I recently did a project involving several moving parts, including Splunk, VMware vSphere, Cisco UCS servers, EMC XtremSF cards, ScaleIO and Isilon. The project goal was to verify the functionality and performance of EMC storage together with Splunk. The results of the project can be applied to a basic physical installation of Splunk, and I added VMware virtualization and scale-out storage to make sure we covered all bases. And I’d now like to share the project results with you, my dear readers.
Splunk is a great engine for collecting, indexing, analyzing, and visualizing data. What kind of data you ask? Pretty much everything you think of, including machine data, logs, billing records, click streams, performance metrics and performance data. It’s very easy to add your own metric that you want to measure, all it takes is a file or a stream of data that you enter into your Splunk indexers. When all that data has been indexed (which it does very rapidly as seen in my earlier blog post), it becomes searchable and useful to you and your organization. Read More »
I recently did a project involving several moving parts, including Splunk, VMware vSphere, Cisco UCS servers, EMC XtremSF cards, ScaleIO and Isilon. The project goal was to verify the functionality and performance of EMC storage together with Splunk. The results of the project can be applied to a basic physical installation of Splunk, and I added VMware virtualization and scale-out storage to make sure we covered all bases. And I’d now like to share the project results with you, my dear readers. Learn more about it here.
A new and innovative architecture? Perhaps, but that is only part of the story.
A unique, compelling management paradigm that sped and simplified tasks, while promoting collaboration? Potentially, and definitely part of the formula as well.
The real story is People. People buy technology to do work that needs done. People have to think ahead, they must understand what will be needed and then decide on a path, on a partner (still more people) to develop and deliver the technology they need. [I had a bunch more “people” in here but it was getting really ridiculous, instead of only slightly ridiculous.]
Real people, not real stories, making real decisions every day chose the technology that meets their needs, now and in the future. They decide what works and what does not.
So why UCS? There have been a lot comments about UCS over the years that have resonated with me on this very question. I wanted to share two that seemed most on point right now. It is a little bit of “then and now” since they are two years apart, but it felt right and the sentiments are remarkably similar.
“…Unlike other server vendors, Cisco’s UCS launch was from a fresh-fields approach that recognized the industry’s shift towards server virtualization and consolidation. Not tied down by legacy architectures…” – Cisco UCS – Undisputed Computing Success, March 2012, ZD Net, Archie Hendryx
“Five years ago…Cisco Systems launched…UCS…into the gaping maw of the Great Recession…Recessions have always accelerated transitions in IT architecture…in the favor of upstarts with new ideas and against incumbents who are set in their ways…” – Five Years On, UCS Makes Cisco A Systems Player, April 2014, EnterpriseTech, Timothy Prickett Morgan
“…upstarts with new ideas…” -- sounds like a pretty fair summary.
So where do UCS Customers see real benefit? I’d rather they tell you their real story:
Every day, security threats continue to evolve, as cyber attackers continue to exploit gaps in basic security controls. In fact, the federal government alone has experienced a 680% increase in cyber security breaches in the past six years, and cybersecurity attacks against the US average 117 per day. Globally, the estimated annual cost of cybercrime is over $100 billion. Often, even when security breaches are identified, it can be extremely difficult to figure how they happened or who is responsible.
One company working hard to prevent these threats is Solutionary, a managed security services provider (MSSP) that actively monitors their customers’ technology systems in order to identify and thwart security events before any negative impacts occur.
In order to provide real-time analytics of client traffic and user activity, Solutionary, a wholly owned subsidiary of NTT Group, developed a patented Solutionary ActiveGuard® Security and Compliance Platform which correlates data across global threats and trends in order to quickly identify security alerts and provide clients with actionable alerts.
The patented, cloud-based ActiveGuard® Security and Compliance Platform is the technology behind Solutionary Managed Security Services
In order to keep up with growing data volumes, the need for fast security analytics, and their expanding client base, Solutionary needed to find a way to quickly scale their infrastructure, as their traditional server infrastructure was not able to easily scale and support in-depth analysis. Their challenge was to figure out how to:
1) Increase their data analytics capabilities and improve their clients’ security
2) Cost-effectively scale as their clients/data volume grows
When a security threat occurred in the past, the legacy systems could only be used to analyze log data; they couldn’t see the big picture. Thus, when an event happened, it would sometimes take weeks of forensics work to figure out what had occurred. In order to meet these challenges, Solutionary turned to the MapR Distribution for Hadoop running on the Cisco Unified Computing System™. By using Hadoop, Solutionary was able to smoothly analyze both structured and unstructured data on a single data infrastructure, instead of relying on a costly traditional database solution that couldn’t pull in both structured and unstructured data into a single platform for analysis.
Cisco UCS Common Platform Architecture for Big Data
Specifically, the Cisco/MapR environment consists of two MapR clusters of 16 Cisco UCS C240 M3 Rack Servers. Solutionary uses the Cisco UCS Manager to provision and control their servers and network resources, while the Cisco UCS 6200 Series Fabric Interconnects provide high-bandwidth connections to servers, and act as centralized management points for the Cisco infrastructure, eliminating the need to manage each element in the environment separately. Because of the environment’s high scalability, it’s easy for the fabric interconnects to support the large number of nodes needed for MapR clusters. Scalability is improved even further by using the Cisco UCS 2200 Series Fabric Extenders to extend the network into each rack.
Cisco UCS Components
With MapR and the Cisco UCS CPA for Big Data environment, Solutionary can now access a much greater amount of data analysis and contextual data, giving them a more informed picture of behavior patterns, anomalous activities, and attack indicators. By quickly identifying global patterns, Solutionary can identify new security threats and put them into context for their clients.
Let me know if you have any comments or questions, or via twitter at @CicconeScott.