Professional Documents
Culture Documents
Pervasive visibility of traffic across datacenter infrastructure and long term data retention for forensics and
analysis
Understand communication and dependencies for all applications within the datacenter
Get to a whitelist policy model, identify behavior deviation in real time, and perform forensics operations
The new Cisco Tetration Analytics platform is designed to address these challenges through rich traffic telemetry
collection and performing advanced analytics using algorithmic approach. This platform is designed to collect this
rich telemetry at line rate at datacenter scale. The algorithmic approach includes unsupervised machine-learning
techniques and behavioral analysis, to provide a turn-key solution. This solution is designed to:
Process millions of flows per second, apply intelligent algorithms and provide actionable insights in minutes
Capture and store hundreds of billions of telemetry records without aggregation to enable long term
forensics
Provide complete visibility into application components, its communications and dependencies to enable
implementation of zero-trust model within the network
Rich Cisco Tetration Telemetry is collected using what are called as sensors. There are two types of sensors in the
first release, hardware and software (host) sensors. With these two types of sensors, this solution is designed to
support both existing (brownfield) and new (greenfield) data center infrastructure.
2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 1 of 9
The Cisco Tetration Analytics platform has three main function layers:
Data collection layer: This layer consists primarily of lightweight sensors, which are the eyes and ears for
the analytics platform. Two types of sensors are used:
Software or Host sensors: These can be installed on any end host (virtualized or bare metal) servers.
Hardware sensors: These are embedded in Cisco Nexus 92160YC-X, Cisco Nexus 93180YC-EX and
Cisco Nexus 93108TC-EX Switches.
Rich Tetration telemetry that these sensors collect consists of three types of information:
Flow information: This information contains information about the end points, protocol, ports, when
the flow started, how long the flow was active, etc.,
Inter Packet Variations: This information captures what were the inter packet variations seen within
the flow. Examples include, variations in TTL, variations in IP/TCP flags, payload length, etc.,
Context details: Context information is derived outside of the packet header. In the case of software
sensor this includes details on the process, which process generated the flow, process IDs, user
associated with the process, etc.,
2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 2 of 9
Sensors do not process any information from payloads, and no sampling is performed. Sensors are designed to
monitor every packet and every flow. In addition to the sensors, this layer includes third-party sources, such as
load balancers, DNS server mappings, etc., to collect configuration information. This configuration data is used to
enrich the information provided by the analytics platform.
Analytics layer: Data from the sensors is sent to the Cisco Tetration Analytics platform, which is the brain
that performs all the analysis. This multiserver big data platform processes the information from these
sensors and uses both unsupervised and guided machine learning, behavior analysis, and intelligent
algorithms to provide turn-key experience for the following use cases:
Consistent whitelist policy recommendations for applications and monitor for compliance deviations in
minutes
Visualization layer: The Cisco Tetration Analytics platform enables consumption of this data through an
easy-to-navigate web GUI interface and through representation state transfer (REST) APIs. In addition, it
provides a notification interface to which northbound systems can subscribe to receive notifications about
traffic flows, policy compliance, etc.,
Hardware sensors provide buffer details, tunnel end point mappings and ability to detect traffic bursts
Figure 2.
2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 3 of 9
Initial sensor deployment happens through an existing automation method that you might have (Ansible, Puppet,
Chef, etc.,). Once the sensor is installed and connects to the Cisco Tetration Analytics platform all subsequent
management including upgrades can be done using Cisco Tetration Analytics GUI.
Feature
Benefit
Lightweight sensors
Combination of hardware and software sensors captures all east-west traffic eliminating
blind spots
Both software and hardware sensors reside outside the data path and do not affect
application performance.
Sensor traffic adds less than 1% of bandwidth overhead.
Rich telemetry enables application behavior based analytics and behavior deviations
Independent of encrypted or unencrypted payload
Flow context information in addition to packet header data enables better insight.
Search tens of billions of flows and get actionable insight in less than a second.
Perform faster troubleshooting and anomaly detection for more effective data center
operations.
Effectively identify application behavior deviation and better manage network policy
compliance.
Collect telemetry from every packet in the data center without any sampling.
Platform can Process millions of unique flows per second.
Long-term data retention supports forensics and analysis operations.
Works as an appliance with turn-key support for critical operational use cases
Unsupervised machine learning reduces the need for human interaction
Platform security
User access is controlled through role-based access control (RBAC) for both the GUI and
REST API.
Communication between different platform components is completely secured using a
built-in firewall.
Platform self-monitoring
Self-monitoring eliminates the need for extensive in-house big data expertise to
operationalize this platform.
Monitoring extends all the way to the sensors to enable easier operations.
Use an option to enable the Cisco Call Home function to report known error states.
Open interface
2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 4 of 9
Group endpoint hosts and application clusters together to create application views
Accurately understand the relationship of consumers and providers based on communication patterns
Organizations can also intelligently integrate information from third-party devices, such as load balancers, to
maintain an end-to-end view of application communications.
Figure 3.
2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 5 of 9
Using the Cisco Tetration Analytics platform, you can automatically generate whitelist policy recommendations
based on the actual communication between endpoints. Policy recommendations can be exported in three
programmatic formats: JSON, XML, and YAML. Policy can be imported into a policy-based controller such as the
Cisco Application Policy Infrastructure Controller (APIC) for enforcement and compliance (Figure 3).
Figure 4.
2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 6 of 9
Forensics and Flow Search from Cisco Tetration Analytics Web GUI
Platform Self-Monitoring
Cisco Tetration Analytics self-monitoring capabilities allow you to easily manage and operate this platform without
the need for any big data expertise. This capability extends all the way to the sensors to help guarantee SLAs.
Platform self-monitoring capabilities include:
2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 7 of 9
Table 3.
Product Line
Platform
Product Specifications
Tables 4 provides component specifications for the standard Cisco Tetration Analytics platform. Table 6 provides
power specifications.
Table 4.
Standard Cisco Tetration Analytics Platform consists of 36 servers and 3 switches. Three switches provide the full
CLOS network for the servers.
Platform Hardware
Quantity
16
12
Table 5.
Power Specifications
Property
Peak power for Cisco Tetration Analytics Platform (39-RU single-rack option)
22.5 kW
Peak power for Cisco Tetration Analytics Platform (39-RU dual-rack option)
Ordering Information
Table 6 provides hardware and software bundle SKUs for large and starter Cisco Tetration Analytics platform.
Table 6.
Part Number
Description
TA-CL-G1-39-K9
Cisco Tetration Analytics standard platform with 36 servers and 3 switches that will support processing Tetration
Telemetry collection up to 5,000 unique end points (Virtual Machines or Bare metal server) or up to 1 million unique flow
events/second which ever is lower.
Part Number
Description
TA-BASE-5K-K9=
Tetration Analytics software license PID for Tetration telemetry collection up to 5000 unique end points (Virtual
Machines or Bare metal server) or up to 1 million unique flow events/second which ever is lower.
2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 8 of 9
Printed in USA
2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
C78-737256-01
06/16
Page 9 of 9