By Jesse Drake
UIT is in the process of adding a powerful new analytics platform, Cisco Tetration, as part of a two-phase strategy to convert the University of Utah's enterprise-wide data center services to an application-centric infrastructure (ACI) environment.
Tetration is an automated tool that uses machine learning and behavior analysis to collect telemetry data from Cisco and non-Cisco devices on the network — constantly crunching numbers behind the scenes.
"It's like a big DVR of everything that's happening on the network," said Network Manager Ray Carsey. "It doesn't record content, rather, it keeps track of all of the different traffic flows in a data center."
Sensors allow Tetration to monitor workloads running on hardware, virtual machines (VMs), or in a container, either on-premises or in the cloud.
"Tetration will give the university better insights into its enterprise-wide data center operations," said UIT Project Manager Kevin Buchan. "It collects a massive amount of operational information in real time."
This promises to deliver accurate and timely mapping of communication paths between devices.
"From the information it gathers, we can start analyzing how applications talk to other applications, if there is latency between devices, and then build associated security groups and policies," said Tim Urban, principal engineer in UIT's Network & Core. "Information is also fed back to application owners, which helps them see if traffic is being blocked that shouldn't be blocked and vice-versa."
A key piece to developing security rules with Tetration, Urban said, is application dependency mapping (ADM).
"Usually, in an enterprise organization, one application doesn't live by itself, it has to rely on a lot of different applications — perhaps a web server needs to talk to a database. That ADM run will start mapping that all out and diagram all the communication for us visually in a way that we can put that into policy," he said.
Another advantage of the Tetration platform is tied into the university's disaster recovery (DR) efforts. UIT is undertaking a project around architecting and building a DR presence at the Tonaquint Data Center (TDC) that focuses on payroll for campus. The TDC already houses the University of Utah Health DR site. Urban said Tetration agents have been installed at the TDC, and UIT is starting to analyze the traffic.
Additional aspects of the tool include forensics and the ability to auto-generate whitelisting policies based on application dependency (what's talking to what). Whitelisting, in this context, is the practice of giving only administrator-approved programs, and IP and email addresses, permission to communicate to a system. Whatever's not on the list is blocked. According to Cisco, Tetration is capable of enforcing tens of millions of whitelist policies across thousands of applications in a hybrid cloud data center.