principal Engineer Evangelist Agenda Objectives A brief primer on containers The problems with running containers at scale Orchestration systems
More informationSourcefire Network Security Analytics: Finding the Needle in the Haystack
Sourcefire Network Security Analytics: Finding the Needle in the Haystack Mark Pretty Consulting Systems Engineer #clmel Agenda Introduction The Sourcefire Solution Real-time Analytics On-Demand Analytics
More informationMulti-Cloud and Application Centric Modeling, Deployment and Management with Cisco CloudCenter (CliQr)
Multi-Cloud and Application Centric Modeling, Deployment and Management with Cisco CloudCenter (CliQr) Jeremy Oakey - Sr. Director, Technical Marketing & Integrations BRKCLD-2008 Agenda Introduction Architecture
More informationCisco SAN Analytics and SAN Telemetry Streaming
Cisco SAN Analytics and SAN Telemetry Streaming A deeper look at enterprise storage infrastructure The enterprise storage industry is going through a historic transformation. On one end, deep adoption
More informationCisco HyperFlex Systems
White Paper Cisco HyperFlex Systems Install and Manage Cisco HyperFlex Systems in a Cisco ACI Environment Original Update: January 2017 Updated: March 2018 Note: This document contains material and data
More informationDevNet Technical Breakout: Introduction to ACI Programming and APIs.
DevNet Technical Breakout: Introduction to ACI Programming and APIs. Michael Cohen Agenda Introduction to ACI ACI Policy ACI APIs REST API Python API L4-7 Scripting Opflex 3 Application Centric Infrastructure
More informationThe Next Opportunity in the Data Centre
The Next Opportunity in the Data Centre Application Centric Infrastructure Soni Jiandani Senior Vice President, Cisco THE NETWORK IS THE INFORMATION BROKER FOR ALL APPLICATIONS Applications Are Changing
More informationQualys Cloud Platform
18 QUALYS SECURITY CONFERENCE 2018 Qualys Cloud Platform Looking Under the Hood: What Makes Our Cloud Platform so Scalable and Powerful Dilip Bachwani Vice President, Engineering, Qualys, Inc. Cloud Platform
More information70-532: Developing Microsoft Azure Solutions
70-532: Developing Microsoft Azure Solutions Objective Domain Note: This document shows tracked changes that are effective as of January 18, 2018. Create and Manage Azure Resource Manager Virtual Machines
More informationSecurity Considerations for Cloud Readiness
Application Note Zentera Systems CoIP Platform CoIP Defense-in-Depth with Advanced Segmentation Advanced Segmentation is Essential for Defense-in-Depth There is no silver bullet in security a single solution
More informationCisco Cloud Architecture with Microsoft Cloud Platform Peter Lackey Technical Solutions Architect PSOSPG-1002
Cisco Cloud Architecture with Microsoft Cloud Platform Peter Lackey Technical Solutions Architect PSOSPG-1002 Agenda Joint Cisco and Microsoft Integration Efforts Introduction to CCA-MCP What is a Pattern?
More informationCisco CloudCenter Solution with Cisco ACI: Common Use Cases
Cisco CloudCenter Solution with Cisco ACI: Common Use Cases Cisco ACI increases network security, automates communication policies based on business-relevant application requirements, and decreases developer
More informationCisco Tetration Application Segmentation
Data Sheet Cisco Tetration Application Segmentation The Cisco Tetration platform using application insight and white-list based policy model, simplifies the implementation of zero-trust model. It enables
More informationSolution Overview Cisco Tetration Analytics and AlgoSec: Business Application Connectivity Visibility, Policy Enforcement, and Business-Based Risk and
Solution Overview Cisco Tetration Analytics and AlgoSec: Business Application Connectivity Visibility, Policy Enforcement, and Business-Based Risk and Compliance Management Through the integration of AlgoSec
More informationCisco Application Centric Infrastructure
Data Sheet Cisco Application Centric Infrastructure What s Inside At a glance: Cisco ACI solution Main benefits Cisco ACI building blocks Main features Fabric Management and Automation Network Security
More informationCisco Application Centric Infrastructure (ACI) Simulator
Data Sheet Cisco Application Centric Infrastructure (ACI) Simulator Cisco Application Centric Infrastructure Overview Cisco Application Centric Infrastructure (ACI) is an innovative architecture that radically
More informationGetting Started with AWS Security
Getting Started with AWS Security Tomas Clemente Sanchez Senior Consultant Security, Risk and Compliance September 21st 2017 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Move
More informationVirtual Machine Manager Domains
This chapter contains the following sections: Cisco ACI VM Networking Support for Virtual Machine Managers, page 1 VMM Domain Policy Model, page 3 Virtual Machine Manager Domain Main Components, page 3,
More informationDisclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme
SAI2803BU The Road to Micro- Segmentation with VMware NSX #VMworld #SAI2803BU Disclaimer This presentation may contain product features that are currently under development. This overview of new technology
More informationCisco Cloud Application Centric Infrastructure
Cisco Cloud Application Centric Infrastructure About Cisco cloud application centric infrastructure Cisco Cloud Application Centric Infrastructure (Cisco Cloud ACI) is a comprehensive solution for simplified
More information主題 :Cisco Data Tetration Solution - 思科大數據維運解決方案 公司名稱 :Cisco Systems
主題 :Cisco Data Tetration Solution - 思科大數據維運解決方案 公司名稱 :Cisco Systems 主講人 : 大中華區數據中心事業部 首席技術顧問錢小山 Tetration 1 2 3 4 Addition Multiplication Exponentiation Tetration a + n = a + 1 + 1 +... + 1 n a x n = a
More informationThe Virtualisation Security Journey: Beyond Endpoint Security with VMware and Symantec
The Virtualisation Security Journey: Beyond Endpoint Security with VMware and Symantec James Edwards Product Marketing Manager Dan Watson Senior Systems Engineer Disclaimer This session may contain product
More informationOracle IaaS, a modern felhő infrastruktúra
Sárecz Lajos Cloud Platform Sales Consultant Oracle IaaS, a modern felhő infrastruktúra Copyright 2017, Oracle and/or its affiliates. All rights reserved. Azure Window collapsed Oracle Infrastructure as
More informationAutomate Application Deployment with F5 Local Traffic Manager and Cisco Application Centric Infrastructure
Automate Application Deployment with F5 Local Traffic Manager and Cisco Application Centric Infrastructure White Paper 2016 Cisco F5 Networks. All rights reserved. Page 1 Contents What You Will Learn...
More informationDeploy Microsoft SQL Server 2014 on a Cisco Application Centric Infrastructure Policy Framework
White Paper Deploy Microsoft SQL Server 2014 on a Cisco Application Centric Infrastructure Policy Framework August 2015 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
More informationData Center and Cloud Automation
Data Center and Cloud Automation Tanja Hess Systems Engineer September, 2014 AGENDA Challenges and Opportunities Manual vs. Automated IT Operations What problem are we trying to solve and how do we solve
More informationHybrid Cloud Solutions
Hybrid Cloud Solutions with Cisco and Microsoft Innovation Rob Tappenden, Technical Solution Architect rtappend@cisco.com March 2016 Today s industry and business challenges Industry Evolution & Data Centres
More informationPowerful Insights with Every Click. FixStream. Agentless Infrastructure Auto-Discovery for Modern IT Operations
Powerful Insights with Every Click FixStream Agentless Infrastructure Auto-Discovery for Modern IT Operations The Challenge AIOps is a big shift from traditional ITOA platforms. ITOA was focused on data
More informationThe Transformation of Media & Broadcast Video Production to a Professional Media Network
The Transformation of Media & Broadcast Video Production to a Professional Media Network Subha Dhesikan, Principal Engineer Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after
More informationVXLAN Overview: Cisco Nexus 9000 Series Switches
White Paper VXLAN Overview: Cisco Nexus 9000 Series Switches What You Will Learn Traditional network segmentation has been provided by VLANs that are standardized under the IEEE 802.1Q group. VLANs provide
More informationEvolution of Data Center Security Automated Security for Today s Dynamic Data Centers
Evolution of Data Center Security Automated Security for Today s Dynamic Data Centers Speaker: Mun Hossain Director of Product Management - Security Business Group Cisco Twitter: @CiscoDCSecurity 2 Any
More informationDelivering Intent for Data Center Networking
INSDCT-2521 Delivering Intent for Data Center Networking Ish Limkakeng SVP Product Management, Data Center Networking Group Network Compute Storage Data Center INSDCT-2521 2018 Cisco and/or its affiliates.
More informationDesign Guide for Cisco ACI with Avi Vantage
Page 1 of 23 Design Guide for Cisco ACI with Avi Vantage view online Overview Cisco ACI Cisco Application Centric Infrastructure (ACI) is a software defined networking solution offered by Cisco for data
More informationAppDefense Getting Started. VMware AppDefense
AppDefense Getting Started VMware AppDefense You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about this documentation, submit
More informationSYMANTEC DATA CENTER SECURITY
SYMANTEC DATA CENTER SECURITY SYMANTEC UNIFIED SECURITY STRATEGY Users Cyber Security Services Monitoring, Incident Response, Simulation, Adversary Threat Intelligence Data Threat Protection Information
More informationDeveloping Microsoft Azure Solutions (70-532) Syllabus
Developing Microsoft Azure Solutions (70-532) Syllabus Cloud Computing Introduction What is Cloud Computing Cloud Characteristics Cloud Computing Service Models Deployment Models in Cloud Computing Advantages
More informationDC: Le Converged Infrastructure per Software Defined e Cloud Cisco NetApp - Softway. Luigi MARCOCCHIA SOFTWAY
DC: Le Converged Infrastructure per Software Defined e Cloud Cisco NetApp - Softway Luigi MARCOCCHIA SOFTWAY Today s Businesses Require Greater Agility Focus on increasing speed of business Customers expect
More informationIpswitch: The New way of Network Monitoring and how to provide managed services to its customers
BRKPAR-2333 Ipswitch: The New way of Network Monitoring and how to provide managed services to its customers Paolo Ferrari, Senior Director Sales Southern Europe, Ipswitch, Inc. WhatsUp Gold Jan 2018 Agenda
More informationTrends and challenges Managing the performance of a large-scale network was challenging enough when the infrastructure was fairly static. Now, with Ci
Solution Overview SevOne SDN Monitoring Solution 2.0: Automate the Operational Insight of Cisco ACI Based Infrastructure What if you could automate the operational insight of your Cisco Application Centric
More informationCisco Application Policy Infrastructure Controller Data Center Policy Model
White Paper Cisco Application Policy Infrastructure Controller Data Center Policy Model This paper examines the Cisco Application Centric Infrastructure (ACI) approach to modeling business applications
More informationACI Terminology. This chapter contains the following sections: ACI Terminology, on page 1. Cisco ACI Term. (Approximation)
This chapter contains the following sections:, on page 1 Alias API Inspector App Center Alias A changeable name for a given object. While the name of an object, once created, cannot be changed, the Alias
More informationPasiruoškite ateičiai: modernus duomenų centras. Laurynas Dovydaitis Microsoft Azure MVP
Pasiruoškite ateičiai: modernus duomenų centras Laurynas Dovydaitis Microsoft Azure MVP 2016-05-17 Tension drives change The datacenter today Traditional datacenter Tight coupling between infrastructure
More informationExam : Implementing Microsoft Azure Infrastructure Solutions
Exam 70-533: Implementing Microsoft Azure Infrastructure Solutions Objective Domain Note: This document shows tracked changes that are effective as of January 18, 2018. Design and Implement Azure App Service
More informationCompare Security Analytics Solutions
Compare Security Analytics Solutions Learn how Cisco Stealthwatch compares with other security analytics products. This solution scales easily, giving you visibility across the entire network. Stealthwatch
More informationCloud-Ready WAN For IAAS & SaaS With Cisco s Next- Gen SD-WAN
BRKCRS-2113 Cloud-Ready WAN For IAAS & SaaS With Cisco s Next- Gen SD-WAN Sumanth Kakaraparthi Product Leader SD-WAN Manan Shah Director Of Product Management Cisco Spark How Questions? Use Cisco Spark
More informationThink Small to Scale Big
Think Small to Scale Big Intro to Containers for the Datacenter Admin Pete Zerger Principal Program Manager, MVP pete.zerger@cireson.com Cireson Lee Berg Blog, e-mail address, title Company Pete Zerger
More informationOrchestrating the Cloud Infrastructure using Cisco Intelligent Automation for Cloud
Orchestrating the Cloud Infrastructure using Cisco Intelligent Automation for Cloud 2 Orchestrate the Cloud Infrastructure Business Drivers for Cloud Long Provisioning Times for New Services o o o Lack
More informationTRex Realistic Traffic Generator
DEVNET-1120 TRex Realistic Traffic Generator Hanoch Haim, Principal Engineer Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco
More informationA10 HARMONY CONTROLLER
DATA SHEET A10 HARMONY CONTROLLER AGILE MANAGEMENT, AUTOMATION, ANALYTICS FOR MULTI-CLOUD ENVIRONMENTS PLATFORMS A10 Harmony Controller provides centralized agile management, automation and analytics for
More informationMulti-Cloud and Application Centric Modeling, Deployment and Management with Cisco CloudCenter (CliQr)
Multi-Cloud and Application Centric Modeling, Deployment and Management with Cisco CloudCenter (CliQr) Jeremy Oakey Senior Director, Technical Marketing and Integrations Agenda Introduction Architecture
More informationSolution Overview Gigamon Visibility Platform for AWS
Solution Overview Gigamon Visibility Platform for Background With the rapid evolution of the public cloud that brings instant advantages of economies of scale, elasticity and agility, IT and data center
More informationCHARTING THE FUTURE OF SOFTWARE DEFINED NETWORKING
www.hcltech.com CHARTING THE FUTURE OF SOFTWARE DEFINED NETWORKING Why Next-Gen Networks? The rapid and large scale adoption of new age disruptive digital technologies has resulted in astronomical growth
More informationIntelligent Edge Protection
Intelligent Edge Protection Sicherheit im Zeitalter von IoT und Mobility September 26, 2017 Flexible consumption Beacons, sensors and geo-positioning Driven by agile DevOps Mobile users, apps and devices
More informationREFERENCE ARCHITECTURE. Rubrik and Nutanix
REFERENCE ARCHITECTURE Rubrik and Nutanix TABLE OF CONTENTS INTRODUCTION - RUBRIK...3 INTRODUCTION - NUTANIX...3 AUDIENCE... 4 INTEGRATION OVERVIEW... 4 ARCHITECTURE OVERVIEW...5 Nutanix Snapshots...6
More informationBuild application-centric data centers to meet modern business user needs
Build application-centric data centers to meet modern business user needs Citrix.com Table of contents Meeting current business challenges...3 Device package integration...5 Policy-based service insertion...6
More informationVxRack FLEX Technical Deep Dive: Building Hyper-converged Solutions at Rackscale. Kiewiet Kritzinger DELL EMC CPSD Snr varchitect
VxRack FLEX Technical Deep Dive: Building Hyper-converged Solutions at Rackscale Kiewiet Kritzinger DELL EMC CPSD Snr varchitect Introduction to hyper-converged Focus on innovation, not IT integration
More informationMcAfee Network Security Platform 9.1
9.1.7.15-9.1.5.9 Manager-NS-series Release Notes McAfee Network Security Platform 9.1 Revision A Contents About this release New features Enhancements Resolved issues Installation instructions Known issues
More informationCisco Application Centric Infrastructure
Cisco Application Centric Infrastructure Cisco Application Centric Infrastructure (Cisco ACI ) is the industry s most secure, open, and comprehensive Software-Defined Networking (SDN) solution. It radically
More informationCisco Integrated System for Microsoft Azure Stack
Cisco Integrated System for Microsoft Azure Stack Siva Sivakumar, Sr. Director, Cisco Computing Systems Product Group PSOCLD-1300 Agenda Trends Microsoft Azure Stack Overview The Cisco Solution Cisco Solution
More informationRouting Underlay and NFV Automation with DNA Center
BRKRST-1888 Routing Underlay and NFV Automation with DNA Center Prakash Rajamani, Director, Product Management Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session
More informationCLOUDLENS PUBLIC, PRIVATE, AND HYBRID CLOUD VISIBILITY
CLOUDLENS PUBLIC, PRIVATE, AND HYBRID CLOUD VISIBILITY ORGANIZATIONS NEED VISIBILITY TO SECURE AND MONITOR THEIR CLOUD ENVIRONMENTS Organizations are migrating workloads to the cloud because it offers
More informationExploring Cloud Security, Operational Visibility & Elastic Datacenters. Kiran Mohandas Consulting Engineer
Exploring Cloud Security, Operational Visibility & Elastic Datacenters Kiran Mohandas Consulting Engineer The Ideal Goal of Network Access Policies People (Developers, Net Ops, CISO, ) V I S I O N Provide
More informationBest Practices in Securing a Multicloud World
Best Practices in Securing a Multicloud World Actions to take now to protect data, applications, and workloads We live in a multicloud world. A world where a multitude of offerings from Cloud Service Providers
More informationWhat is New in Cisco ACE 4710 Application Control Engine Software Release 3.1
What is New in Cisco ACE 4710 Application Control Engine Software Release 3.1 PB478675 Product Overview The Cisco ACE Application Control Engine 4710 represents the next generation of application switches
More information