Data Sheet

Cisco Tetration Analytics

The Cisco Tetration Analytics platform enables efficient datacenter operations by
providing pervasive visibility, behavior based application insight and migration to a
zero-trust model.
Product Overview
Modern data centers are dynamic, with virtualization, containerized, and workload mobility technologies requiring
rapid application deployment, and with constantly changing communication patterns between application
components. Because of these technology advancements, 76% of datacenter traffic is east-west. In addition,
todays data centers demand a hyper-available network with no scheduled downtime. This dynamic environment
contributes to three main challenges:

Pervasive visibility of traffic across datacenter infrastructure and long term data retention for forensics and
analysis

Understand communication and dependencies for all applications within the datacenter

Get to a whitelist policy model, identify behavior deviation in real time, and perform forensics operations

The new Cisco Tetration Analytics platform is designed to address these challenges through rich traffic telemetry
collection and performing advanced analytics using algorithmic approach. This platform is designed to collect this
rich telemetry at line rate at datacenter scale. The algorithmic approach includes unsupervised machine-learning
techniques and behavioral analysis, to provide a turn-key solution. This solution is designed to:

Process millions of flows per second, apply intelligent algorithms and provide actionable insights in minutes

Capture and store hundreds of billions of telemetry records without aggregation to enable long term
forensics

Provide complete visibility into application components, its communications and dependencies to enable
implementation of zero-trust model within the network

Rich Cisco Tetration Telemetry is collected using what are called as sensors. There are two types of sensors in the
first release, hardware and software (host) sensors. With these two types of sensors, this solution is designed to
support both existing (brownfield) and new (greenfield) data center infrastructure.

2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.

Page 1 of 9

Figure 1 shows the high-level architecture of Cisco Tetration Analytics platform.

Figure 1.

Cisco Tetration Analytics Platform Architecture

The Cisco Tetration Analytics platform has three main function layers:

Data collection layer: This layer consists primarily of lightweight sensors, which are the eyes and ears for
the analytics platform. Two types of sensors are used:

Software or Host sensors: These can be installed on any end host (virtualized or bare metal) servers.
Hardware sensors: These are embedded in Cisco Nexus 92160YC-X, Cisco Nexus 93180YC-EX and
Cisco Nexus 93108TC-EX Switches.
Rich Tetration telemetry that these sensors collect consists of three types of information:

Flow information: This information contains information about the end points, protocol, ports, when
the flow started, how long the flow was active, etc.,

Inter Packet Variations: This information captures what were the inter packet variations seen within
the flow. Examples include, variations in TTL, variations in IP/TCP flags, payload length, etc.,

Context details: Context information is derived outside of the packet header. In the case of software
sensor this includes details on the process, which process generated the flow, process IDs, user
associated with the process, etc.,

2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.

Page 2 of 9

Sensors do not process any information from payloads, and no sampling is performed. Sensors are designed to
monitor every packet and every flow. In addition to the sensors, this layer includes third-party sources, such as
load balancers, DNS server mappings, etc., to collect configuration information. This configuration data is used to
enrich the information provided by the analytics platform.

Analytics layer: Data from the sensors is sent to the Cisco Tetration Analytics platform, which is the brain
that performs all the analysis. This multiserver big data platform processes the information from these
sensors and uses both unsupervised and guided machine learning, behavior analysis, and intelligent
algorithms to provide turn-key experience for the following use cases:

Pervasive visibility in real time across your datacenter infrastructure

Accurate insight into application component communications based on its behavior
Automated Grouping of similar end points together (example: webserver clusters, database clusters,
etc.,)

Consistent whitelist policy recommendations for applications and monitor for compliance deviations in
minutes

Policy Impact analysis to test the it before enforcing it in the network

Long term data retention for historical analysis without loss of granularity
In-depth forensics using natural language search and visual queries

Visualization layer: The Cisco Tetration Analytics platform enables consumption of this data through an
easy-to-navigate web GUI interface and through representation state transfer (REST) APIs. In addition, it
provides a notification interface to which northbound systems can subscribe to receive notifications about
traffic flows, policy compliance, etc.,

Sensor Deployment and Management

Cisco Tetration Analytics Platform is designed to work with software sensors only or hardware sensors only. It is
preferable to have both hardware and software sensors enabled where ever possible because

Software sensors provide the process related context details

Hardware sensors provide buffer details, tunnel end point mappings and ability to detect traffic bursts

Accurate measurements for network latency and application latency

Identify packet drops within a flow and cause for it

Figure 2.

Cisco Tetration Telemetry Hardware Sensor vs Software Sensors

2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.

Page 3 of 9

Initial sensor deployment happens through an existing automation method that you might have (Ansible, Puppet,
Chef, etc.,). Once the sensor is installed and connects to the Cisco Tetration Analytics platform all subsequent
management including upgrades can be done using Cisco Tetration Analytics GUI.

Features and Benefits

Table 1 lists the main features and benefits of the Cisco Tetration Analytics platform.
Table 1.

Main Features and Benefits

Feature

Benefit

Lightweight sensors

Combination of hardware and software sensors captures all east-west traffic eliminating
blind spots
Both software and hardware sensors reside outside the data path and do not affect
application performance.
Sensor traffic adds less than 1% of bandwidth overhead.

Comprehensive telemetry information

Rich telemetry enables application behavior based analytics and behavior deviations
Independent of encrypted or unencrypted payload
Flow context information in addition to packet header data enables better insight.

Real-time flow visibility

Search tens of billions of flows and get actionable insight in less than a second.
Perform faster troubleshooting and anomaly detection for more effective data center
operations.
Effectively identify application behavior deviation and better manage network policy
compliance.

Support for data center scalability

Collect telemetry from every packet in the data center without any sampling.
Platform can Process millions of unique flows per second.
Long-term data retention supports forensics and analysis operations.

Ease of deployment and use

Works as an appliance with turn-key support for critical operational use cases
Unsupervised machine learning reduces the need for human interaction

Platform security

User access is controlled through role-based access control (RBAC) for both the GUI and
REST API.
Communication between different platform components is completely secured using a
built-in firewall.

Platform self-monitoring

Self-monitoring eliminates the need for extensive in-house big data expertise to
operationalize this platform.
Monitoring extends all the way to the sensors to enable easier operations.
Use an option to enable the Cisco Call Home function to report known error states.

Open interface

Use the open REST API for northbound system integration.

Use the notification mechanism to more easily monitor compliance-based events and
detect anomalies.

Data Center Use Cases

Cisco Tetration Analytics features and functions support the following critical use cases for data center security and
operations:

Application visibility and insight into application component communication

Automated whitelist policy recommendations and impact analysis

Policy compliance and auditability

Complete flow visualization, exploration and forensics

2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.

Page 4 of 9

Cisco Tetration AppInsight

You need to understand the application components and its dependencies within the data center to successfully
operate and migrate applications, perform disaster recovery planning, and enforce data center policy. The Cisco
Tetration AppInsight feature uses real-time data from communication between application components and
behavior-analysis algorithms to identify application groups and their communications patterns and service
dependencies (Figure 2). This Application Insight function allows users and administrators to:

Group endpoint hosts and application clusters together to create application views

Accurately understand the relationship of consumers and providers based on communication patterns

Understand the service dependencies for each component

Associate labels and tags with endpoints for easy understanding

Organizations can also intelligently integrate information from third-party devices, such as load balancers, to
maintain an end-to-end view of application communications.
Figure 3.

Cisco Tetration AppInsight Map in Web GUI

Automated Whitelist Policy Generation and Compliance

Organizations need to be able to automatically generate a reliable whitelist policy model and update it in nearly real
time as applications evolve. This capability enhances security, helping enforce consistent policy across different
environments, including workloads running in the cloud, and enabling easier identification of anomalies.

2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.

Page 5 of 9

Using the Cisco Tetration Analytics platform, you can automatically generate whitelist policy recommendations
based on the actual communication between endpoints. Policy recommendations can be exported in three
programmatic formats: JSON, XML, and YAML. Policy can be imported into a policy-based controller such as the
Cisco Application Policy Infrastructure Controller (APIC) for enforcement and compliance (Figure 3).
Figure 4.

Automated Whitelist Policy Export

Policy Simulation and Impact Analysis

Using a Cisco Tetration Analytics platform, an administrator can simulate the whitelist policy and assess its impact
before applying it in the production network. This impact analysis can be performed using historical data or realtime data without affecting the production traffic. This capability enables the administrator to see how this whitelist
policy would affect actual traffic flowing through the network. Also, the administrator can immediately see which
flows will be classified as compliant or noncompliant or dropped (Figure 4). The administrator can use this
simulation and analysis to fine-tune the application mapping and regenerate the whitelist policy to accurately reflect
the application behavior.
Figure 5.

Policy Compliance View in the Cisco Tetration Analytics Platform

2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.

Page 6 of 9

Flow Visualization and Exploration

The Cisco Tetration Analytics platform can be your search engine for all the flows in your data center. The search
capability provided by the platform is uniquely powerful, allowing the user to search tens of billions of flow records
in less than a second, and allowing rich natural-language and visual-based search queries to find details that are
critical to data center operations. This search capability allows you to find not only any known issues, but also
abnormal behaviors that may otherwise go unnoticed (Figure 5).
Figure 6.

Forensics and Flow Search from Cisco Tetration Analytics Web GUI

Platform Self-Monitoring
Cisco Tetration Analytics self-monitoring capabilities allow you to easily manage and operate this platform without
the need for any big data expertise. This capability extends all the way to the sensors to help guarantee SLAs.
Platform self-monitoring capabilities include:

Monitoring of platform pipeline flows and delays

Monitoring of the status and health of individual platform components

Sensor health, CPU, and bandwidth monitoring

Optional Call Home feature for known errors

Platform Support and Compatibility

Tables 2 and 3 provide software and hardware support and compatibility information for the Cisco Tetration
Analytics platform.
Table 2.
Server Mode

Software Sensors and Operating Systems Supported

Operating System

Virtual machines and bare-metal Linux

servers

Microsoft Windows Server

2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.

Distribution and Release

Red Hat Enterprise Server Release 5.3 and later

Red Hat Enterprise Server Release 6.0
CentOS Release 5.11 and later
CentOS Release 6.0
Ubuntu Release 12.04, 14.04, and 14.10

Microsoft Windows Server 2008 Standard, Enterprise,

Essentials, and Datacenter Editions
Microsoft Windows Server 2008 R2 Standard,
Enterprise, Essentials, and Datacenter Editions
Microsoft Windows Server 2012 Standard, Enterprise,
Essentials, and Datacenter Editions
Microsoft Windows Server 2012 R2 Standard,
Enterprise, Essentials, and Datacenter Editions

Page 7 of 9

Table 3.

Hardware Sensors Supported

Product Line

Platform

Cisco NX-OS Software Release

Cisco Nexus 9000 Series

Switches

Cisco Nexus 92160YC-X

NX-OS Release 7.0(3)I3(1) and later

Cisco Nexus 93180YC-EX and Cisco Nexus 93108TC-EX

NX-OS Release 7.0(3)I4(2) and later

Product Specifications
Tables 4 provides component specifications for the standard Cisco Tetration Analytics platform. Table 6 provides
power specifications.
Table 4.

Cisco Tetration Analytics Platform

Standard Cisco Tetration Analytics Platform consists of 36 servers and 3 switches. Three switches provide the full
CLOS network for the servers.
Platform Hardware

Quantity

Cisco Tetration Analytics computing nodes (servers)

16

Cisco Tetration Analytics base nodes (servers)

12

Cisco Tetration Analytics serving nodes (servers)

Cisco Nexus 9372PX Switches

Table 5.

Power Specifications

Property

Cisco Tetration Analytics Platform

Peak power for Cisco Tetration Analytics Platform (39-RU single-rack option)

22.5 kW

Peak power for Cisco Tetration Analytics Platform (39-RU dual-rack option)

11.25 kW per rack (22.5 KW Total)

Ordering Information
Table 6 provides hardware and software bundle SKUs for large and starter Cisco Tetration Analytics platform.
Table 6.

Ordering Information: Hardware Bundles

Part Number

Description

TA-CL-G1-39-K9

Cisco Tetration Analytics standard platform with 36 servers and 3 switches that will support processing Tetration
Telemetry collection up to 5,000 unique end points (Virtual Machines or Bare metal server) or up to 1 million unique flow
events/second which ever is lower.

Table 7 provides software license SKUs for individual endpoints.

Table 7.

Ordering Information: Software license for Unique Endpoints

Part Number

Description

TA-BASE-5K-K9=

Tetration Analytics software license PID for Tetration telemetry collection up to 5000 unique end points (Virtual
Machines or Bare metal server) or up to 1 million unique flow events/second which ever is lower.

2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.

Page 8 of 9

Put Cisco Expertise to Work to Accelerate Success

Cisco provides professional and support services to help organizations get the most value from the Cisco Tetration
Analytics platform. Cisco Services experts help integrate the platform into your production data center environment,
define use cases relevant to your business objectives, tune machine learning, and validate policies and compliance
to improve application and operation performance. Cisco Solution Support for Cisco Tetration Analytics provides
hardware, software, and solution-level support. One annual contract covers all support needs. With Cisco Tetration
Analytics Services expertise, you experience faster time to value, comprehensive adoption in your environment,
optimized policies and application performance, and solution wide support.

Cisco Capital Financing to Help You Achieve Your Objectives

Cisco Capital financing can help you acquire the technology you need to achieve your objectives and stay
competitive. We can help you reduce capital expenditures (CapEx), accelerate your growth, and optimize your
investment dollars and ROI. Cisco Capital financing gives you flexibility in acquiring hardware, software, services,
and complementary third-party equipment. And theres just one predictable payment. Cisco Capital financing is
available in more than 100 countries. Learn more.

For More Information

For more information about the Cisco Tetration Analytics platform, please visit http://www.cisco.com/go/tetration or
contact your local Cisco account representative.

Printed in USA

2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.

C78-737256-01

06/16

Page 9 of 9