Running an efficient, secure data center today is a bit like running an obstacle course in the dark. Except, on this course, someone keeps moving the obstacles and adding more track.
In any given moment, we really can't know for sure what's going on in the data center. SDN, virtualization, containers and cloud services-while awesome-aren't making things any clearer. Which is ironic, since better visibility into our applications, their traffic flows, and dependencies is exactly what we need to successfully migrate to these technologies in the first place.
Without real visibility, how can we feel confident in our ability to make any changes, let alone wholesale migrations, without slamming face-first into a wall?
The answer appears to be Cisco Tetration Analytics. And it's the subject of our -drum roll, please-200th episode of TechWiseTV.
Let's Talk Tetration
In this episode, I'm joined by Tetration Analytics product manager, Jyothi Prakash, and Benny Van De Voorde, a data center architect in Cisco IT, who shares his hands-on experience with Cisco's new analytics platform.
What is Tetration Analytics?
It's been described, alternatively, as a time machine or a DVR for the data center, due to its ability to provide real-time analytics or play back past flows to model future trends. Whether you want to:
Tetration Analytics provides the necessary visibility and insights to build and operate a secure data center.
How does it work?
There were three major obstacles that needed to be overcome:
Cisco Tetration Analytics addresses these challenges by collecting rich traffic telemetry across the entire datacenter infrastructure using advanced algorithmic approaches, like unsupervised machine learning and behavioral analysis.
In its first iteration, the platform ships as an on-prem appliance-based solution. But plans are already in the works for other consumption models. It combines hardware sensors (dedicated ASICs) capable of monitoring every packet at line rate, with lightweight software sensors installed on the servers. Data can also be collected through third-party sources, like load balancers, DNS server mappings, and other configuration information.
These telemetries not only include things like granular IP and TCP flags from every packet header, they can map flow information to the specific process generating that flow-all the way to the application layer. Without this information overlay, it's hard to get meaningful, actionable data.
If it's good enough for IT, it's good enough for TechWiseTV
I was very excited to finally get a chance to cover Tetration, especially when I learned that Cisco IT wanted to weigh-in on their experience with the platform. As you know, IT isn't prone to blindness by "shiny objects." They're interested in solving real problems, and Cisco IT is no different.
Benny's team was migrating to ACI, and with 50,000 servers in the data center, they needed to figure out how best to build their ACI Endpoint Groups (EPGs) for optimum security. So, they were intrigued by the prospect of getting real-time visibility into server flows, and being able to link those flows to specific server processes. They were able to create a whitelist security policy using ACI security contracts, and enforced the policy based on actual flows.
As you'll see in the show, the platform can also be used as a forensics tool, and for enforcing all sorts of policies: During his demo on application insights, Benny discovered that our web platform was communicating with both production and non-production databases -a security policy no-no. We joked about "heads rolling," but I assure you, no security personnel were harmed in the making of this episode.
Amazingly, the system requires very little overhead to install and operate. The data center team installed sensors on 4,000 Cisco servers. They're able to search more than a billion flows with hardly any additional latency-less than 2 percent CPU overhead-a rounding error compared to the massive amount of data they're collecting.
And it only requires two full-time people to manage: one with a network background, the other with an application background. Not a data scientist in sight. There were people who helped install agents on servers, and applications people helped verify the output with the security people.
I guess you could say a side benefit of Tetration Analytics is the way it brings dev, ops and security teams together.
And by working together with Tetration Analytics...no one is left wandering aimlessly in the dark.
Robb
@robbboyd
http://www.techwisetv.com
P.S. Every episode of TechWiseTV has a live, deep-dive workshop where we bring in more experts, and answer your questions. You missed the live event, but you can still view the recording.