self-driving datacenter: analytics · virtualisation hybrid clouds 2000 2010 2015 the next 5+ years...
TRANSCRIPT
AlvinTofflerisaformerassociateeditorofFortunemagazine,knownforhisworksdiscussingthedigitalrevolution,communicationrevolution,andtechnologicalsingularity
Define Security
Theconsciousorunconsciousacceptanceofarisk inrelationoftheprobabilityofthisbecomingtoberealityinadeltaTime…
We Are at the Cusp of a Major Shift
DIGITALEXPERIENCESEFFICIENCY SIMPLICITY|SPEED
AdoptionCurve
ITasaServiceIaaS |PaaS |SaaS|XaaS
FlexibleConsumptionModels
CONSOLIDATIONVIRTUALISATION
HYBRIDCLOUDS
2000 2010 2015 TheNext5+Years
AUTOMATION
TRADITIONALDATACENTRE
Wearehere
CLOUDDATACENTRE
Efficiency
6
Modern data centers are getting increasingly complex
• Zerotrustmodel
• Multicloudorchestration
• Applicationportability
Hybridcloud
• Increaseineast-westtraffic
• Expandedattacksurface
• Opensource
Bigandfastdata
• Continuousdevelopment
• Applicationmobility
• Microservices
Rapidappdeployment
ACI Architecture
9
Intent (May)
Assurance (Can)Analytics (Did)
Configuration Analysis“Very Large State-Space”
Traffic Analysis“Lots of Data”
GuaranteesComplianceConsistency
POLICYACI
ADMSecurityForensics
Analytics
Tetration Analytics PlatformEvery Packet, Every Flow, Every Speed
10
CiscoTetrationAnalytics™
Network
PervasiveVisibilityandForensics
ApplicationInsight
Policy
Compliance
Cisco Tetration Analytics
11
ApplicationInsights
PolicySimulationandImpactAssessment
AutomatedWhitelistPolicyGeneration
Forensics:EveryPacket,EveryFlow,EverySpeed
PolicyCompliance
andAuditability
Cisco Tetration AnalyticsPervasive Sensor Framework
12
Providescorrelationofdatasourcesacrossentireapplicationinfrastructure
Enablesidentificationofpointeventsandprovidesinsightintooverallsystemsbehavior
Monitorsend-to-endlifecycleofapplicationconnectivity
Application Discovery and Endpoint Grouping
13
CiscoTetrationAnalytics™ Platform
BM VM VM BM
BM VM VM BM
Brownfield
BM VM VM VM BM
CiscoNexus® 9000Series
Bare-metal,VM,&switchtelemetry
VMtelemetry(AMI…)
Bare-metal&VMtelemetry
BM VM
BMVM
VM BM
VMVM
VM BM
BMVM
BM
Network-onlysensors,host-onlysensors,orboth(preferred)
BaremetalandVM
On-premisesandcloudworkloads(AWS)
Unsupervisedmachinelearning
Behavioranalysis
Whitelist Policy Recommendation
14
ApplicationDiscovery
AppTier DBTier
Storage
WebTier
Storage
PolicyEnforcement(FutureRoadmap)
WhitelistPolicyRecommendation(AvailableinJSON,XML,andYAML)
Real-Time and Historical Policy Simulation
15
• Validatingpolicyimpactassessmentinrealtime• Simulatingpolicychangesoverhistorictraffic
• Viewtraffic“outliers”forquickintelligence• Auditbecomesafunctionofcontinuousmachinelearning
CiscoTetrationAnalytics™ Platform
VM BM
VMVM
BM VM
VMVM
VM BM
VMVM
VM
Policy Compliance
16
• Identifypolicydeviationsinreal-time
• Reviewandupdatewhitelistpolicywithoneclick
• Policylifecyclemanagement
VM BM
VMVM
BM VM
VMVM
VM BM
VMVM
VM
CiscoTetrationAnalytics™ Platform
VM
BM
VM
Tetration Analytics
17
Servers
BufferStats
Process
User
Compute
ApplicationInsights Policy Forensics
Tetration AnalyticsEnginePBScaleSecureAppliance
EcosystemPartners
Network
Networkflows
Application
Depe
nden
cy
Application
Perfo
rmance
Automation&
Compliance
Enforcem
ent
Infra
structure
Behavioral
Anom
alies
Tetration AnalyticsArchitectureOverview
AnalyticsEngine
CiscoTetrationAnalytics™ Platform
VisualizationandReporting
WebGUI
RESTAPI
PushEvents
DataCollection
HostSensors
NetworkSensors
3rd-PartyMetadataSources
TetrationTelemetry
ConfigurationData
CiscoNexus®
92160YC-XCiscoNexus93180YC-EX
VM
18
PervasiveSensorsHostSensors NWSensors 3rd Party
Geo
Whois
IPWatchLists
LoadBalancers
…
LinuxVM
WindowsServerVM
BareMetal(LinuxandWindowsServer)
Hypervisors
Containers
AvailableatFCS NextGeneration9Kswitches Futurereleases 3rdpartyDataSources
ü LowCPUOverhead(SLAenforced)ü LowNetworkOverhead(SLAenforced)
ü HighlySecure(CodeSigned,Authenticated)ü Everyflow(Nosampling),NOPAYLOAD
Nexus9200-X
Nexus9300-EX
19
TraditionalMonitoringIsShowingItsAgeNotsuitedforModernNetworkandSecurityOperations
Where Data Is Created Where Data Is Useful
Non Realtime
SNMP
CLI
Syslog
SNMP
CLI
Syslog
SNMP Server
Syslog Collector
Scripts
Storage&Analysis
Strongburdenonback-end
Normalizedifferentencodings,transports,datamodels,
timestamps
20
StreamingTelemetryisagamechangerMonitoringbecomesabigdataproblem
WhereDataIsCreated WhereDataIsUseful
• Streamingparadigm
• DenseSensorFramework
• IncreasedDataGranularity
• Updateoneveryevent
• MultipleDataSources
Volume – ScaleofDataVelocity – AnalysisofStreamingDataVariety – DifferentFormsofData
Removinglimitationsandcomplexity
BigDataandMachineLearningProblem
Realtime
21
Tetration SensorsLocations
9732C-EXLC
HYPERVISORHYPERVISOR
92160CY-X93180Y-EX
HYPERVISOR
SoftwareSensorProcesses&Socket
PacketandFlowEvents
HardwareSensorPacketandFlowEventsBufferandSwitchState
Tetration Cluster
23
• EmbeddedModule(FlowCache)• Nexus92160CY-X• Nexus93180Y-EX&9732C-EXLineCards
• ExtractsMeta-Datafromtheforwardingpipeline• Nolatencyimpact,noperformanceimpact
HardwareSensor
PRX LUA LUB
FlowCache
LUC
24
• Notinthedatapath• SitsinUserSpace• DesignedbyKernelDevelopers
• Secure• CodeSigned
• SLAEnforcement• CPUandBWthrottling
• FCSavailability• Windows
• 2008/2008R2/2012/2012R2• Linux
• RedHat (5.3+,6.x)• CentOS(5.11+,6.x)• Ubuntu(12.04,14.04,14.10)
SoftwareSensor
NIC
Driver
NetworkStack
Application
libpcap
Tetration Sensor
25
Tetration AnalyticsArchitectureOverview
AnalyticsEngine
CiscoTetrationAnalytics™ Platform
VisualizationandReporting
WebGUI
RESTAPI
PushEvents
DataCollection
HostSensors
NetworkSensors
3rd-PartyMetadataSources
TetrationTelemetry
ConfigurationData
CiscoNexus®
92160YC-XCiscoNexus93180YC-EX
VM
28
TheAnalyticsClusterComponents
• HadoopBasedPlatform• Selfmanaged• Onetouchdeployment
• TieredSystem• HeavyComputeforMachineLearning• Cachingforlightspeedqueries
• Extensibility(future)• MessagingBus• APIAccess
LongTermStorage
(DataLake)
Caching(Search)
FrontEnd
Compute(DataCleaningand
Analytics)
29
• TheAnalyticsClusteroperatesasanappliance• AvoidstheneedforinhouseBigData,Analyticsexpertise• SupportedbyCiscoTAC
• SelfMonitoring• Theclusterleveragesasensorarchitecturetotrackit’sstateandprovideseventbasednotificationsfor
• Softwareupgradesandfullinstallareallautomated
TheAnalyticsClusterAppliance
30
AnalyticsEngineThePlatform
• HadoopBasedPlatform• Selfmanaged• Onetouchdeployment
• TieredSystem• HeavyComputeforMachineLearning• Cachingforlightspeedqueries
• Extensibility(future)• MessagingBus• APIAccess
LongTermStorage
(DataLake)
Caching(Search)
FrontEnd
Compute(DataCleaningand
Analytics)
33
34
FrontEndGUI,RESTfulAPI,MessagingBUS
• Servershostingfrontendprocesses
• GUIandOperationalInterfaces
• RESTfulAPI(postFCS)
• MessagingBUS(postFCS)
ACI Architecture
35
Intent (May)
Assurance (Can)Analytics (Did)
Configuration Analysis“Very Large State-Space”
Traffic Analysis“Lots of Data”
GuaranteesComplianceConsistency
ACI
ADMSecurityForensics
Summary
36
Pervasiveflowtelemetrythat
supportsinfrastructureformultipledatacentersatscale
Ready-to-usesolutiontoaddresscriticaldatacenter
operationalusecases
Self-monitoringandeliminatetheneed
forin-housebigdata
expertise
OpenplatformandnorthboundAPIsenabletransparent
integration
VM
Acceleratedadoptionandcomprehensive
SolutionsupportwithServices