cisco tetration€¦ · cisco tetration analytics demo ing. ... cmdb … 3rd party data ... what...
Post on 09-Apr-2018
239 Views
Preview:
TRANSCRIPT
Cisco TetrationAnalyticsDemo
Ing. Guenter Herold
Area Manager Datacenter
Cisco Austria GmbH
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
Agenda
Introduction
Theory
Demonstration
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
Innovation Through Engineering
<9Months
spent on
Planning$1B
OPEX
Shifts
DLT members
changing
roles
8>1000Employees
involved in Open
Source Projects
30%of FY15 revenue are based on
Agile and DevOps
Engineering contributed
Cisco Net Income growth
of 6% (Q3’15)
25,000 $6.3B
+1000Employees on
Open Source
Projects
30%of FY15 revenue are based on
Agile and DevOps
Engineering contributed
Cisco Net Income growth
of 6% (Q3’15)
Alpha
Projects
190 Tetration patents
Cisco TetrationAnalytics™
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
Architecture
Intent (May)
Assurance (Can)Analytics (Did)
Configuration Analysis
“Very Large State-
Space”
Traffic Analysis
“Lots of Data”
Guarantees
Compliance
Consistency
POLICY
ACI
ADM
Security
Forensics
BRKDCN-2040 6
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
Innovation Through Engineering
<9Months
spent on
Planning$1B
OPEX
Shifts
DLT members
changing
roles
8>1000Employees
involved in Open
Source Projects
30%of FY15 revenue are based on
Agile and DevOps25,000 $6.3B
+1000Employees on
Open Source
Projects
30%of FY15 revenue are based on
Agile and DevOps
Engineering contributed
Cisco Net Income growth
of 6% (Q3’15)
Alpha
Projects
190 Tetration patents
Cisco TetrationAnalytics™
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
Cisco Tetration AnalyticsFocus Areas
Cisco Tetration
Analytics™
Visibility and
Forensics
Application
InsightPolicy
Compliance
New
Application
Segmentation
(Automated Policy
Enforcement)
ActionTETRATION ANALYTICS 1.0
(Policy Recommendation)
TETRATION ANALYTICS 2.0(Application Segmentation)
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
Cisco Tetration Analytics Use Cases
Application
Insight and
Dependency
Forensics:
Every Packet,
Every Flow,
Every Speed
Policy
Compliance
and Auditability
Policy
Simulation and
Impact
Assessment
Automated
Whitelist Policy
Generation
New
Application
Segmentation
(Automated
Policy
Enforcement)
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
Information
about Consumer
– Provider and
type of traffic
Detail
information
about the flow
Datacenter Wide Traffic Flow Visibility
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
You Can’t Protect What You Don’t See
60% of data is stolen in
HOURS
85%of point-of-sale intrusions
aren’t discovered for
WEEKS
54%of breaches remain
undiscovered for
MONTHS
51%increase in companies
reporting a $10 million
or more loss in the last
3 YEARS
“A community that hides in plain sight avoids detection and attacks swiftly.”— Cisco Security Annual Security Report.
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
http://www.asd.gov.au/infosec/mitigationstrategies.htm
Whitelist Policy Model
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
Whitelist Policy Recommendation
Application Discovery
AppTier
DBTier
Storage
WebTier
Storage
Policy Enforcement
Whitelist Policy Recommendation(Available in JSON, XML, and YAML)
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
Real-Time and Historical Policy Simulation
• Validating policy impact assessment in real time
• Simulating policy changes over historic traffic
• View traffic “outliers” for quick intelligence
• Audit becomes a function of continuous machine learning
Cisco Tetration
Analytics™
PlatformVM BM
VMVM
BM VM
VMVM
VM BM
VMVM
VM
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
Policy Compliance
• Identify policy deviations
in real-time
• Review and update
whitelist policy with one click
• Policy lifecycle management
VM BM
VMVM
BM VM
VMVM
VM BM
VMVM
VM
Cisco Tetration
Analytics™
PlatformVM
BM
VM
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
Application Discovery (DC Network)• Dependency Mapping (Security)
• Dependency Mapping (Migrations)
Visibility• Flow Search
• Deviation Detection
Policy Management • Simulation and Impact Assessment
• Compliance
Security Policy Enforcement• Auditing
• Security Enforcement
• Policy Verification ~ ‘what if’
• Threat Detection / DDOS / …
Increased
Visibility
Insightful
Data
Policy
Discovery
/Enforce/
Mgmt
The Real Value is Business and Operational Insight
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
Tetration Analytics Architecture Overview
Analytics Engine
Cisco Tetration
Analytics™
Platform
Visualization and
Reporting
Web GUI
REST API
Push Events
Data Collection
Host Sensors
Network Sensors
3rd-Party
Metadata Sources
Tetration
Telemetry
Configuration
Data
Cisco Nexus®
92160YC-X
Cisco Nexus
93180YC-EX
VM
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
Tetration Analytics Data Sources
• New! Enforcement Point (Software agents)
• Low CPU Overhead (SLA enforced)
• Low Network Overhead (SLA enforced)
• Highly Secure (Code Signed, Authenticated)
• Every Flow (No sampling), NO PAYLOAD
*Note: No per-packet Telemetry, Not an enforcement point
Software Sensors
Universal*(Basic Sensor for other OS)
Linux VM
Windows Server VM
Bare Metal(Linux and Windows Server)
Available Now
Nexus 9200-X
Nexus 9300-EX
Network SensorsNext Generation 9K switches
Third Party Sources
Asset Tagging
Load Balancers
IP Address Management
CMDB
…
3rd party Data Sources
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
Application Discovery and Endpoint Grouping
Cisco Tetration
Analytics™
Platform
BM VM VM BM
BM VM VM BM
Brownfield
BM VM VM VM BM
Cisco Nexus® 9000 Series
Bare-metal, VM, & switch telemetry
VM telemetry (AMI …)
Bare-metal & VM telemetry
BM VM
BMVM
VM BM
VMVM
VM BM
BMVM
BM
Network-only sensors, host-only sensors, or both (preferred)
Bare metal and VM
On-premises and cloud workloads (AWS)
Unsupervised machine learning
Behavior analysis
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
30BRKDCN-2040
What does the Sensor Collect
Application
Transport
Network
Data Link
Physical
Application
Transport
Network
Data Link
Physical
Network
Data Link
Physical
Network
Data Link
Physical
Sockets
ProcessProcess
Sockets
ProcessProcess
Process Information:
Which process is it, who
started it, etc.
Device Information: Buffer/ACL Drops, etc.
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
Different Problems will need Different Data Sources
Application
Transport
Network
Data Link
Physical
Network
Data Link
Physical
Sockets
ProcessProcess
Network Heath,
Performance,
Monitoring,
Capacity
Application
Heath,
Performance,
Monitoring,
DiscoverySecurity,
Application
Troubleshooting
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
Hardware Sensor and Software Sensor
Accumulated Flow Information (Volume…)
Software Sensor
Process mapping
Process ID
Process owner
Hardware Sensor
Tunnel endpoints
Buffer utilization
Burst detections
Packet drops
Flowdetails
Interpacket variations
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
What We Discovered: To and From DVProd Database
Internet
IP Storage NAS
TA Cluster
Hadoop
Prod DBs
Non-Prod DBs
Labs
Kicker
Infra APPs
DB Proxy
Monitoring APPs
Internet
Non-Production Databases
LABs
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
Tetration Analytics and
Before
• Complex data center environment
• Lack of automation
• Lack of understanding into each tenant environment
• Exposure to risk of downtime too great to migrate applications safely
After
• Visibility across multi-tenant data center
• Move from tribal knowledge to data-driven decision making
• Reduction in time to understand application dependencies
• Migration to ACI with little downtime risk
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
• Understanding of what happens INSIDE a flow
• Distributions (packet sizes, TCP windows…)
• Burstiness
• Anomaly detection
• Latency (application and network)
• VXLAN information
• High rate export capabilities
• 100ms for Hardware
• 1s for Software
Data Points
35
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
• What happens around this flow?
• Which process owns this flow?
• Who runs it?
• What are the buffer status?
• But also external information
• GeoDB, DNS, reputation lists…
Context Information
36
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
Ethernet
Header
IP
Header
UDP
Header
VXLAN
Header
Ethernet
Header
IP
Header
TCP
HeaderPayload
Ethernet
Header
IP
Header
TCP
HeaderPayload
Ethernet
Header
IP
Header
UDP
HeaderPayload
Meta-Data – Including Overlay VXLAN/GRE/IPinIP Encapsulated Header
Privacy Risk
Collects the Meta-Data not the Packet
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
Sensor Technology
• RHEL (64 bit) – 5.x,6.x,7.x
• CentOS (64 bit) – 5.x,6.x,7.x
• Oracle Linux (64 bit) – 6.x,7.x
• SUSE – 11.2,11.3,11.4,12.1, 12.2
• Ubuntu – 12.04,14.04,14.10
• Windows Server 2008 R1/R2
Essentials / Standard /
Enterprise/DataCenter
• Windows Server 2012
R2/R2/Essentials/Standard/
Enterprise/DataCenter
• Mainfarme ZVM (trial)
• AIX-ppc 5.3,6.1,7.1,7.2 (trial)
• Solaris (x86_64)
• RHL 4.x,5.x (31 bit -386/amd)
• CentOS – 4.x, 5.x (32 bit)
• Windows XP,2003 (32 bit)
• Windows Server 2008 (32 bit)
Standard Sensors HW Sensors UniversalSensors
Cisco Nexus 9K
Leave with:
• 92160YC-X
• 93180YC-EX
Spine with:
• X9732C-EX C*
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
Tetration Analytics: Deployment Options
Cisco Tetration Analytics
(Large Form Factor)
• Suitable for deployments more than 1000 workloads
• Built in redundancy
• Scales up to 10,000 workloads
Includes:
• 36 x UCS C-220 servers
• 3 x Nexus 9300 switches
Cisco Tetration-M (Small Form Factor)
• Suitable for deployments under 1000 workloads
Includes:
• 6 x UCS C-220 servers
• 2 x Nexus 9300 switches
Cisco Tetration Cloud
• Software deployed in AWS
• Suitable for deployments under 1000 workloads
• AWS instance owned by customer
On-Premise Options Public Cloud
Amazon Web
Services
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
Tetration Analytics: Deployment Options
Cisco Tetration Analytics
(Large Form Factor)
• Suitable for deployments more than 1000 workloads
• Built in redundancy
• Scales up to 10,000 workloads
Includes:
• 36 x UCS C-220 servers
• 3 x Nexus 9300 switches
Cisco Tetration-M (Small Form Factor)
• Suitable for deployments under 1000 workloads
Includes:
• 6 x UCS C-220 servers
• 2 x Nexus 9300 switches
Cisco Tetration Cloud
• Software deployed in AWS
• Suitable for deployments under 1000 workloads
• AWS instance owned by customer
On-Premise Options Public Cloud
Amazon Web
Services
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
Host Based Enforcement
VLANs
ACLs
7K 5K 2K
Subnets
Workload
EPGs
ACI
Contracts
BDs
Workload
Security Groups
Hypervisor
Port Groups
Security Rules
Workload
Security Rules
AWS
Security Groups
Interfaces
Workload
A trusted module inside the workload enforces your intent
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
Security
Same level of security, any infrastructure.
Application
Infrastructure
Denies Allows
Process
End Point
Intent is rendered as security rules in native host firewalls
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
Application
Network Infrastructure
Denies Allows
Process
End Point
Application
Cloud Infrastructure
Denies Allows
Process
End Point
Bare metal Cloud
Any Infrastructure
Any Networking
Same Security Model
Rich Context
Application
Network Infrastructure
Denies Allows
Process
End Point
Application
Denies Allows
Process
End Point
Hypervisor Virtual Network
Virtual
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
Mobility
Security Rules
VLANs
ACLs
7K 5K 2K Cloud
Security Groups
Interfaces
Subnets
EP EP
Tetration calculates all necessary rule changes and
automatically applies
Intent stays with the endpoint, no matter the infrastructure it resides on
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
Why should I understand dependencies?
Identify a single point of failure that should be replicated
Find all the parts of a service that should be migrated
together to the cloud
Replace infrastructure components of an undocumented
application
ACI application profiles, end point groups, and contracts
based on applications
45
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
Load Balancer Database
App
Application Dependency Mapping
46
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
Understand the communication
Load Balancer Database
App
47
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
Initial recommendations
Load BalancerApp
DatabaseCache
48
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
Optional and minimal human supervision
Load Balancer
App
Database
Cache49
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
Approve the clustering
Load Balancer
App
Database
50
15. – 16. marec 2017| Cisco Connect | Portorož, Slovenija
Enforcement Anywhere
Cisco
Tetration
Analytics™
Cisco ACI™ and Cisco Nexus® 9000 Series
Standalone
Linux and Microsoft Windows
Servers and VM
PublicCloud
Data
Whitelist policyWhitelist policy{
"src_name": "App",
"dst_name": "Web",
"whitelist": [
{"port": [ 0, 0 ],"proto": 1,"action": "ALLOW"},
{"port": [ 80, 80 ],"proto": 6,"action": "ALLOW"},
{"port": [ 443, 443 ],"proto": 6,"action":
"ALLOW"}
]
}
• Cisco ACI EGP/Contract Integration via Cisco ACI Toolkit
• Traditional Network ACL
• Firewall Rules
• Host Firewall Rules
Amazon
Web
Services
Microsoft
Azure
Cloud
51
Demo Time
top related