Last updated 4.10.2019
Bookmark this blog! New videos will be added in the near future.
At Cisco Live Orlando 2018, Chuck reminded all of us how applaudable you network engineers and managers are. You enabled our world of internet, e-commerce, mobile devices, collaboration, AI, IoT, you name it! All was made possible by what you do.
As You Innovate…
As you and your business continue to innovate, you will face the risks that come with it, and security must be one of the top priorities. For this, Cisco has designed Cisco Tetration that brings you holistic workload protection for multicloud data centers.
Top Notch Data Center Security
To get started, the following series of light-board videos will help you understand conceptually what are the security aspects you need to pay attention to, and how Cisco Tetration can address your data center security and visibility problems. At the end of the videos, I recommend you to watch a series of demos.
From oldest to newest:
Overview: Cloud Workload Protection with Cisco Tetration
Learn how to protect cloud workload with Loy Evans, a must-have knowledge for all network/data center administrators
Overview: Difference Between Whitelist and Blacklist Policy in Cisco Tetration
Learn what the differences between Whitelist and Blacklist policy are, and how you can use them for a more secured network.
Overview: How to Use Annotations to Provide Key Context in Cisco Tetration
Learn how to use annotations to provide key context for the information you see in Cisco Tetration and make better assessment to build a more secured data center.
Overview: How to Solve the Network Visibility Problem with Cisco Tetration
See how you can solve your network visibility problems.
Overview: Network Visibility vs. Host Visibility with Cisco Tetration
Learn what the differences are between network visibility and host visibility, what type information each of them present, and how to make better assessment about your network.
Overview: How to Focus Your Machine Learning using Scopes in Cisco Tetration
Loy Evans explains how Cisco Tetration gathers and analyzes data. You will understand why it’s the most advanced analytics and security tool for your data center.
Overview: Turning On Segmentation in the Data Center with Cisco Tetration
Loy Evans explains how segmentation in the data center is made easy with Cisco Tetration.
Overview: Effective Segmentation for the Cloud or Data Center – Cisco Tetration
Loy Evans explains why segmentation is difficult and how Cisco Tetration can make it easy.
Overview: How to manage segmentation policy with Cisco Tetration
Loy Evans explains what declarative policy is, how you can create policies within Cisco Tetration, and how to maintain a policy that is accurate, as the number of applications grow and flex dynamically.
Overview: Looking into the essential information that Cisco Tetration uses
Loy Evans dives into what types of data there are, where they come from, and how Cisco Tetration uses them. This helps explain how Cisco Tetration gathers data center insights fast and accurately.
Impressed by these concepts yet? Watch actual demos to see Cisco Tetration in action:
How can Cisco Tetration be linked to NSX in VMware?
Thanks for the complements!
There are a couple of link directions you might be asking, so I'll answer both and hopefully that gives you the info you're looking for.
Link from NSX to tetration:
Tetration can gather information and flow data from the workload instances, thus there is no required linkage from Tetration to ANY underlying physical or virtual infrastructure.
Note: Having said that, in the instances where there is an environment with some specific Cisco hardware, we can gather a significantly deeper level of telemetry to provide hop-by-hop performance and diagnostics information related to every flow observed.
Link from Tetration to NSX:
What Tetration does at the core is analyze millions or billions of flow records and perform the difficult task of providing the logical mapping of what types of communications are happening in that sea of data. It starts by arranging the communicating members of the conversations into logical groupings. Another thing that Tetration does is analyze the conversations that happen between those cluster groupings. From there, Tetration will provide a detailed analysis of how the relevant policy for these clusters and conversations would be expressed. This policy information is available via 1) direct export from the UI, 2) direct access via API, or 3) streamed via a policy message bus. From that point, any enforcement control system (such as ACI, SourceFire, AWS Security Groups, Azure Security groups, NSX DFW, etc.) can use that policy information for enforcement.
We are working with a number of companies to provide supported integration models that can ingest the policy, normalize it, then push it to the enforcement system to execute that policy.
In the specific case of NSX DFW, the policy that Tetration generates would need to be extracted from the cluster via one of the three methods listed above, normalized via program or script and then pushed into NSX.
Hope that answers your Q…
Very useful, thanks Emmeline.
Nice work, Loy! I really like the Lightboard format.
Great series on Tetration.
Comments are closed.