Cisco Blogs
Share

Visibility Into Tetration Analytics, Part 2

- June 17, 2016 - 1 Comment

This is the second of a two part series on Tetration Analytics, a platform designed to help customers gain complete visibility across their data centers in real time. Part 1 covered challenges, an overview of the solution, and components. Today, I’ll cover use cases, benefits and additional resources for you to get more details.

 Use Cases

There are 5 key use cases I want to call out. These will help illustrate how Tetration Analytics provides such pervasive visibility and will help clarify why we call it a Data Center Time Machine.

Screen Shot 2016-06-13 at 9.39.48 AM

Application Insights: I spent quite a bit of time covering the problems associated with this use case in the Challenges section of yesterday’s blog. The bottom line is that most folks simply don’t have visibility into their infrastructure. They don’t know all the apps on their network and even if they do, they don’t know where/how they’re communicating, or all the components a given app relies on to function properly. Tetration Analytics provides application behavior based mapping of processes and flows based on unsupervised machine learning (i.e. it figures stuff out so you don’t have to). It collects all of the flows North-South as well as East-West. It is smart enough to map and group your applications autonomously. You can also intervene and teach Tetration Analytics to learn new groupings if you have unique circumstances. As it maps the application components and all network traffic between them, this ultimately results in simplified application operations, migration and disaster recovery planning. It also allows you to convert this information into policies for ACI.

Policy Simulation & Impact Assessment: When we call Tetration Analytics a time machine for your DC, the inference is that you can look at the past, present and future. Here is an example of how you can look in to the future by simulating policy. With this use case, a user can essentially do an impact analysis using historical or realtime data – and NOT affect production traffic. This lets you see how new policies would affect actual traffic flowing through the network. You can also assess which flows will be classified as compliant, noncompliant or dropped. It lets you, for example, simulate a whitelist policy and assess its impact before applying it in the production network. Seeing the impact of a change before you make it clearly has huge benefits and can keep you out of trouble.

Automated Whitelist Policy Generation: I’m guessing you come from a blacklist world, i.e. any source can talk to any destination by default, unless you explicitly deny communication, through an ACL, for example. With whitelist policy, it’s just the opposite – nothing talks by default, unless you explicitly allow it. This is a beautiful thing, because it reduces your attack surface – exploits are kept from propagating across applications, tenants and data. This has obvious benefits in terms of security, but also compliance, since it is basically self documenting. This means no more scrambling to collect ACL’s for an audit, since compliance can be validated quickly by comparing actual traffic flows to the whitelist policies.  As compelling as the whitelist policy model is, it can also be a challenge to move to if you don’t have visibility into all your apps, their communications, and their dependencies. Tetration can provide an automated whitelist policy that can be exported and deployed within your infrastructure for a true zero trust model.

Forensics: Tetration Analytics collects and stores all data flows allowing you to search them when, where and how you want. This significantly reduces the time to investigate and solve problems. You can look at things in real time or historical views of what happened in the past. Today, I’m guessing when you have a problem you instrument the area (enable a span port, use a tap, bust out a sniffer or whatever) and see what you can find. There are a whole set of challenges with that approach, but suffice to say they go away when Tetration Analytics is everywhere, constantly watching everything, allowing you to replay whatever you need, whenever you need it.

Policy Compliance: I mentioned this earlier, but in short, Tetration Analytics documents the policies in place and can compare the traffic flows against them, flagging exceptions and providing remediation.

Benefits

Tetration Analytics provides a multitude of IT and Business benefits. Benefits were covered here, and I’ll summarize a few more of them below:

IT Benefits

  • Make informed operational decisions driving intelligent changes with predictable outcomes (e.g. validate a change before it’s executed by understanding the change’s impact on applications)
  • Validate that policy changes have actually been applied and taken full effect
  • Bring greater reliability to data center operations with complete knowledge of interactions and dependencies in the data center
  • Effectively identify application behavior deviation and better manage network policy compliance
  • Long-term data retention supports forensics and analysis with an easy to use interface

Business Benefits

The benefits above translate into superior visibility, which lead to a more secure environment, as well as a more agile and highly available infrastructure. This means the business can better guard against brand damage resulting from security breaches, better avoid unplanned outages as well as move with more speed and confidence.

Resources

There is a lot of Tetration Analytics information in many different forms.   Here is a quick overview to help you sift through some of it more efficiently:

  • 2 minute overview video – what Tetration Analytics is
  • 3 ½ minute overview animation – how Tetration Analytics works
  • Analyst report from IDC
  • Profile of Cisco IT’s experience with Tetration Analytics
  • Technical white papers
  • Data sheet
  • Nexus 9000 hardware sensors at-a-glance
  • A bunch more content at this web page…I’d especially recommend scrolling down to “I need to…” and checking out the whiteboard videos there

Thanks for checking out the blog. I hope you can see why we are so excited about the ways Tetration Analytics will help our customers gain pervasive visibility across their Data Centers.

Image source: Pixabay

Tags:

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.

1 Comments

  1. I was reading through some of your blog posts on this site and I conceive this web site is very instructive! Keep on putting up. http://tim-ramerth.de/Forum/member.php?action=profile&uid=165120

Share