George BoulescuConsulting Systems Engineer

19/10/2016

Self-driving Datacenter:Analytics

AlvinTofflerisaformerassociateeditorofFortunemagazine,knownforhisworksdiscussingthedigitalrevolution,communicationrevolution,andtechnologicalsingularity

Define Security

Theconsciousorunconsciousacceptanceofarisk inrelationoftheprobabilityofthisbecomingtoberealityinadeltaTime…

Datacenter Evolution

Datacenter Evolution

We Are at the Cusp of a Major Shift

DIGITALEXPERIENCESEFFICIENCY SIMPLICITY|SPEED

AdoptionCurve

ITasaServiceIaaS |PaaS |SaaS|XaaS

FlexibleConsumptionModels

CONSOLIDATIONVIRTUALISATION

HYBRIDCLOUDS

2000 2010 2015 TheNext5+Years

AUTOMATION

TRADITIONALDATACENTRE

Wearehere

CLOUDDATACENTRE

Efficiency

6

Modern data centers are getting increasingly complex

• Zerotrustmodel

• Multicloudorchestration

• Applicationportability

Hybridcloud

• Increaseineast-westtraffic

• Expandedattacksurface

• Opensource

Bigandfastdata

• Continuousdevelopment

• Applicationmobility

• Microservices

Rapidappdeployment

Whatifyoucouldactuallylookateverydatapacketheaderthathasevertraversedthenetworkwithoutsampling?

8

ACI Architecture

9

Intent (May)

Assurance (Can)Analytics (Did)

Configuration Analysis“Very Large State-Space”

Traffic Analysis“Lots of Data”

GuaranteesComplianceConsistency

POLICYACI

ADMSecurityForensics

Analytics

Tetration Analytics PlatformEvery Packet, Every Flow, Every Speed

10

CiscoTetrationAnalytics™

Network

PervasiveVisibilityandForensics

ApplicationInsight

Policy

Compliance

Cisco Tetration Analytics

11

ApplicationInsights

PolicySimulationandImpactAssessment

AutomatedWhitelistPolicyGeneration

Forensics:EveryPacket,EveryFlow,EverySpeed

PolicyCompliance

andAuditability

Cisco Tetration AnalyticsPervasive Sensor Framework

12

Providescorrelationofdatasourcesacrossentireapplicationinfrastructure

Enablesidentificationofpointeventsandprovidesinsightintooverallsystemsbehavior

Monitorsend-to-endlifecycleofapplicationconnectivity

Application Discovery and Endpoint Grouping

13

CiscoTetrationAnalytics™ Platform

BM VM VM BM

BM VM VM BM

Brownfield

BM VM VM VM BM

CiscoNexus® 9000Series

Bare-metal,VM,&switchtelemetry

VMtelemetry(AMI…)

Bare-metal&VMtelemetry

BM VM

BMVM

VM BM

VMVM

VM BM

BMVM

BM

Network-onlysensors,host-onlysensors,orboth(preferred)

BaremetalandVM

On-premisesandcloudworkloads(AWS)

Unsupervisedmachinelearning

Behavioranalysis

Whitelist Policy Recommendation

14

ApplicationDiscovery

AppTier DBTier

Storage

WebTier

Storage

PolicyEnforcement(FutureRoadmap)

WhitelistPolicyRecommendation(AvailableinJSON,XML,andYAML)

Real-Time and Historical Policy Simulation

15

• Validatingpolicyimpactassessmentinrealtime• Simulatingpolicychangesoverhistorictraffic

• Viewtraffic“outliers”forquickintelligence• Auditbecomesafunctionofcontinuousmachinelearning

CiscoTetrationAnalytics™ Platform

VM BM

VMVM

BM VM

VMVM

VM BM

VMVM

VM

Policy Compliance

16

• Identifypolicydeviationsinreal-time

• Reviewandupdatewhitelistpolicywithoneclick

• Policylifecyclemanagement

VM BM

VMVM

BM VM

VMVM

VM BM

VMVM

VM

CiscoTetrationAnalytics™ Platform

VM

BM

VM

Tetration Analytics

17

Servers

BufferStats

Process

User

Compute

ApplicationInsights Policy Forensics

Tetration AnalyticsEnginePBScaleSecureAppliance

EcosystemPartners

Network

Networkflows

Application

Depe

nden

cy

Application

Perfo

rmance

Automation&

Compliance

Enforcem

ent

Infra

structure

Behavioral

Anom

alies

Tetration AnalyticsArchitectureOverview

AnalyticsEngine

CiscoTetrationAnalytics™ Platform

VisualizationandReporting

WebGUI

RESTAPI

PushEvents

DataCollection

HostSensors

NetworkSensors

3rd-PartyMetadataSources

TetrationTelemetry

ConfigurationData

CiscoNexus®

92160YC-XCiscoNexus93180YC-EX

VM

18

PervasiveSensorsHostSensors NWSensors 3rd Party

Geo

Whois

IPWatchLists

LoadBalancers

…

LinuxVM

WindowsServerVM

BareMetal(LinuxandWindowsServer)

Hypervisors

Containers

AvailableatFCS NextGeneration9Kswitches Futurereleases 3rdpartyDataSources

ü LowCPUOverhead(SLAenforced)ü LowNetworkOverhead(SLAenforced)

ü HighlySecure(CodeSigned,Authenticated)ü Everyflow(Nosampling),NOPAYLOAD

Nexus9200-X

Nexus9300-EX

19

TraditionalMonitoringIsShowingItsAgeNotsuitedforModernNetworkandSecurityOperations

Where Data Is Created Where Data Is Useful

Non Realtime

SNMP

CLI

Syslog

SNMP

CLI

Syslog

SNMP Server

Syslog Collector

Scripts

Storage&Analysis

Strongburdenonback-end

Normalizedifferentencodings,transports,datamodels,

timestamps

20

StreamingTelemetryisagamechangerMonitoringbecomesabigdataproblem

WhereDataIsCreated WhereDataIsUseful

• Streamingparadigm

• DenseSensorFramework

• IncreasedDataGranularity

• Updateoneveryevent

• MultipleDataSources

Volume – ScaleofDataVelocity – AnalysisofStreamingDataVariety – DifferentFormsofData

Removinglimitationsandcomplexity

BigDataandMachineLearningProblem

Realtime

21

WhyMultipleSensors?Examplemonitoringtemperatureinaroom

LampSensor PlugSensor

Heater

22

Tetration SensorsLocations

9732C-EXLC

HYPERVISORHYPERVISOR

92160CY-X93180Y-EX

HYPERVISOR

SoftwareSensorProcesses&Socket

PacketandFlowEvents

HardwareSensorPacketandFlowEventsBufferandSwitchState

Tetration Cluster

23

• EmbeddedModule(FlowCache)• Nexus92160CY-X• Nexus93180Y-EX&9732C-EXLineCards

• ExtractsMeta-Datafromtheforwardingpipeline• Nolatencyimpact,noperformanceimpact

HardwareSensor

PRX LUA LUB

FlowCache

LUC

24

• Notinthedatapath• SitsinUserSpace• DesignedbyKernelDevelopers

• Secure• CodeSigned

• SLAEnforcement• CPUandBWthrottling

• FCSavailability• Windows

• 2008/2008R2/2012/2012R2• Linux

• RedHat (5.3+,6.x)• CentOS(5.11+,6.x)• Ubuntu(12.04,14.04,14.10)

SoftwareSensor

NIC

Driver

NetworkStack

Application

libpcap

Tetration Sensor

25

Methodstodeploythesensor

26

ComingsoontoaGitHubnearyougithub.com/datacenter

27

Tetration AnalyticsArchitectureOverview

AnalyticsEngine

CiscoTetrationAnalytics™ Platform

VisualizationandReporting

WebGUI

RESTAPI

PushEvents

DataCollection

HostSensors

NetworkSensors

3rd-PartyMetadataSources

TetrationTelemetry

ConfigurationData

CiscoNexus®

92160YC-XCiscoNexus93180YC-EX

VM

28

TheAnalyticsClusterComponents

• HadoopBasedPlatform• Selfmanaged• Onetouchdeployment

• TieredSystem• HeavyComputeforMachineLearning• Cachingforlightspeedqueries

• Extensibility(future)• MessagingBus• APIAccess

LongTermStorage

(DataLake)

Caching(Search)

FrontEnd

Compute(DataCleaningand

Analytics)

29

• TheAnalyticsClusteroperatesasanappliance• AvoidstheneedforinhouseBigData,Analyticsexpertise• SupportedbyCiscoTAC

• SelfMonitoring• Theclusterleveragesasensorarchitecturetotrackit’sstateandprovideseventbasednotificationsfor

• Softwareupgradesandfullinstallareallautomated

TheAnalyticsClusterAppliance

30

FCSAnalyticsClusterConfigurations

4x3-PhasePDU22.5KWPeakPower

4x1-PhasePDU11.5KWPeakPower

31

32

OptionsforFutureClusterModels

AnalyticsEngineThePlatform

• HadoopBasedPlatform• Selfmanaged• Onetouchdeployment

• TieredSystem• HeavyComputeforMachineLearning• Cachingforlightspeedqueries

• Extensibility(future)• MessagingBus• APIAccess

LongTermStorage

(DataLake)

Caching(Search)

FrontEnd

Compute(DataCleaningand

Analytics)

33

34

FrontEndGUI,RESTfulAPI,MessagingBUS

• Servershostingfrontendprocesses

• GUIandOperationalInterfaces

• RESTfulAPI(postFCS)

• MessagingBUS(postFCS)

ACI Architecture

35

Intent (May)

Assurance (Can)Analytics (Did)

Configuration Analysis“Very Large State-Space”

Traffic Analysis“Lots of Data”

GuaranteesComplianceConsistency

ACI

ADMSecurityForensics

Summary

36

Pervasiveflowtelemetrythat

supportsinfrastructureformultipledatacentersatscale

Ready-to-usesolutiontoaddresscriticaldatacenter

operationalusecases

Self-monitoringandeliminatetheneed

forin-housebigdata

expertise

OpenplatformandnorthboundAPIsenabletransparent

integration

VM

Acceleratedadoptionandcomprehensive

SolutionsupportwithServices