Cisco Tetration Analytics Demo. Ing. Guenter Herold Area Manager Datacenter Cisco Austria GmbH

Transcription

1

2 Cisco Tetration Analytics Demo Ing. Guenter Herold Area Manager Datacenter Cisco Austria GmbH

3 Agenda Introduction Theory Demonstration

4

5 Innovation Through Engineering <9 Months spent on Planning $1B OPEX Shifts 25,000 $6.3B 30% of FY15 revenue are based on Agile and DevOps >1000 Employees on involved Open Source in Open Source Projects Projects Alpha 8Projects DLT members changing roles Engineering contributed Cisco Net Income growth of of 6% (Q3 15) Cisco Tetration Analytics 190 Tetration patents

6 Architecture POLICY ACI Intent (May) Traffic Analysis Lots of Data Configuration Analysis Very Large State- Space Analytics (Did) ADM Security Forensics Guarantees Compliance Consistency Assurance (Can) BRKDCN

7 Innovation Through Engineering <9 Months spent on Planning $1B OPEX Shifts 25,000 $6.3B 30% of FY15 revenue are based on Agile and DevOps >1000 Employees on involved Open Source in Open Source Projects Projects Alpha 8Projects DLT members changing roles Engineering contributed Cisco Net Income growth of 6% (Q3 15) Cisco Tetration Analytics 190 Tetration patents

8 Cisco Tetration Analytics Focus Areas Compliance Visibility and Forensics Cisco Tetration Analytics New Application Segmentation (Automated Policy Enforcement) Policy Application Insight TETRATION ANALYTICS 1.0 (Policy Recommendation) Action TETRATION ANALYTICS 2.0 (Application Segmentation)

9 Cisco Tetration Analytics Use Cases Application Insight and Dependency Automated Whitelist Policy Generation New Application Segmentation (Automated Policy Enforcement) Policy Simulation and Impact Assessment Policy Compliance and Auditability Forensics: Every Packet, Every Flow, Every Speed

10 Datacenter Wide Traffic Flow Visibility Detail information about the flow Information about Consumer Provider and type of traffic

11 You Can t Protect What You Don t See 60% 85% 54% of data is stolen in HOURS of point-of-sale intrusions aren t discovered for WEEKS of breaches remain undiscovered for MONTHS 51% increase in companies reporting a $10 million or more loss in the last 3 YEARS A community that hides in plain sight avoids detection and attacks swiftly. Cisco Security Annual Security Report.

12 Whitelist Policy Model

13 Whitelist Policy Recommendation Application Discovery Web Tier App Tier DB Tier Storage Storage Whitelist Policy Recommendation (Available in JSON, XML, and YAML) Policy Enforcement

14 Real-Time and Historical Policy Simulation BM BM BM Cisco Tetration Analytics Platform Validating policy impact assessment in real time Simulating policy changes over historic traffic View traffic outliers for quick intelligence Audit becomes a function of continuous machine learning

15 Policy Compliance BM BM BM BM Cisco Tetration Analytics Platform Identify policy deviations in real-time Review and update whitelist policy with one click Policy lifecycle management

16 The Real Value is Business and Operational Insight Increased Visibility Insightful Data Application Discovery (DC Network) Dependency Mapping (Security) Dependency Mapping (Migrations) Security Policy Enforcement Auditing Security Enforcement Policy Verification ~ what if Threat Detection / DDOS / Policy Discovery /Enforce/ Mgmt Visibility Flow Search Deviation Detection Policy Management Simulation and Impact Assessment Compliance

17 Tetration Analytics Architecture Overview Data Collection Analytics Engine Visualization and Reporting Host Sensors Tetration Telemetry Web GUI Network Sensors Cisco Nexus 92160YC-X Cisco Nexus 93180YC-EX Cisco Tetration Analytics Platform REST API 3rd-Party Metadata Sources Configuration Data Push Events

18 Tetration Analytics Data Sources Software Sensors Available Now Network Sensors Next Generation 9K switches Third Party Sources 3 rd party Data Sources Linux Windows Server Bare Metal (Linux and Windows Server) Universal* (Basic Sensor for other OS) Nexus 9200-X Nexus 9300-EX Asset Tagging Load Balancers IP Address Management CMDB *Note: No per-packet Telemetry, Not an enforcement point New! Enforcement Point (Software agents) Low CPU Overhead (SLA enforced) Low Network Overhead (SLA enforced) Highly Secure (Code Signed, Authenticated) Every Flow (No sampling), NO PAYLOAD

19 Application Discovery and Endpoint Grouping BM BM Bare-metal,, & switch telemetry BM Cisco Nexus 9000 Series Network-only sensors, host-only sensors, or both (preferred) BM BM Brownfield Bare-metal & telemetry Cisco Tetration Analytics Platform BM BM Bare metal and BM BM BM On-premises and cloud workloads (AWS) telemetry (AMI ) Unsupervised machine learning Behavior analysis BM BM

20 What does the Sensor Collect Application Process Process Process Information: Which process is it, who started it, etc. Device Information: Buffer/ACL Drops, etc. Application Process Process Sockets Transport Sockets Transport Network Network Network Network Data Link Data Link Data Link Data Link Physical Physical Physical Physical BRKDCN

21 Different Problems will need Different Data Sources Security, Application Troubleshooting Application Process Process Sockets Transport Network Data Link Physical Network Data Link Physical Application Heath, Performance, Monitoring, Discovery Network Heath, Performance, Monitoring, Capacity

22 Hardware Sensor and Software Sensor Software Sensor Process mapping Process ID Process owner Flow details Interpacket variations Hardware Sensor Tunnel endpoints Buffer utilization Burst detections Packet drops Accumulated Flow Information (Volume )

23 What We Discovered: To and From DVProd Database Internet Internet IP Storage NAS TA Cluster Hadoop Prod DBs Non-Prod DBs Labs Non-Production Databases LABs Kicker Infra APPs DB Proxy Monitoring APPs

24 Tetration Analytics and Before After Complex data center environment Lack of automation Lack of understanding into each tenant environment Exposure to risk of downtime too great to migrate applications safely Visibility across multi-tenant data center Move from tribal knowledge to data-driven decision making Reduction in time to understand application dependencies Migration to ACI with little downtime risk

25 Data Points Understanding of what happens INSIDE a flow Distributions (packet sizes, TCP windows ) Burstiness Anomaly detection Latency (application and network) VXLAN information High rate export capabilities 100ms for Hardware 1s for Software 35

26 Context Information What happens around this flow? Which process owns this flow? Who runs it? What are the buffer status? But also external information GeoDB, DNS, reputation lists 36

27 Collects the Meta-Data not the Packet Meta-Data Including Overlay VXLAN/GRE/IPinIP Encapsulated Header Ethernet Header IP Header UDP Header VXLAN Header Ethernet Header IP Header TCP Header Payload Ethernet Header IP Header TCP Header Payload Ethernet Header IP Header UDP Header Payload Privacy Risk

28 Sensor Technology Standard Sensors HW Sensors UniversalSensors RHEL (64 bit) 5.x,6.x,7.x CentOS (64 bit) 5.x,6.x,7.x Oracle Linux (64 bit) 6.x,7.x SUSE 11.2,11.3,11.4,12.1, 12.2 Ubuntu 12.04,14.04,14.10 Windows Server 2008 R1/R2 Essentials / Standard / Enterprise/DataCenter Windows Server 2012 R2/R2/Essentials/Standard/ Enterprise/DataCenter Cisco Nexus 9K Leave with: 92160YC-X 93180YC-EX Spine with: X9732C-EX C* Mainfarme Z (trial) AIX-ppc 5.3,6.1,7.1,7.2 (trial) Solaris (x86_64) RHL 4.x,5.x (31 bit -386/amd) CentOS 4.x, 5.x (32 bit) Windows XP,2003 (32 bit) Windows Server 2008 (32 bit)

29 Tetration Analytics: Deployment Options On-Premise Options Public Cloud Cisco Tetration Analytics (Large Form Factor) Suitable for deployments more than 1000 workloads Built in redundancy Scales up to 10,000 workloads Includes: 36 x UCS C-220 servers 3 x Nexus 9300 switches Cisco Tetration-M (Small Form Factor) Suitable for deployments under 1000 workloads Includes: 6 x UCS C-220 servers 2 x Nexus 9300 switches Cisco Tetration Cloud Software deployed in AWS Suitable for deployments under 1000 workloads AWS instance owned by customer Amazon Web Services

30 Tetration Analytics: Deployment Options On-Premise Options Public Cloud Cisco Tetration Analytics (Large Form Factor) Suitable for deployments more than 1000 workloads Built in redundancy Scales up to 10,000 workloads Includes: 36 x UCS C-220 servers 3 x Nexus 9300 switches Cisco Tetration-M (Small Form Factor) Suitable for deployments under 1000 workloads Includes: 6 x UCS C-220 servers 2 x Nexus 9300 switches Cisco Tetration Cloud Software deployed in AWS Suitable for deployments under 1000 workloads AWS instance owned by customer Amazon Web Services

31 Host Based Enforcement A trusted module inside the workload enforces your intent Workload Workload Workload Workload VLANs BDs Port Groups Interfaces Subnets EPGs Security Groups Security Groups ACLs Contracts Security Rules Security Rules 7K 5K 2K ACI Hypervisor AWS

32 Security Intent is rendered as security rules in native host firewalls Same level of security, any infrastructure. Process Application Denies Allows End Point Infrastructure

33 Virtual Process Application Process Application Denies Allows Denies Allows End Point End Point Bare metal Process Application Denies Allows End Point Network Infrastructure Hypervisor Virtual Network Network Infrastructure Any Infrastructure Any Networking Same Security Model Rich Context Cloud Process Application Denies Allows End Point Cloud Infrastructure

34 Mobility Intent stays with the endpoint, no matter the infrastructure it resides on EP EP VLANs Interfaces Subnets ACLs Tetration calculates all necessary rule changes and automatically applies Security Groups Security Rules 7K 5K 2K Cloud

35 Why should I understand dependencies? Identify a single point of failure that should be replicated Find all the parts of a service that should be migrated together to the cloud Replace infrastructure components of an undocumented application ACI application profiles, end point groups, and contracts based on applications 45

36 Application Dependency Mapping Load Balancer Database App 46

37 Understand the communication Load Balancer Database App 47

38 Initial recommendations Cache Database Load Balancer App 48

39 Optional and minimal human supervision Load Balancer Database Cache App 49

40 Approve the clustering Load Balancer Database App 50

41 Enforcement Anywhere Whitelist policy Cisco Tetration Analytics Data Whitelist policy { "src_name": "App", "dst_name": "Web", "whitelist": [ {"port": [ 0, 0 ],"proto": 1,"action": "ALLOW"}, {"port": [ 80, 80 ],"proto": 6,"action": "ALLOW"}, {"port": [ 443, 443 ],"proto": 6,"action": "ALLOW"} ] } Amazon Web Services Public Cloud Microsoft Azure Google Cloud Linux and Microsoft Windows Servers and Cisco ACI and Cisco Nexus 9000 Series Standalone Cisco ACI Traditional EGP/Contract Network ACL Integration via Cisco ACI Toolkit Firewall Rules Host Firewall Rules 51

42 Demo Time

43