Big Data is better than a sharp stick in the eye. I can say this with great authority, since I missed the first half of Strata+Hadoop World 2015 in San Jose because of the latter. But eye injuries have never kept me offline for long, and I was able to follow online with what I didn’t see in person. But I was very happy to make it in to the show on Friday, and even got a seat at about row 6 in the main hall for the keynotes. Read More »
It’s been a busy couple of weeks for us in big data land. One thing that struck me is how much we learned about the big data and analytics space after hours at Strata Hadoop, and sometimes that can be just as exciting as what we learn during the sessions. I have a couple of videos I like to share with you to prove my point.
In this video, I learned some things from Jim Scott, MapR. First, MapR is providing –and get ready because it’s a mouthful—“ an online, Interactive, platform neutral, vendor agnostic training” — and some cool use cases of a Hadoop cluster in a briefcase.
Want to learn more about what we are doing with our partners? Check out the Webinar At A Glance from our recent Big Data webcast, “Analytics Solutions for Driving Better Business Outcome,” which is available on demand now. The feedback has been amazing and we plan to do more of these with our partners in the future.
Have some interesting stories or solutions you would like to share? Find me on Twitter, @JimMcHugh, we can work together to get the news out.
Previous blogs in this series, both by Splunk and Cisco, detail how Cisco Identity Services Engine (ISE) can be used to drive enhanced event visibility in Splunk.
Splunk is a machine data platform that allows you to search, report, alert, and visualize any data that it ingests. Cisco ISE brings an added dimension to analyzing all this data; it attaches key contextual data (for example, username, location, network policy status) to events and data analyzed by Splunk. The Splunk for ISE app, a free download from Splunk, comes with a number of built-in dashboards to correlate this machine data with user information and create customizable dashboards and reports.
However, this integration doesn’t just create pretty dashboards – it turns event analysis into action. Read More »
Cisco Identity Services Engine (ISE) is commonly associated with use as a network access policy, BYOD and AAA platform. But to do its job in network policy, ISE collects a great breadth of telemetry about network users and devices. Whether a device is trying to access the network or is already connected, ISE knows specifics about:
- What the device type is (e.g., iPad Air 2 running iOS 8.1.2)
- How it is connected to the network (e.g., enterprise Wi-Fi)
- From where (e.g., access point in “California/SanDiego/Building 2/Floor 3/South”)
- Security and compliance posture of the device (e.g., Antimalware operating and up to date? PIN lock configured?)
- Who the user is on the device…or if it even has a user (e.g., printer)
- What policy and AD/LDAP group the user belongs to (e.g., “IT Admin” authorization group)
- Related session IP address and MAC address
While ISE primarily uses all this telemetry to establish network policies, it also shares it for use by other IT platforms. By doing so, ISE helps these platforms become more identity and device aware and thus more effective in a variety of ways. And this is where Splunk comes in.
On January 13th, 2015, Cisco will celebrate the 1-year anniversary of its launch of Application Centric Infrastructure (ACI), a ground breaking SDN architecture. It will include a public webcast with the participation of early ACI adopters and our ecosystems partners. One of these inaugural partners was Splunk, the Operational Intelligence company for all types of IT organizations. At the webcast, Splunk and other partners will describe a range of new solutions with ACI, that dramatically simplify Data Center operations. Here is a preview of Splunk’s solution.
A large portion of the data center operational effort is consumed in managing application health. This includes:
- Ensuring the end-user experience for distributed users with different types of performance needs
- Discovering the physical and virtual resources associated with applications and the user experience
- Detailed monitoring of resources and events in the infrastructure that affect application performance
These activities have become more complex as applications have become distributed, interconnected or cloud based because they cause applications to move, scale and evolve rapidly.
Splunk Enterprise can monitor and analyze millions of infrastructure events through logs and agents, in real-time. This can provide rapid visibility and isolation of infrastructure that affect application performance. Cisco has been collaborating with Splunk to combine the application visibility of Cisco Application Centric Infrastructure with operational analytics of Splunk Enterprise. The result is “Cisco ACI for Splunk Enterprise” a highly scalable application that is orderable immediately at Splunk.com.
ACI and Splunk have enabled a comprehensive view of application health with the ability to monitor the entire end-to-end environment in real time and proactively prevent issues from impacting end users.
ACI provides visibility to application health from the network perspective by tracking all network dependencies and events that impact application performance and security. Splunk complements Cisco ACI by bringing actionable intelligence across the entire data center infrastructure including storage, compute, virtualization endpoints, as well as application tiers and components provided by ACI. Splunk’s analytical and visualization tools provide real-time insights to data center teams to optimize performance and ensure security policies in a highly dynamic environment.
How does it work
Cisco ACI exposes a wealth of networking data previously inaccessible to Splunk. The Cisco ACI app for Splunk Enterprise gathers data from APIC (Application Policy Infrastructure Controller) including APIC network events, health scores and inventory of logical constructs (e.g. tenants, application profiles, end point groups) and physical constructs ( e.g spines, leafs, VMs).
This data is used to:
- Reduce resolution time with accelerated root-cause analysis
- Splunk enables users to reduce the mean time to investigate/resolve problems up to 70%
- Centralized management of operational health of ACI environment & underlying entities in real-time
- Detect issues or anomalies in performance or response times and proactively resolve
- For multiple tenants, quickly navigate to the source of problems using flexible per-role views, including 1) Help Desk view, 2) Tenant View and 3) Fabric view
- Provide Central Proactive Monitoring of Cisco ACI
- Get real-time proactive notification of network traffic and device faults with location, affected objects.
- Track trends and anticipate application impact
- Operational Analytics across the entire virtual and physical infrastructure
- Optimize network capacity and prevent service deterioration with detailed visibility into fabric path degradation.
- Meet compliance/security with user analytics, including authentication tracking reports.
- Correlate data from Cisco ACI with data from storage resources, operating systems, applications, security devices, endpoint and more for enterprise-wide visibility.
- Trace and monitor transactions through all tiers of a distributed application architecture
- Gives application managers a perspective on the underlying Cisco ACI infrastructure’s effect on applications without being directly involved in ACI Ops.
- Monitor key operational metrics such as end-to-end response times to ensure SLAs met.
As an example, a Fortune 100 company is using Splunk with ACI:
- for operational visibility for their ACI cluster with ability to quickly identify faults and troublesome tenants and determine corrective action.
- to provide centralized visibility as ACI expands across multiple data centers and for proactive monitoring to establish baselines and triggered alerts when key thresholds exceeded.
This approach to Application Health is part of the broader discipline of Application Performance Management (APM). According to Gartner, “By 2018, 60% of APM deployments will use and integrate data extracted directly from log files alongside wire data and agent-derived data as a foundation for reporting, prediction, and analysis, up from less than 5% today.” With our collaboration, ACI for Splunk Enterprise provides important new capabilities for Application Performance Management.