Tetration Overview Mike Herbert
Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click Join the Discussion 3. Install Spark or go directly to the space 4. Enter messages/questions in the space cs.co/ciscolivebot# 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Data Center Vision Intent Based Infrastructure 1. Deployment and Provisioning Infrastructure Automation Security ACI, UCS (Intent Based Automation) Inter-dependent feedback loops Cisco CloudCenter (Common Consumption across Hybrid IT) Application Deployment Guarantees Compliance Consistency Network Assurance Engine (Formal Methodologies) Tetration Platform (Machine Learning Based Operations and Security) ADM Security Forensics 2. Operations and Management 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Traditional Monitoring Is Showing Its Age Not suited for Modern Network and Security Operations Where Data Is Created Where Data Is Useful SNMP SNMP Server Non Real time Syslog Syslog Collector Storage & Analysis CLI Scripts Strong burden on back-end Normalize different encodings, transports, data models, timestamps 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
One Minute SNMP Polling Telemetry 10 Second Push SNMP 1 Minute Polling 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
10 Second SW Process Push Telemetry 10 Second Push 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Sub Second Push 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Data Granularity Needs to Improve Workload Placement Service Level Monitoring ADM Security and Policy Enforcement Microburst Detection Traffic Engineering Capacity Planning Troubleshooting & Remediation (Self Driving) On-Change <= 1 sec ~10s sec ~minutes-hours Resolution = Frequency of Data Collection 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Cisco Tetration Platform Network and TCP Performance Neighborhood Graphs Operations White-list Policy Application Segmentation Policy Compliance Segmentation Cisco Tetration Platform Visibility and Forensics Process Inventory Application Insight Foundation 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Architecture Overview Data Collection Analytics Engine Open Access Software Sensor and Enforcement Embedded Network Sensors (Telemetry Only) Third Party Sources (Configuration Data) Cisco Tetration Analytics Cluster Web GUI REST API Event Notification Tetration Apps Self Managed Cluster No Hadoop / Data Science Background Needed Easy Integration via Open interfaces One Touch Deployment No External Storage Needed Open Data Lake (via Tetration Apps) 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Data Sources Software Sensors Available Now Network Sensors Next Generation 9K switches Third Party Sources 3rd party Data Sources Linux VM Windows Server VM Bare Metal (Linux and Windows Server) Universal* (Basic Sensor for other OS) Nexus 9200-X Nexus 9300-EX Nexus 9300-FX Asset Tagging Load Balancers IP Address Management CMDB *Note: No per-packet Telemetry, Not an enforcement point Low CPU Overhead (SLA enforced) Low Network Overhead (SLA enforced) Enforcement Point (Software agents) Highly Secure (Code Signed, Authenticated) Every Flow (No sampling), NO PAYLOAD 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Cisco Tetration: Bring your own data Northbound consumers Streaming JSON telemetry Data sink Public Cloud Main features Stream any JSON-based telemetry to a data sink Support up to 10 simultaneous streaming topics Bring up to 5 GB of data per hour per streaming topic Analyze and write your results through alerts or UI 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
And if that is not enough ERSPAN can fill in the gaps Layer 3 connection Production network Layer 3 switch Cisco Tetration telemetry Expanded telemetry collection option Augment telemetry from other parts of the network Useful when software sensor or hardware sensor is not feasible Production network Dedicated virtual machines on each host with 3 software sensors in each virtual machine Each sensor binds to a separate vnic ERSPAN terminates on the virtual machine vnic Each sensor terminates one ERSPAN session Sensor generates telemetry based on the data-plane traffic Horizontally scalable ERSPAN Cisco Tetration Platform 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Deployment Options (customer managed) Hardware Options Public cloud Software Only Option Cisco Tetration platform (large form factor) Suitable for deployments of more than 5000 workloads Built-in redundancy Scales to up to 25,000 workloads Cisco Tetration-M (small form factor) Suitable for deployments of less than 5000 workloads Includes: 6 Cisco UCS C220 servers Cisco Tetration Cloud Software deployed in public cloud Suitable for deployments of less than 1000 workloads Public cloud instance owned by customer Cisco Tetration Software only option Suitable for deployments of less than 1000 workloads Published hardware requirements Supported in VMWare ESXi based environment Includes: 36 Cisco UCS C220 servers 3 Cisco Nexus 9300 platform switches 2 Cisco Nexus 9300 platform switches Amazon Web Services Microsoft Azure Coming in Q2CY18 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Deployment Options (Cisco managed) Cisco Tetration as a Service Cisco Tetration as a Service Software as a Service model: no need to purchase, install and manage hardware or software Fully managed and operated by Cisco Suitable for commercial customers and SaaS-first/SaaS-only customers Flexible pricing model, lower barrier to entry Quick turn up Scales to up to 25,000 workloads Coming in Q2CY18 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
What is really running in my Data Center? Cisco Tetration Analytics application insight dependency map (Service owner) Service category Use Cisco Tetration Analytics to discover, monitor, troubleshoot and secure based on what you really have Service Service offering Application Dependencies Security 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Application dependency and cluster grouping BM VM VM VM BM Cisco Nexus 9000 Series VM BM Network-only sensors, host-only sensors, or both (preferred) Bare-metal, VM, and switch telemetry VM VM BM VM VM BM Brownfield Bare metal and VM Bare-metal and VM telemetry VM telemetry (AMI ) Cisco Tetration Analytics platform BM VM VM BM VM BM BM VM VM BM On-premises and cloud workloads (AWS) Unsupervised machine learning Behavior analysis VM BM BM 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Application Workspaces HRMS - Prod Primary Oracle - Dev Oracle - Prod Primary Expose Oracle VIP Expose DNS VIP DNS Primary Interfaces 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Why this approach is different Policy information generated based on the data-plane information Flexibility to define policies beyond IP addresses Align application policy to match corporate business policies Organization structure taken into account for policy generation 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Visibility Operations Cisco Tetration Platform Application and Network performance and visibility use cases Visibility and forensics Network and TCP performance Application insight Process inventory Neighborhood graphs Cisco Tetration Platform 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
What Do We Mean by Application and Network? Correlation of Enforcement and Telemetry Cisco Tetration Analytics Cisco Tetration and ACI are designed to provide complementary visibility, security and operations Tetration platform provides network performance monitoring functionalities in Cisco ACI mode Following Cisco Nexus 9000 series hardware is required: Cisco Nexus 9300-FX based leaf switches Cisco Nexus 9500 series spine switches with N9K-X9736C-FX line cards These functionalities require Cisco ACI release 3.1 or later 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
What Do We Mean by Application and Network? Correlation of Enforcement and Telemetry Cisco Tetration Analytics Cisco Tetration and ACI are designed to provide complementary visibility, security and operations Tetration platform provides network performance monitoring functionalities in Cisco ACI mode Following Cisco Nexus 9000 series hardware is required: Cisco Nexus 9300-FX based leaf switches Cisco Nexus 9500 series spine switches with N9K-X9736C-FX line cards These functionalities require Cisco ACI release 3.1 or later 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
What Do We Mean by Application and Network? Correlation of Enforcement and Telemetry Cisco Tetration Analytics Cisco Tetration and ACI are designed to provide complementary visibility, security and operations Tetration platform provides network performance monitoring functionalities in Cisco ACI mode Following Cisco Nexus 9000 series hardware is required: Cisco Nexus 9300-FX based leaf switches Cisco Nexus 9500 series spine switches with N9K-X9736C-FX line cards These functionalities require Cisco ACI release 3.1 or later 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
What Do We Mean by Application and Network? Correlation with the view from the Server Cisco Tetration Analytics Flow Inventory Flow details Process Inventory Process details 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
What Do We Mean by Application and Network? Correlation with the view from the Server Cisco Tetration Analytics Flow Inventory Flow details Process Inventory Process details 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Diagnosing TCP and Full Flow Details TCP Retransmission Flow details Process details 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
Objective: View of Application as Related to Infrastructure Multi-Domain View Consistent Governance Cisco Tetration Analytics Application Owner, Administrator, Public Cloud vpod Service VM Hypervisor Service VM Hypervisor Service VM Hypervisor Infrastructure Administration 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Segmentation Policy: Express Policies in Human Language Development can t talk to production Cisco Tetration knows who is production Cisco Tetration knows who is development Policies are continuously updated as applications change 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Allow computers to perform the heavy lifting Tetration automatically converts your intent into blacklist and whitelist rules Intent Rules Block nonproduction applications from talking to production applications SOURCE 10.0.0.0/8 DEST 128.0.0.0/8 Allow HR applications to use the employee database SOURCE 128.0.10.0/24 DEST 128.0.11.0/24 Block all HTTP connections that are not destined for web servers SOURCE * DEST 128.0.100.0/24 PORT = 80 SOURCE * DEST * PORT = 80 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
Multiple Teams can share Policy Management Application owners need some amount of autonomy to make application-level changes quickly Security and network teams need to control the global aspects of application interconnection and shared services Cisco Tetration flattens intent in a deterministic order, prioritizing intent of higher-authority users over intent of application owners Security team rules Network team rules Application owner rules 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
The App Security Edge moves with the Application Cisco Tetration Analytics Google 1. Generates unique policy per workload 2. Pushes policy to all workloads Azure Amazon 3. Workload securely enforces policy 4. Continuously computes policy from identity and classification changes Enforcement Public cloud Bare metal Virtual Cisco ACI TM Traditional network 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
Enforcement across the Systems, ACI and Tetration Cisco Tetration Analytics Use Tetration ADM to create ACI compatible Policy* Assign Tetration policy elements to ACI policy elements Understand the impact (TCAM) of policy Provide optimizations to efficiently fit policy in fabric Cisco Tetration Analytics Northbound REST Interface Tetration ACI App 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Using data provided by Tetration, TCAM usage can be optimized Adjust the policy enforcement mechanism based on TCAM utilization Enforce as-is Enforce outgoing connection as-is (incoming will be generalized) Enforce incoming as-is (outgoing will be generalized) Generalize enforcement in both directions Visualize TCAM impact on associated leaf switches For a large deployment Applying generalization to Top 5 policy groups Results in 160K 78% TCAM saving 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Cisco Tetration Analytics: Open API Programmatic interface Rest API Cisco Tetration flow search Rest API Northbound application Sensor management Push notification Out-of-the-box events User-defined events Cisco Tetration Analytics platform Kafka Message publish Kafka broker Northbound consumers Cisco Tetration applications Access to data lake Cisco Tetration applications Northbound consumers Write your own application 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Platform built for scale and flexibility Real time and scalable Holistic workload protection Easy to use Open Every packet, every flow Application segmentation for 1000s of applications Extends visibility to process and software packages Long term data retention Consistent application segmentation Any workload, anywhere Process behavior deviations Software package vulnerability One touch deployment Self monitoring Self diagnostics Standard web UI REST API (pull) Event notification (push) Tetration applications 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click Join the Discussion 3. Install Spark or go directly to the space 4. Enter messages/questions in the space cs.co/ciscolivebot# 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Please complete your Online Session Evaluations after each session Complete 4 Session Evaluations & the Overall Conference Evaluation (available from Thursday) to receive your Cisco Live T-shirt All surveys can be completed via the Cisco Live Mobile App or the Communication Stations Complete Your Online Session Evaluation Don t forget: Cisco Live sessions will be available for viewing on-demand after the event at www.ciscolive.com/global/on-demand-library/. 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Continue Your Education Demos in the Cisco campus Walk-in Self-Paced Labs Lunch & Learn Meet the Engineer 1:1 meetings Related sessions 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
Want more information? Tetration Analytics - Network Analytics & Machine Learning Enhancing Data Center Security and Operations [BRKACI-2040] Yesterday 2h15 PM (sorry it will be available online) Inside Cisco IT: ACI & Tetration Analytics [BRKCOC-2006] Friday 11h30AM Tetration overview [] Today 1PM (sorry it will be available online) Customer Data Center Insights using Tetration [BRKACI-2509] Friday 11h30AM Exploring Tetration APIs [DEVNET-1722] Thursday 5pm Technical seminar for Tetration analytics [TECDCT-1757] Yesterday (sorry it will be available online) 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
Thank you