Cisco Cisco Tetration Analytics G1 Data Sheet
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 3 of 10
◦
Automated grouping of similar endpoints (webserver clusters, database clusters, etc.)
◦
Consistent whitelist policy recommendations for applications and monitoring for compliance deviations in
minutes
◦
Policy impact analysis to test policies before enforcing them in the network
◦
Long-term data retention for historical analysis without loss of data detail
◦
In-depth forensics analysis using natural-language searches and visual queries
●
Visualization layer: The Cisco Tetration Analytics platform enables consumption of all this data through an
easy-to-navigate web GUI and through representational state transfer (REST) APIs. In addition, it provides
a notification interface to which northbound systems can subscribe to receive notifications about traffic
flows, policy compliance, etc.
Sensor Deployment and Management
The Cisco Tetration Analytics platform can work with software sensors only or with hardware sensors only.
However, the better approach is to have both hardware and software sensors enabled wherever possible
(Figure 2):
●
Software sensors provide the process-related context details
●
Hardware sensors provide buffer details and tunnel endpoint mappings and can detect traffic bursts
●
The use of both sensor types provides accurate measurement of both network and application latency
●
The use of both sensor types lets you identify packet drops within a flow and their causes
Figure 2. Cisco Tetration Telemetry Hardware Sensors and Software Sensors
Initial sensor deployment occurs through an existing automation method that you might have: Ansible, Puppet,
Chef, etc. After the sensor is installed and connected to the Cisco Tetration Analytics platform, all subsequent
management, including upgrades, can be performed using the Cisco Tetration Analytics GUI.
If the software sensor service-level agreements (SLAs) are set to too low, or if the traffic volume on the server is
too high, the sensor will selectively miss opportunities to inspect every packet in order to comply with the SLAs.
These missed opportunities are logged and displayed in the administration user interface. Hardware sensors in the
switch have a finite flow cache capacity. If the traffic volume is too high, or if there are a large number of short-lived
flows, the flow cache capacity will limit the number of packets that are inspected.