Cisco Cisco Tetration Analytics G1 Libro blanco
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 1 of 12
White Paper
Cisco Tetration: Simulate, Test, and Verify Network
Policy in Nearly Real Time
Policy in Nearly Real Time
What You Will Learn
Application, Security and Infrastructure architects are faced with two significant but interdependent challenges. The
need to increase the speed of of application deployment and associated infrastructure changes as well as the need
to protect those applications and the associated business data against a rapidly evolving set of security threats.
In response to these two large scale changes, infrastructure architects are moving to intent based cloud
architectures where business and application policy is clearly defined in a logical manner and then implemented on
some combination of on or off-premise infrastructure. The use of a formal logical description of the business and
application security policy allows application, security and network administrators to focus on building and
maintaining the governance rules and policies required by the business and let the infrastructure tools implement
the detailed configuration of the various devices.
While multiple mechanisms ranging from configuration management tools such as Puppet, Ansible, Chef, and IaaS
platforms such as Openstack and finally through to the fuller featured cloud and application programmable
interface (API) driven platforms such as Amazon Web Services or Cisco
®
Application Centric Infrastructure are
being used to help with this transition a key question remains:
How do you verify that the configuration of the infrastructure which has been performed by an automation system
(or prior to automation, through manual processes) truly represents the intent defined at the logical layer? Is
network traffic being forwarded correctly according to policy? Have application components been correctly
deployed together? Are security rules being programmed and obeyed? How do you migrate or make changes to
new or existing policy?
While this problem is not a new one in the modern datacenter, with its rapid rates of change and need for much
tighter security, without advancements offered by a modern machine learning and analytics platform, questions like
these are almost impossible to answer.
In this paper, you will learn:
●
Why policy compliance is critical to a responsive and secure data center
●
The importance of baselining applications
●
How Cisco Tetration Analytics
™
application insight is used to generate a policy baseline
●
How what-if simulations can help you model and test:
◦
Migration of applications locally, remotely, and to the cloud
◦
New policy adjustments
◦
Movement to whitelist-based security enforcement
◦
Migration to the Cisco
®
Application Centric Infrastructure (Cisco ACI
™
) platform