TechWiseTV Workshop: Tetration Analytics

239 visualizações

Publicada em

Replay the Live Event: http://cs.co/90098Be7h

See firsthand how Cisco Tetration Analytics uses unsupervised machine learning and behavior analysis, along with advanced algorithmic approaches, to provide unprecedented insight into IT infrastructure.

Don’t miss this chance to get an up-close look at the analytics platform that lets you see and know exactly what’s happening in any application, any flow, anywhere in your data center—all in a matter of seconds.

See the Tetration Analytics TechWiseTV Episode: http://cs.co/90048BefC

Publicada em: Tecnologia
  • Seja o primeiro a comentar

  • Seja a primeira pessoa a gostar disto

TechWiseTV Workshop: Tetration Analytics

  1. 1. Cisco Tetration Analytics A Path to Secure Zero-Trust in an Application-Centric World Jothi Prakash & Benny Van de Voorde October 13, 2016
  2. 2. Jothi Prakash & Benny Van de Voorde Cisco Tetration Analytics A Path to Secure Zero-Trust in an Application-Centric World 13th October, 2016
  3. 3. Agenda • Challenges in Modern Datacenter Operations • Cisco Tetration Analytics Overview • Use cases Demo • Application Insight with Cisco IT • Visibility and Forensics • Policy Analysis • Policy Enforcement Options
  4. 4. Modern data centers are getting increasingly complex • Zero trust model • Multi cloud orchestration • Application portability Hybrid cloud • Increase in east-west traffic • Expanded attack surface • Open source Big and fast data • Continuous development • Application mobility • Micro services Rapid app deployment
  5. 5. Customers Need a New Approach to … 1 2 3 Map IT investment to drive business policy Break organizational siloes Mitigate risk from adversaries and disasters
  6. 6. Cisco Tetration Analytics™
  7. 7. Application Insight Policy Simulation and Impact Assessment Automated Whitelist Policy Generation Forensics: Every Packet, Every Flow, Every Speed Policy Compliance and Auditability Cisco Tetration Analytics – Use Cases
  8. 8. Cisco Tetration Analytics Architecture Overview Analytics Engine Cisco Tetration Analytics™ Platform Visualization and Reporting Web GUI REST API Push Events Cisco Confidential-NDA Required Data Collection Host Sensors Network Sensors Third-Party Metadata Sources Tetration Telemetry Configuration Data Cisco Nexus® 92160YC-X Cisco Nexus 93180YC-EX VM
  9. 9. Multiple Sensors and Data Sources  Low CPU Overhead (SLA enforced)  Low Network Overhead (SLA enforced) Cisco Confidential-NDA Required Host Sensors NW Sensors 3rd Party Linux VM Windows Server VM Bare Metal (Linux and Windows Server) Hypervisors Containers Nexus 9200-X Nexus 9300-EX Geo Whois IP Watch Lists Load Balancers …  Highly Secure (Code Signed, Authenticated)  Every flow (No sampling), NO PAYLOAD Available at FCS Next Generation 9K switches Future releases 3rd party Data Sources
  10. 10. Hardware Sensor and Software Sensor Accumulated Flow Information (Volume…) Software Sensor Process mapping Process ID Process owner Hardware Sensor Tunnel endpoints Buffer utilization Burst detections Packet drops Flow details Interpacket variations
  11. 11. Platform Built for Scale Real Time and Scalable Secure Easy to Use Open Every Packet, Every Flow Horizontal Expansion Long-term Data Retention Secure Design Two-factor Authentication Role Based Access One Touch Deployment Self Diagnostics Self Monitoring Standard Web UI Event Pub/Sub (Push) REST API (Pull)
  12. 12. Use Cases and Demo Application Insight Visibility and Forensics
  13. 13. The DC with Tetration Private VM VM VM BM Nexus 9K Public Applications Insight Performance CMDB accuracy Security & Auditing Tetration Analytics Engine Other Data Platforms
  14. 14. Applications Insight (DC Network) • Dependency Mapping / ACI Migration Application Performance • Benchmarking on the Network • Deviation Detection Service Now Integration • Application and Infrastructure Inventory • Increase Operational Insights Security • Auditing • Security Enforcement • Policy Verification ~ ‘what if’ • Threat Detection / DDOS / … Increased Visibility Insightful Data Tetration Analytics: Advancing Cisco IT Multi- Purpose Use Cases Network Flows + Server-level Information + Analytics now exploring exploring
  15. 15. Regions – Locations for Tetration Cluster. CA, DCs MTV/SJC TX, DC1 Allen TX, DC2 RCDN NC, DCs in RTP DC Ams DCs in APAC TA cluster in MTV5 TA cluster in Allen TA cluster in RTP5 tbd tbd Jan ‘17 US West US Central US East EMEA APAC Status today: • 2 Clusters installed (US West Coast) • 3rd just installed (US East Coast) • 4th coming (US Central) • Agents on servers only • 4000 Agents running on Linux Servers / Windows Servers • +5000 next month • New Nexus 9k (ACI) Hardware coming in our DCs in End of Oct/Nov timeline To Date, Cisco IT has only deployed software Agents
  16. 16. In the TA tool Process ACI EPGs & Contracts Validation Json normalized Pull Data (multiple sources) Routing info DNS zone file All SLB config Known app groups Create workspace Upload normalized data Run TA Algorithm Create Application View = massage, filter output TA adminnetwork admin App team Security team TA admin
  17. 17. Use Case Demo Policy Analysis
  18. 18. Policy Enforcement
  19. 19. Get To Zero-Trust Model APIC Application Policy Recommendation Import Policy using ACI Toolkit Automatic creation of EPGs and Contracts Real Time Data Network Policy App Policy Tetration Analytics UCS Cisco Nexus 9000 Series UCS
  20. 20. Enforcement Anywhere Cisco Tetration Analytics™ Cisco ACI™ and Cisco Nexus® 9000 Series Standalone Linux and Microsoft Windows Servers and VM Public Cloud Data Whitelist policyWhitelist policy { "src_name": "App", "dst_name": "Web", "whitelist": [ {"port": [ 0, 0 ],"proto": 1,"action": "ALLOW"}, {"port": [ 80, 80 ],"proto": 6,"action": "ALLOW"}, {"port": [ 443, 443 ],"proto": 6,"action": "ALLOW"} ] } • Cisco ACI EGP/Contract Integration via Cisco ACI Toolkit • Traditional Network ACL • Firewall Rules • Host Firewall Rules Amazon Web Services Microsoft Azure Google Cloud
  21. 21. Summary Pervasive flow telemetry that supports infrastructure for multiple data centers at scale Ready-to-use solution to address critical data center operational use cases Self-monitoring and eliminate the need for in-house big data expertise Open platform and northbound APIs enable transparent integration VM Accelerated adoption and comprehensive Solution support with Services
  22. 22. http://www.cisco.com/go/tetration
  23. 23. Thank you for watching.

×