Cisco Tetration Analytics

Similar documents
Cisco Tetration Analytics

PSOACI Tetration Overview. Mike Herbert

Tetration Hands-on Lab from Deployment to Operations Support

Self-driving Datacenter: Analytics

The Why, What, and How of Cisco Tetration

Cisco Tetration Analytics Demo. Ing. Guenter Herold Area Manager Datacenter Cisco Austria GmbH

Cisco Tetration Platform: Network Performance Monitoring and Diagnostics

Title DC Automation: It s a MARVEL!

Cisco Tetration Analytics + Demo. Ing. Guenter Herold Area Manager Datacenter Cisco Austria GmbH

Cisco Tetration Analytics

Cisco Tetration Analytics, Release , Release Notes

Cisco Tetration Application Segmentation

Cisco Tetration Platform

Cisco Tetration Platform

Cisco IT Tetration Deployment, Part 1 of 2

Architectural overview Turbonomic accesses Cisco Tetration Analytics data through Representational State Transfer (REST) APIs. It uses telemetry data

Qualys Cloud Platform

Exploring Cloud Security, Operational Visibility & Elastic Datacenters. Kiran Mohandas Consulting Engineer

A10 HARMONY CONTROLLER

AlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment

Unlock the Power of Data

DATA SHEET AlienVault USM Anywhere Powerful Threat Detection and Incident Response for All Your Critical Infrastructure

2018 Cisco and/or its affiliates. All rights reserved.

Solution Overview Cisco Tetration Analytics and AlgoSec: Business Application Connectivity Visibility, Policy Enforcement, and Business-Based Risk and

Service Mesh and Microservices Networking

Modelos de Negócio na Era das Clouds. André Rodrigues, Cloud Systems Engineer

Powerful Insights with Every Click. FixStream. Agentless Infrastructure Auto-Discovery for Modern IT Operations

Cisco Application Centric Infrastructure

Developing Microsoft Azure Solutions (70-532) Syllabus

70-414: Implementing an Advanced Server Infrastructure Course 01 - Creating the Virtualization Infrastructure

Network Operations Analytics

Cisco ACI Simulator VM Installation Guide

Cisco Application Centric Infrastructure (ACI) Simulator

SEVONE END USER EXPERIENCE

vrealize Operations Management Pack for NSX for Multi-Hypervisor

vcenter Operations Management Pack for NSX-vSphere

Virtualized Network Services SDN solution for service providers

Cisco Enterprise Cloud Suite Overview Cisco and/or its affiliates. All rights reserved.

Oracle Enterprise Manager 12c IBM DB2 Database Plug-in

5 days lecture course and hands-on lab $3,295 USD 33 Digital Version

Compare Security Analytics Solutions

Trends and challenges Managing the performance of a large-scale network was challenging enough when the infrastructure was fairly static. Now, with Ci

Developing Microsoft Azure Solutions (70-532) Syllabus

Storage Networking Strategy for the Next Five Years

vrealize Operations Management Pack for NSX for vsphere 2.0

Trisul Network Analytics - Traffic Analyzer

Oracle Enterprise Manager 12c Sybase ASE Database Plug-in

for Multi-Services Gateways

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson

Juniper Networks AppFormix /TRY Training Script

Network Behavior Analysis

Weiterentwicklung von OpenStack Netzen 25G/50G/100G, FW-Integration, umfassende Einbindung. Alexei Agueev, Systems Engineer

Cisco SAN Analytics and SAN Telemetry Streaming

SEVONE DATA APPLIANCE FOR EUE

VXLAN Overview: Cisco Nexus 9000 Series Switches

Video-Aware Networking: Automating Networks and Applications to Simplify the Future of Video

Cisco Extensible Network Controller

Developing Microsoft Azure Solutions (70-532) Syllabus

EBOOK: VMware Cloud on AWS: Optimized for the Next-Generation Hybrid Cloud

Azure Learning Circles

USM Anywhere AlienApps Guide

Cisco UCS Performance Manager

Cisco ACI Virtual Machine Networking

vrealize Operations Management Pack for NSX for vsphere 3.0

Overview SENTINET 3.1

Cisco Unified Computing System Delivering on Cisco's Unified Computing Vision

Cisco Application Centric Infrastructure

Cisco Nexus Data Broker

vrealize Operations Management Pack for NSX for vsphere 3.5.0

Virtualized Network Services SDN solution for enterprises

Assure the Health of Your Network

Stratusphere Solutions

Intuit Application Centric ACI Deployment Case Study

Community Edition Getting Started Guide. July 25, 2018

Data Sheet. Monitoring Automation for Web-Scale Networks MONITORING AUTOMATION FOR WEB-SCALE NETWORKS -

Cisco Tetration Analytics Platform: A Dive into Blazing Fast Deep Storage

Cisco CloudCenter Solution with Cisco ACI: Common Use Cases

Technologies for the future of Network Insight and Automation

Fundamentals and Deployment of Cisco SD-WAN Duration: 3 Days (24 hours) Prerequisites

VMware vcenter AppSpeed User s Guide AppSpeed 1.0 EN

Tetration Analytics - Network Analytics & Machine Learning Enhancing Data Center Security and Operations

Multi-Cloud and Application Centric Modeling, Deployment and Management with Cisco CloudCenter (CliQr)

2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

Pluribus UNUM Platform

Deploy Microsoft SQL Server 2014 on a Cisco Application Centric Infrastructure Policy Framework

Qualys Cloud Platform

Cisco ACI Virtual Machine Networking

CloudHealth. AWS and Azure On-Boarding

NetFlow Optimizer. Overview. Version (Build ) May 2017

Installation Guide Revision B. McAfee Cloud Workload Security 5.0.0

70-532: Developing Microsoft Azure Solutions

NFV Infrastructure for Media Data Center Applications

Cisco ACI Simulator Release Notes, Release 1.1(1j)

Cisco Data Center Network Manager 5.1

MP-BGP VxLAN, ACI & Demo. Brian Kvisgaard System Engineer, CCIE SP #41039 November 2017

VMware vsphere 4.0 The best platform for building cloud infrastructures

Subscriber Data Correlation

Exam : Implementing Microsoft Azure Infrastructure Solutions

Data Center and Cloud Automation

Transform to Your Cloud

Transcription:

Cisco Tetration Analytics Enhanced security and operations with real time analytics Christopher Say (CCIE RS SP) Consulting System Engineer csaychoh@cisco.com

Challenges in operating a hybrid data center Know your applications: what is running and what is critical Where is congestion, and which application flows are affected? Visibility into traffic path for every flow in real time Time-series view of events for faster diagnostics Which traffic is going through which links? Key performance indicators across the path workload <-> fabric Where are the packet drops happening? What is the latency?

Security Challenges in Modern Data Centers Securing applications has become complex Rapid application deployment Continuous development Application mobility Microservices Policy enforcement Heterogeneous network Zero-trust security Policy compliance Applications are driving modern data center infrastructure 2018 Cisco and/or its affiliates. All rights reserved.

2018 Cisco and/or its affiliates. All rights reserved.

Introducing Tetration Software & Network Sensors: See everything OS Sensor Windows Linux Mid-Range Universal Network Sensor Cloud-Scale Nexus Nexus 9000 X v Data Analytics & Machine Learning Engine Open Access Analytics Cluster Appliance model On-Premise or Cloud Billions of Events Meta-Data generated from every packet Ingest Store Analyse Learn Simulate Act APPLICATION INSIGHT FLOW SEARCH & FORENSICS SEGMENTATION & COMPLIANCE Web Rest API Event Bus Lab 2018 Cisco and/or its affiliates. All rights reserved.

Operations Security Cisco Tetration Use cases Visibility and forensics Policy Application insight Policy simulation Neighborhood graphs & Cloud Migration Cisco Tetration Application segmentation Process inventory Compliance 2018 Cisco and/or its affiliates. All rights reserved.

Cisco Tetration Architecture overview Access mechanism Web GUI REST API Event notification Cisco Tetration apps Analytics engine Third-party sources (configuration data) Bring your own data (streaming telemetry) Software sensor and enforcement Data collection layer Embedded network sensors (telemetry only)

Cisco Tetration data sources Software sensors Available today Network sensors Next-generation Cisco Nexus Series Switches Third-party sources Third-party data sources Linux servers (virtual machine and bare metal) Windows servers (virtual machines and bare metal) Windows Desktop VM (virtual desktop infrastructure only) Cisco Nexus 9300 EX* Cisco Nexus 9300 FX Asset tagging Load balancers IP address management CMDB *Note: Not all network performance functionality is supported on this switch series Main features Low CPU overhead (SLA enforced) Low network overhead New: Enforcement point (software agents) Highly secure (code signed and authenticated) Every flow (no sampling) and no payload

Real-time asset tagging

User-uploaded asset tags Discovered inventory User-uploaded inventory and metadata (32 arbitrary tags) Inventory tracked in real time, along with historical trends Cisco Tetration Analytics sensor feed VMware vcenter (virtual machine attributes) AWS attributes (AWS tags) User-uploaded tags Cisco Tetration Analytics merge operation Real-time inventory merged with information with historical trends

Virtual machine attributes and tags Virtual machine attributes Cisco Tetration Analytics Cisco Tetration Analytics can be configured to connect to VMware vcenter and AWS Virtual machine attributes from vcenter Instance tags from AWS Can connect to multiple vcenter instances and AWS regions Administrator provides necessary parameters to connect to vcenter and AWS Only read-only access required Information about all virtual machines is extracted Queries for updates and changes (default time is 10 seconds; this setting is configurable) Uses vcenter and AWS standard APIs

Fabric performance monitoring

Network performance features in Datacenter fabric Currently there is very little visibility into data plane traffic within the fabric, resulting in visibility and operational gaps Cisco Nexus 9000 Series Switches with the built-in hardware flow cache with Cisco Tetration platform enables the following Network Performance features: Provide visibility into fabric topology Map and trace every flow path on the fabric topology through switch ports and queues Search flows for individual fabric links or queues Provide per-link statistics and time series Provide per-queue statistics and time series Highlight important links for further diagnostics based on specified performance metrics Cisco ACI Infrastructure using Cisco Nexus 9300-FX leaf switches and Cisco Nexus 9300-FX line cards in spine Cisco Tetration Analytics

Network topology discovery Switches with analytics enabled have a Cisco Tetration agent running Switch reports its type (leaf or spine) and ports to Tetration Switch reports LLDP neighbors to Tetration For example, Leaf7 may report following neighbors P1 connected to (Spine1, P3) P2 connected to (Spine2, P3) P3 connected to (Host1, mac1) Fabric topology is built based on neighbors reported by all the switches on the ports Tetration platform also maintains a time-series view of the topology

Hop-by-hop view within the fabric Time-series hop-by-hop view for traffic flows: Forward path Reverse path Where available, includes ingress port, egress port, and queue information If software sensors are installed and LLDP is enabled on the host, path information also includes the workloads Launch in a topology view

Hop-by-hop view overlay in topology Click Fwd or Rev link to navigate to fabric page Hover on flow path to view class info and other details Path Only (default): A subset of fabric topology graph relevant to the flow path is shown Show All: Show full network topology with flow path highlighted Partial flow path if any of the fabric links does not exist in the current topology

Hop-by-hop latency information Switch reports latency information for each flow Cisco Tetration platform computes and provides the latency information for each link as well as across fabric Tetration provides forward and reverse latency information Average latency for each flow across each link is provided by Tetration Latency calculation requires PTP clock sync in the fabric Latency resolution is 0.1 microsecond Switch uses 16 bits for latency measurements, which means it wraps around at 6.8 ms

Packet drop indicators Switch provides indication of packet drops for a flow, along with the interface and queue information In a time-series view, Cisco Tetration platform shows the export intervals where packet drops where reported for the flow End-to-end drops flow in each direction Note: Switch does not provide information about how many packets where actually dropped within the export interval.

Fabric link statistics Link level statistics in the charts are bidirectional Time-series chart for each link shows: Transport throughput Average latency Drop indicators Per-class time series aggregates flow metrics that go through a particular egress queue of the fabric link Time-series information per fabric link for longlived flows (if available): Latency Drop indicators

Search for flows based on fabric details Fwd/Rev path information to find flows for a given: Fabric link ID Switch name Port name For a given link, we can narrow results by: Drops: True/false Latency buckets Class

Top n charts based on fabric performance Highlight top n links by performance metrics: Transport throughput: Average aggregation over selected time range Avg Latency: Maximum aggregation over selected time range Drop Indicators: Maximum aggregation over selected time range Histogram chart for distribution of nonzero metric values: Bucket values are percentage of links in the metric range Select an arbitrary range of values to update highlighted links Bandwidth with distribution (nonzero values) Drop Indicators distribution (nonzero values) Avg Latency distribution (nonzero values)

Performance monitoring using software sensors

Tracking process response times Correlate network traffic to a process on a server For each flow, track the process response times Drill down into flow details to get process information for forward and reverse direction (where available) Time-series view of the information allows you to go back in time and analyze the information

TCP handshake intervals Track processes with longer handshake times: Longer duration to establish connections Group by TCP handshake interval buckets Search for flows with longer handshake intervals

TCP retransmissions Track any TCP retransmissions for the flows Determine if the retransmissions are happening in forward or reverse direction Drill down to a single flow to identify retransmission details: Find details about number of packets retransmitted at any particular time along with direction Correlated to identifying broader network or application bottleneck

TCP window size changes Cisco Tetration platform tracks the following TCP window parameters: Forward and reverse congestion window reduced Forward and reverse MSS changed (Boolean) Forward and reverse TCP receive window zeroed (Boolean) Search based on these parameters to identify specific flows in time-series view

Identifying bottlenecks Identify where the potential bottleneck could be: Network Application (consumer or provider) Both Information is correlated based on: TCP retransmissions Window size changes Latency and other factors

Cisco Tetration application insight

Application dependency and cluster grouping BM VM VM VM BM Cisco Nexus 9000 Series VM BM Network-only sensors, host-only sensors, or both (preferred) Bare-metal, VM, and switch telemetry VM VM BM VM VM BM Brownfield Bare metal and VM Bare-metal and VM telemetry VM telemetry (AMI ) Cisco Tetration Analytics platform BM VM VM BM VM BM BM VM VM BM On-premises and cloud workloads (AWS) Unsupervised machine learning Behavior analysis VM BM BM

What is really running on my network? Cisco Tetration Analytics application insight dependency map (Service owner) Service category Use Cisco Tetration Analytics outcome to generate whitelist policies Service Service offering Application Dependencies Security

Server process inventory

Cisco Tetration: Server process and process hash Cisco Tetration Analytics Computed process hash for all the processes running on the server Search based on: Process Process ID All servers running a particular process Details for long-running processes User ID associated with process and process ID Use process hash information to search for suspicious processes against any indicators of compromise (IOCs)

Search for process and process hash Search for process command line or binary process hash across all servers Search for all servers that ran a certain process Search for all servers that ran a certain process binary hash

Server process inventory details Drill down to a specific host to look at the complete process inventory Process inventory accessed through the Process tab Search for process within a host Process details

Neighborhood graphs

Insight-based notification: Neighborhood graphs Neighborhood graphs Find up to two-hop communication neighbors for a selected workload Drill down into details about communication between these neighbors View dashboard display using graph database Determine the number of server hops between two workloads Get out-of-the-box and customer alerts through Kafka Cisco Tetration Analytics Message publish Kafka Kafka broker Northbound consumers Northbound consumers

Neighborhood graph and summary information Search for an Inventory filter, scope, or cluster Two-hop communication summary with network traffic details Nodes in radial tree are clickable for exploration

Neighborhood graphs: Path view Determine the number of hops between two entities in an application Quickly identify protocols connecting those entities Drill down to get the communication details between two entities Launch flow search view with relevant filters

Neighborhood application: Alerts Allows users to configure alerts in three scenarios: Path between two nodes has decreased below some minimum hop count Example: Database should never be directly communicate to Scope X Minimum path between two nodes is above threshold Example: Database should not be more than two hops away from Scope Y Path between two nodes must pass through a third node Example: Everything between Scope A and Scope B must pass through firewall or VPN

Bring your own data (BYOD)

Cisco Tetration: Bring your own data Northbound consumers Streaming JSON telemetry Data sink Public Cloud Main features Stream any JSON-based telemetry to a data sink Support up to 10 simultaneous streaming topics Bring up to 5 GB of data per hour per streaming topic Analyze and write your results through alerts or UI

Cisco Tetration: Bring your own data Data sink: Streaming data Securely stream data to Cisco Tetration through Kafka Ingested data can be written to data lake through data sink Dumper application Data sink Dumper application supports only JSON format Producer applications provided on the platform to work with Cisco Tetration data sink User application can be built on top of data lake Upload batch data Upload data through UI (maximum limit is 10 GB) Parquet, CSV, and JSON formats only Directories can be uploaded as tar.gz and gzip Uploaded data will be written to data lake Data available to all users under that specific tenant

Open API

Cisco Tetration Analytics: Open API Programmatic interface Rest API Cisco Tetration flow search Rest API Northbound application Sensor management Push notification Out-of-the-box events User-defined events Cisco Tetration applications Access to data lake Cisco Tetration Analytics platform Kafka Message publish Kafka broker Cisco Tetration applications Northbound consumers Northbound consumers Write your own application

Deployment options

Cisco Tetration: Deployment options On-premises options Public cloud Cisco Tetration Platform (large form factor) Suitable for deployments of more than 5,000 workloads Built-in redundancy Scales to up to 25,000 workloads Includes: 36 x Cisco UCS C220 servers 3 x Cisco Nexus 9300 platform switches Cisco Tetration-M (small form factor) Suitable for deployments of less than 5,000 workloads Includes: 6 x Cisco UCS C220 servers 2 x Cisco Nexus 9300 platform switches Cisco Tetration Cloud Software deployed in AWS Suitable for deployments of less than 1000 workloads AWS instance owned by customer Amazon Web Services Microsoft Azure

Cisco Tetration Analytics: Ecosystem Service visibility Layer 4-7 services integration Cisco Tetration Analytics Security orchestration Service assurance Insight exchange 2018 Cisco and/or its affiliates. All rights reserved.

Cisco IT: Business value 1 2 3 4 5 6 Traditional Hire a consultant Collect logs, interview teams Identify application dependencies Verify with every group Static map, change requests Implement policy, apps break Cisco Tetration platform 70% reduction in cost and time 3600 person hours of skilled staff time saved for every 100 applications 20-40% reduction in virtual machine footprint US$1M-$5M project; several months 2018 Cisco and/or its affiliates. All rights reserved.

In summary: Platform built for scale and flexibility Real time and scalable Granular policy enforcement Easy to use Open Every packet, every flow Application segmentation for thousands of applications Consistent policy enforcement Identify policy deviations in near-real time One-touch deployment Self-monitoring Self-diagnostics Standard web UI REST API (pull) Event notification (push) Long-term data retention Support for workload mobility Cisco Tetration applications

FAQ Q. What is the difference between a software sensor and a hardware sensor? Software sensors are installed on the servers (virtual machine or bare metal) o full-visibility sensors collect telemetry data from every packet and every flow and also act as policy enforcement points o limited-visibility sensors provide only the conversation view required for application insights and policy generation on certain older operating systems Hardware sensors are embedded into the switch Application-Specific Integrated Circuit (ASIC) itself o collect flow data within the switch ASIC from all the ports o Supported on Nexus 9000 2018 Cisco and/or its affiliates. All rights reserved.

FAQ Q. What is the impact of enabling telemetry capture on the server and switch CPU? Software sensors will consume no more than 3 percent of CPU This threshold is configurable Bandwidth consumption at about 1% only Hardware sensors are performed in the switch ASIC without any impact on the CPU 2018 Cisco and/or its affiliates. All rights reserved.

FAQ Q. How do users access information from the Cisco Tetration Analytics platform? Web GUI REST API Kafka-based push notification Custom applications using programming languages to access to the Hadoop data lake 2018 Cisco and/or its affiliates. All rights reserved.

FAQ Q. How does the Cisco Tetration platform work with existing data center infrastructure? Customers with existing data center infrastructure, which can be Cisco or third party, can deploy the Cisco Tetration platform. Deployment is achieved by installing software sensors on virtual machines or bare-metal servers. These sensors, installed on the servers themselves, collect the required telemetry data for the analytics platform and can also act as enforcement points for the segmentation policy. Another option is to use ERSPAN sensors to generate the telemetry data based on the copied traffic 2018 Cisco and/or its affiliates. All rights reserved.

FAQ Q. Is the policy information updated as the application behavior changes? Using the rich telemetry data, Cisco Tetration continuously monitors for policy compliance and deviation. For example, if additional instances of a specific application component are added, Cisco Tetration will enforce the same policy automatically on those instances. Also, if the workload moves, policy moves with it, and no additional action is required from administrators Q. Can the Cisco Tetration Analytics platform send notification when policy deviations are identified? Yes. Cisco Tetration Analytics supports northbound notification through the Kafka message bus. Any northbound system can subscribe to those notifications and take additional actions. For example, a Security Incident Event Management (SIEM) system could subscribe to those events and open tickets automatically 2018 Cisco and/or its affiliates. All rights reserved.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback