View
374
Download
1
Category
Preview:
Citation preview
© 2017 Cisco and/or its affiliates. All rights reserved. 1
Robert Zalobinski Nadir LakhaniTechnical Solutions Architect Technical Solutions Architect
November 28, 2017
Cisco DC Networking:Improved Insight and Programmability
CiscoConnectMontreal
Your TimeIs Now
C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Pillars of Cisco’s Data Center Strategy
Hardware innovationApplication awareMulticloud First Capture Intent
C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Data Center Use Cases
Multicloud Mobility Security Modernize Infra.
• Threat Intel
• Multi-layer
• Compliance
• Performance
• Security
• Scale
Analytics
• Infra.
• Apps.
• Ops.
Automation
• Ops
• Provision
• Maint.
• Benchmark
• Policy
• Blueprints
© 2017 Cisco and/or its affiliates. All rights reserved. 5
Portfolio at a Glance
Nexus 7700 SeriesNexus 7000 Series
Nexus F and M Series Line Cards
Nexus 3200 SeriesNexus 3100 Series
Nexus 3600 R Series
Nexus 5600 SeriesNexus 2300 Series
Nexus 9500 SeriesNexus 97xx Series
Line CardsNexus 96xx-R Series
Line Cards
Nexus 9300 SeriesNexus 9200 Series
Nexus 7000 Series
Modular
Nexus 3000 Series
Fixed
Nexus 5000 and 2000
Series Fixed
Nexus 9000 Series
Modular
Nexus 9000 Series
Fixed
© 2017 Cisco and/or its affiliates. All rights reserved. 6
Areas of Investment
CloudScale ASICs
Nexus 9000 CloudScale
General Data Center Design• High Speed Fabrics
(ACI, NX-OS)• VXLAN, Segment Routing
Broadcom Jericho
Nexus 9000 Jericho
Financials and Collapsed Core/Edge• Financial Multicast (UDP) • VXLAN, Segment
Routing, MPLS• Large Routing Tables and
WAN buffer requirements
Cisco Custom ASICs
Nexus 7000 Series
General Data Center Design• Data Center Interconnect• DC and Campus Core• Cross Domain Policy
Integration
Broadcom T2+/T3/TH/TH2/Jericho
Nexus 3000 Series
Merchant Silicon Alternative• Fabric Designs (customers
specifically looking for BCOM based SOC)
• Specific Use Cases (ULL, Data Path Programmability)
© 2017 Cisco and/or its affiliates. All rights reserved. 7
EX and FX Series Cloud Scale Switches
Nexus 9200/9300
Nexus 9500
EX Cloud Scale
• ACI and NX-OS• 10/25/40/100G• Tetration Hardware Sensor• Support for N2000 (FEX)
FX Cloud Scale Enhancement
• Line rate Encryption • UP (25GbE and 32G FC) • 25G RS FEC
© 2017 Cisco and/or its affiliates. All rights reserved. 8
Nexus 9000 Cloud ScaleFabric Foundation with 2 Year Innovation Advantage
Nexus 9200/9300
Nexus 9500
Nexus 9000 Cloud Scale
InnovationsIntegrated line rate flow captureStreaming analytics export off chipIntegrated line rate encryptionSmart BufferingMulti-speed ports 64p 100G line rate routing in single chipUnified ports—10/25GbE and 8/16/32G FC
© 2017 Cisco and/or its affiliates. All rights reserved. 9
Nexus 9000 Cloud ScaleAddressing Customer Cloud Asks
Visibility and telemetry at line rateEncryption at line rateFastest available: 10/25/50/100GThe right price point/50% lower system costMulti-speed—upgrade when needed/minimize disruptionDynamic Fabric Performance Optimization for Cloud Applications Better reliability
Nexus 9200/9300
Nexus 9500
Nexus 9000 Cloud Scale
© 2017 Cisco and/or its affiliates. All rights reserved. 10
Nexus 9300 PortfolioModular Uplink
Integrated Uplink
48x25G+6x100G (Nexus 93180YC-EX)
48x10GT+6x100G (Nexus 93108TC-EX)
28p 40/50G+4p 100G (Nexus 93180LC-EX)
48x10GT+12x40G (Nexus 9396TX)
48x10G+12x40G (Nexus 9396PX)
96x10G+8x40G (Nexus 93128TX)
32x40G (Nexus 9332Q)
48x10GT+6x40G (Nexus 9372TX(E))
48x10G+6x40G (Nexus 9372PX(E))
96x10G+6x40G (Nexus 93120TX)
Gen 1: 2 ASICs Gen 2: CloudScale (1 ASIC)
48x25G+6x100G (Nexus 93180YC-FX)
(Q2CY17)
48x1GT+4x10/25G+2p 100G (Nexus 9348GC-FXP)
48x10GT+6x100G (Nexus 93108TC-FX)
1G
10GT
10/25G
40/50G
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Programmable FabricVXLAN EVPN multi-site solutionVXLAN OAM, Tenant Multicast
Segment Routing L3 EVPNDCNM Integration
Visibility/AnalyticsTetration Integration
NX SW and HW Streaming TelemetryNetflow-v9
SecuritySecured AccessEncryption (MacSec and CloudSec)
High AvailabilityEnhanced ISSU
AutomationDCNMNexus Configuration Mgmt Modules (Puppet/Chef/Ansible) Industry Standard Data Models (OpenConfig / IETF YANG)
InfrastructureNX-SDKIntelligent Services, PMNFCOE FC UP on FX Platforms
Cisco NX-OS
Innovations in Cisco NX-OS
12© 2017 Cisco and/or its affiliates. All rights reserved.
Cisco ACIPath to Agility in an App-Centric World
© 2017 Cisco and/or its affiliates. All rights reserved. 13
Cisco ACI: Industry Leader
Ecosystem Partners
Data Center Switching Growth ACI Customers ACI Attach Rate on N9K Ecosystem Partners
6% Y/Y Q4 50+%4,000+ 65+
C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
ACI Benefits
Any workloadPhysical, Virtual, Containers
Open Programmability
Conducive for Automation/Orchestration
Policy DrivenEliminates Network Dependencies
Optimal DC NetworkEliminates L2 Spanning-Tree ProtocolL3 FabricIntegrated VXLAN OverlayDistributed L3 GW
VMM IntegrationvCenter, HyperV, Openstack,
Kubernetes
Single Point of Configuration APIC Controller
Secure White-list Model
Next-Gen DC FabricSpine / Leaf
Network Services Integration Network Policy, Service Policy, Service Manager
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Remote PoD Multi-Pod / Multi-Site Hybrid Cloud Extension
ACI AnywhereAny Workload, Any Location, Any Cloud
ACI Anywhere
IP WAN
IP WAN
Remote Location Public CloudOn Premise
Security Everywhere Policy EverywhereAnalytics Everywhere
© 2017 Cisco and/or its affiliates. All rights reserved. 16
What’s New in ACI 3.0? Hardware, Security, Scale, Usability, Fabric Extension
Policy-DrivenInfrastructure
Fabric Management• Multi-Site• Refreshed APIC GUI
• Graceful Insertion and Removal• QinQ to EPG Mapping
• TCAM Tile Infra• Latency and Precision Time Protocol
Infrastructure• Nexus 9364C (Fixed Spine)• Nexus 9348GC-FXP (1G ToR)
• N9K-X9736C-FX (Spine LC)• Ingress QoS Policing per EPG
Virtualization• Kubernetes Support• VMM: Delayed EP detach/attach
for DVS and AVS• AVS: QoS Marking
Security• Micro-segmentation Enhancements• 802.1X – End Point Authentication
• 2 Factor Authentication• First Hop Security
© 2017 Cisco and/or its affiliates. All rights reserved. 17
ACI Software EnablementNexus 9000 Platforms
Nexus Foundation: CloudScale Platforms
Nexus 9300
Nexus 9500
Nexus 9000
ACI3.0
Nexus 9364C –Fixed Spine64p 40/100G QSFP
ACI3.0
Nexus 9736C-FX36p 40/100G Line Card (4/8/16 slot)
ACI3.1
N9K-C9516-FM-E2Fabric Module with 100G (16 slot)
ACI2.2(2)
Nexus 93180YC-FX48p 10/25G SFP + 6p 40/100G QSFP
ACI2.2(2)
Nexus 93180TC-FX48p 1/10GT + 6p 40/100G QSFP
ACI3.0
Nexus 9348GC-FXP48p 100M/1G Base-T, 4p 10/25G SFP+
© 2017 Cisco and/or its affiliates. All rights reserved. 18
Inter-Site IP Network
Site A Site B
Multi-SiteAppliance
Geographically Dispersed Active/Active Data Centers
Active/Standby Data Centers For Disaster Recovery
Stretch VRF, EPG, BD Across Sites with VXLAN
Up to 500ms to 1 sec Latency
ACI MultisiteExtends Network Virtualization, Policy & Services to Multiple Fabrics
© 2017 Cisco and/or its affiliates. All rights reserved. 19
First Step Towards Intuitive APIC GUI
Usability• New Look and Feel across Applications• Consistent Layout across Tabs• Collaborate by Sharing Objects• Simplified Topology Views • Release Bulletin• Troubleshooting• User Profiles• Alerts
Operations• Personalized User Profile• Dashboard Widgets• Improved Health Score and
Fault Counts
Configuration• Best of both Basic and Advanced UI• Simplified Port Selectors• Workflows simplified• New APIC Postman App
© 2017 Cisco and/or its affiliates. All rights reserved. 20
Gracefully isolate the node from fabric
Troubleshoot (if required)
Re-commission the node
1
2
3L2/L3
GIR diverts the data traffic to alternate paths and allows node troubleshooting, maintenance and upgrade.
Graceful Insertion and Removal (GIR)
© 2017 Cisco and/or its affiliates. All rights reserved. 21
Cisco ACI Virtual EdgeDecoupled From Hypervisor Kernel API Dependencies
ACI Virtual Edge
ACI Virtual Edge (AVE)
Maintain Existing Operational Models
Simple Transition/Migration AVS => AVE
Policy Consistency Across Multiple Hypervisors
AVS/AVE Feature Parity
Legacy AVS (Today)
Hypervisor Dependent
Cisco AVE (Q1 CY18)
Native vSwitch
VM
Switching + Policy Enforcement
VM VM AVE
Q2 FY18
Q1 CY18
Hypervisor Agnostic
VM VM VM
AVE
AVS
Policy Enforcement, Services, TelemetryU
ser S
pace
Kern
el
Future
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Future
ACI InfrastructureExtend ACI Policy to Satellite Data Centers
Options 1. Remote Physical Leaf (Nexus 9K)ACI 3.1: Q1 CY 2018
2. Remote Pod (Virtual)(Futures)
On Premise
IP Network
L2 / L3
Remote Data Center
Nexus 9K
Physical Leaf
Remote PoD
Virtual (Spine + Leaf)
AVE AVE
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Connectivity
Usability
Maintenance
Operations
ACI Infrastructure Enhancements
Integration of Clustered Network Services
IEEE 1588 and Latency (ACI 3.0)
TCAM Profiles (ACI 2.3 and ACI 3.0)
Maintenance Mode (ACI 3.0)
Software Maintenance Update (SMU)
Patching SupportMixed OS (ACI 2.3)
EPG Contract Inheritance (ACI 2.3)
New APIC GUI with Simplified Workflows
(ACI 3.0)vSphere Tags (ACI 2.3)
100G Front Panel Port Support: 93180LC-EX
(ACI 2.3)
Breakout (93180LC-EX)
(ACI 3.1)
Flexible Port Configuration for Uplink/Downlink
QSA (9364c) (ACI 3.1)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
ACI: Cloud AutomationVirtualization and Orchestration
Deploy Tenant
Deploy App
Deploy Firewall
vSphere 6.5, Tags (ACI 2.3)
vCenter Plugin (RBAC) (ACI 3.0)
NG-Application Virtual Switch
AzurePack –VPN Termination (ASA, ASR 1K)
AzureStack
Newton Support, IPv6 (ACI 2.3)
Bare-Metal Provisioning (Ironic)
Ocata Support
Cloud Automation
Unified Networking (ACI 3.0)
Integration of Kubernetes network policies and ACI policies
Visibility
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
ACI SecurityAutomated Security with Built In Multi-Tenancy
Q4 CY2018
Micro-SegmentationDNS EPG, AD Based EPG (ACI 3.1)
ACI3.0
ContractsInheritance, Intra-EPG Contracts
Q4 CY2017
CertificationsFIPs and UC-APL CertifiedCommon Criteria (in progress)
ACI3.1
MACSEC Encryption APIC Centralized Key Management
ACI2.3
ACI-TrustSec IntegrationHigher Scale (15K)
ACI3.0
First Hop Security IP Source Guard, DHCP Guard, DHCP Snooping, etc.
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Scale Improvements
FEXUp to 650 / Fabric
Up to 20 / Leaf
Leafs Up to 400 Per Fabric
8 Border Leafs per L3 Out
Multicast GroupsUp to 8,000 (S,G) routes with Convergence of 5 seconds
Bridge DomainsUp to 21,000 (L2), 15,000 (L3)Up to 1750 Bridge Domains/VRF3967 VLANs per leaf3967 VLANs + BDs
EPGsUp to 15000
Up to 1k L3 EPGs/EX-Leaf4k L3 EPGs for one tenant
& one context250 Isolated EPGs
Other Up to 200 vCentersUp to 2,000 ContractsUp to 61k TCAM Rules 500 Service Graphs Per ClusterUp to 12 Pods in Multi-Pod
TenantsUp to 3000
Layer-350 VRFs Per Tenant , 1k Ips/MAC
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
ACI/NX-OSL4-7 Integrations: Interoperate and Extend Automation
Security EnforcementSecurity ManagementADC
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cloud Orchestration and ITSM
Cloud Automation and PaaSMonitoring NX-OS
Rich Ecosystem with Cisco ACI and NX-OS
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco ACI: App CenterProgrammable Infrastructure: Open APIs For Value Added Applications
Visually monitor externally routed interface states
And next hop add/delete
Monitoring and Troubleshooting
Analytics
Auto Provision ACI network by simply importing Tetration
ADM
Auto Provisioning
cTrac Fault Analytics Tetration
Intuitively analyze historical fault metrics and audit logs
with variety of filters
Infoblox v2.0
Connectors and Integrators
ECOSYSTEM Sample Apps
Improved UI with robust syncing. Configure and
provision new DHCP ranges from the App
30© 2017 Cisco and/or its affiliates. All rights reserved.
Cisco Tetration AnalyticsGet to a Secure Zero-Trust Model in an Application-Centric World
Cisco Tetration Analytics
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Rapid App Deployment
Continuous DevelopmentApplication Mobility
Micro Services
Policy Enforcement
Heterogeneous Network Secure Zero-TrustPolicy Compliance
Security Challenges in Modern Data CentersSecuring Applications Has Become Complex
Applications Are Driving Modern Datacenter Infrastructure
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Holistic Approach to Server Protection
Dynamic and heterogeneous environment
Traffic visibility, server process baseline, and analytics
Policy that enables application segmentation
Segmentation
Application controlusing whitelists
Advancedbehavior analysis
Break organizational siloes
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Ope
ratio
ns
Cisco Tetration Analytics Use Cases
Secu
rity
Cisco Tetration™
Visibility andforensics
Application insight
Policy
Neighborhood graphs
Application segmentation
Compliance
Policysimulation
Process inventory
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Tetration Analytics Architecture Overview
Software sensor and enforcement
Embedded network sensors
(telemetry only)
ERSPAN sensors(telemetry only)
Analytics engine
Web GUI REST API Event notification Cisco Tetration apps
Third-party sources
(configuration data)
Data collection layer
Access mechanism
Bring your own data
(streaming telemetry)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Tetration Analytics Data Sources
Main featuresü Low CPU overhead (SLA enforced)ü Low network overhead
ü New Enforcement point (software agents)ü Highly secure (code signed and authenticated)ü Every flow (no sampling) and no payload
*Note: No per-packet telemetry; not an enforcement point
Software sensors
Universal*(basic sensor for other OS)
Linux servers(virtual machine and bare metal)
Windows servers(virtual machines and bare metal)
Windows Desktop VM(virtual desktop infrastructure only)
Cisco Nexus 9300 EX
Cisco Nexus 9300 FX
Network sensorsNext-generation Cisco Nexus® Series Switches
Third-party sources
Asset tagging
Load balancers
IP address management
CMDB
…
Third-party data sourcesAvailable today
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• Dedicated virtual machines on each host with 4 software sensors in each virtual machine• Each sensor binds to a separate vNIC• ERSPAN terminates on the virtual machine vNIC• Each sensor terminates one ERSPAN session• Sensor generates telemetry based on the data-plane traffic• Horizontally scalable
Layer 3 connection
ERSPAN
Layer 3 switch
Cisco Tetration telemetry: ERSPAN option
Expanded telemetry collection option• Augment telemetry from other
parts of the network• Useful when software sensor
or hardware sensor is not feasible
Cisco Tetration™telemetry
Cisco Tetration™ Platform
Production network
Production network
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Application Dependency and Cluster Grouping
Bare-metal, VM,and switchtelemetry
Cisco Tetration Analytics™ platform
Unsupervised machine learning
Behavior analysis
On-premises and cloud workloads (AWS)
Bare-metal and VM telemetry
VM telemetry (AMI …)
BM VM
BMVM
VM BM
BMVM
BM
VM BM
VMVM
Bare metal and VM
BM VM VM BM
Brownfield
üüü ü
BM VM VM BM
üüü ü
Network-only sensors, host-only sensors, or both (preferred)
BM VM VM VM BM
Cisco Nexus® 9000 Series ü
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Application clusters conversation views Policy details
Application Conversation View
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Whitelist Policy Recommendation
Application discovery{
"src_name": "App","dst_name": "Web", "whitelist": [{ "port": [0, 0], "proto": 1, "action": "ALLOW"
}, { "port": [80, 80], "proto": 6, "action": "ALLOW"
}, { "port": [443, 443], "proto": 6, "action": "ALLOW"
}]
}
Whitelist policy recommendation(available in JSON, XML, and YAML)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Compliance, Policy Validation
All Flows are tracked 4 ways• Permitted, bidirectional flows
that match the policy• Misdropped, permitted traffic
where we have dropped a packet
• Escaped, bidirectional flows that are against the policy
• Rejected, uni-directional flows that are against the policy
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
User-Uploaded asset tags
• Discovered inventory• Uploaded inventory and metadata (32 arbitrary tags)• Inventory tracked in real time, along with historical trends
User-uploaded tags
Cisco Tetration Analytics™sensor feed
Real-time inventory merged withinformation with historical trends
Cisco Tetration Analytics
mergeoperation
VMware vCenter(virtual machine attributes)
AWS attributes(AWS tags)
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Segmentation Policy: Express Policies in Human Language
Development can’t talk to production
• Cisco Tetration™ knows who is production
• Cisco Tetration knows who is development
• Policies are continuously updated as applications change
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Tetration Application Segmentation Policy Recommendation
Cisco TetrationAnalytics™
Application workspaces
Applicationsegmentation
policy
Public cloud
Private cloud
On-premise
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Enforcement of Policy across any floor tile
Azure Amazon
Cisco Tetration Analytics™
1. Generates unique policy per workload
2. Pushes policy to all workloads
3. Workload securely enforces policy
4. Continuously recomputes policy from identity and classification changes
Enforcement
Compliance monitoring
VirtualBare metal Cisco ACITMPublic cloud Traditional network
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Policy-Related Notification
Cisco TetrationAnalytics™
Kafka broker
Northbound consumers
Northbound consumers
Message publish
Kafka
• Alerts every minutefor enforcement
• Policy complianceevent notifications
• Count of policy alertsuntil whitelisted
• Alerts when IP tables or firewall is flushed or disabled by user
• Alerts when enforcement sensor is disabled
• Publishes policy differences between versions
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Rule-Processing Order
• Application owners need some amount of autonomy to make application-level changes quickly
• Security and network teams need to control the global aspects of application interconnection and shared services
• Cisco Tetration™ flattens intent in a deterministic order, prioritizing intent of higher-authority users over intent of application owners
Security team rules
Network team rules
Application owner rules
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Rest API• Cisco Tetration flow search
• Sensor management
Push notification• Out-of-the-box events
• User-defined events
Cisco Tetration applications• Access to data lake
• Write your own application
Cisco Tetration Analytics Open API
Northbound application
Programmatic interface
Rest API
Kafka broker
Northbound consumers
Northbound consumers
Message publish
Cisco Tetration
Analytics™platform
Kafka
Cisco Tetration™applications
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Tetration: Bring your own data
Main featuresü Stream any JSON-based telemetry to a data sinkü Support up to 10 simultaneous streaming topics
ü Bring up to 5 GB of data per hour per streaming topicü Analyze and write your results through alerts or UI
Northbound consumers
Datasink
Public Cloud
Streaming JSON telemetry
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Tetration: User authentication
Cisco TetrationAnalytics™Users and application
owners and administrators Active Directory
integration for authentication
App 1, Role:Enforce
App 2, Role:Execute
App 3, Role: Read only
Windows ServerActive Directory
WordPress
SAP
Authentication• External AAA server integration• Authentication through Kerberos
or LDAP• Support for multiple domains• Default to local authentication
and authorization, ifnot configured
RBAC capabilities• Local users created
automatically when they log in• Administrator maps users to
specific roles and scopesfor authorization
• Administrator can set default role and scope for users without specific roles and scope mapping
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Tetration™ Cloud• Software deployed in AWS
• Suitable for deployments of less than 1000 workloads
• AWS instance ownedby customer
Cisco Tetration™ Platform (large form factor)• Suitable for deployments of more
than 5,000 workloads
• Built-in redundancy
• Scales to up to 25,000 workloads
Includes:• 36 x Cisco UCS® C220 servers• 3 x Cisco Nexus® 9300
platform switches
Cisco Tetration-M (small form factor)• Suitable for deployments of less
than 5,000 workloads
Includes:
• 6 x Cisco UCS C220 servers• 2 x Cisco Nexus 9300
platform switches
Tetration Analytics: Deployment Options
AmazonWeb Services
On-premises options Public cloud
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Tetration Analytics Ecosystem
Service visibility Layer 4-7 services integration
Security orchestration Service assurance
Insight exchange
Cisco Tetration Analytics™
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Open
In summary: Platform built for scale and flexibilityReal time and scalable Granular policy
enforcement Easy to use
• Every packet, every flow
• Application segmentation for 1000s of applications
• Long term data retention
• Consistent policy enforcement
• Identify policy deviations in near real-time
• Support for workload mobility
• One touch deployment
• Self monitoring
• Self diagnostics
• Standard web UI
• REST API (pull)
• Event notification (push)
• Tetration applications
C97-739634-00 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Data Center Reference Architecture
Cisco Prime services catalog
Cisco NexusCisco HyperFlexCisco UCSCisco MDSCisco AzureStack
Cisco Tetration AnalyticsCisco Security Portfolio
Cisco CloudCenterCisco TurbonomicsAppDynamicsCisco Tetration Analytics Cisco ACI
Cisco ACICisco DCNM Cisco IntersightCisco UCS-Director
Cisco Tetration AnalyticsAppDynamics
IT services consumption
multicloud
Private cloud/PaaS Integration
DC Infrastructure
Management and automation
SecurityAnalytics
ACI / Nexus
Tetration
Recommended