SlideShare a Scribd company logo

Cisco UCS and Splunk Workshop

Download as PPTX, PDF
Robb Boyd
Robb Boyd

Operational Intelligence at Scale (UCS and Splunk). Listen and watch the replay...including the live demo: http://bit.ly/1S1POjO

Related slideshows

How to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in SplunkHow to Design, Build and Map IT and Business Services in Splunk
How to Design, Build and Map IT and Business Services in Splunk
 
Splunk @ Adobe
Splunk @ AdobeSplunk @ Adobe
Splunk @ Adobe
 
Taking Splunk to the Next Level - Management Breakout Session
Taking Splunk to the Next Level - Management Breakout SessionTaking Splunk to the Next Level - Management Breakout Session
Taking Splunk to the Next Level - Management Breakout Session
 
1 of 24
Cisco UCS and Splunk Workshop
Copyright © 2015 Splunk Inc. Cisco TechWiseTV Splunk
Agenda Introduction How Cisco IT Operations Uses Splunk Operational Intelligence Splunk quick overview Splunk on UCS 6.3 and results on UCS Splunk IT Ops Demo
Cisco’s Footprint with Splunk • 70+ Monitored Applications • 7+ Year Relationship • Across 7 Global Data Centers • Flexible infrastructure to accommodate new business needs
Applying Splunk to Cisco IT Requirements  Aggregated multiple siloed systems into Splunk  Monitoring 70+ Applications  846% increase of search volume per day in one year  Operational Intelligence in minutes rather than hours Cisco IT uses Splunk to index a broad range of system logs and machine data for networking devices, operating systems, unified communications, video events, and applications.  Proactive monitoring enables 50% reduction in high priority issues  80% reduction in operational costs  90% improvement in problem resolution & root cause analysis times  Improvements in system stability, availability and performance
Insights Across Cisco - Platform Business Unit Platform SPLUNK App Sources and Logs SYSLOG Windows Active Directory ACS Storage • Infra Structure • IT OPS • Security • Commerce • Sales & Marketing • Channels • Engineering • Webex • CCIX (web + app) • FTP • RAC DB • WSG • PING • OBIEE • ACE • Splunk on Splunk • Deployment Monitor • UCS App • JMX App • Unix App • NetApp App • Network • Linux / Unix • UCS • VMWare ESXi • Datacenter battery / temperature logs • Pre-Prod Event Logs • Production Event Logs • Event Logs • Event Logs • AAA Logs • ISE Logs • Event Logs Search Heads Indexers Storage Data Center • 16 VMs (64 core X 32 GB) • 20 VMs (16 core X 16 GB) • 70 + Unique Indexes • 56 TB SAN – Hot & Warm • 28 TB NAS - Cold • Prod: RCDN – 8 SH & 10 Indexers • Prod: ALLEN – 8 SH & 10 Indexers • Dev: RTP – 4 SH & 2 indexers
10 Indexers 16 Search Heads 47 Search Heads 20 Indexers Daily Indexing ~ 2TB 2014 2014 2015 2015 2015 Cisco’s IT Operations Evolving with Splunk Daily Indexing 300G 2010
Splunk Activity – Daily Average 1. Interactive Searches = 55K+ 2. Scheduled Searches = 45K+ 3. Total Searches = 100K+ 4. Number of Users = 180+
Cisco UCS and Splunk Workshop
Cisco UCS and Splunk Workshop
Replacing Legacy SIEM at Cisco CSIRT Enter Splunk: Flexible SIEM and empowered team – Easy to index any type of machine data from any source – Over 60 users doing investigations, correlations, reporting, advanced threat detection – All the data + flexible searches and reporting = empowered team – 2TB/day and searches take less than a minute. 7 global data centers with 350TB stored data – Flashback Malware Example – Estimate Splunk is 25% the cost of a traditional SIEM
33 percent reduction in the time required to conduct security investigations All security data is readily available in a single, centralized portal for faster and simpler access Ability to automate routine tasks and search log data allows CSIRT analysts to work more effectively Substantially easier correlation allows for more thorough investigations Heading Cisco Security Analytics Results
240+ security apps & add-onsSplunk app for Enterprise Security Splunk Apps for Cisco Environments Cisco ASA NetFlow Logic OSSEC Cisco WSA Cisco ESA Cisco ISE Sourcefire Active Directory Cisco Security Suite MobileIron Bit9 ETD Norse Darklist 600+ apps/add-ons Cisco ACI, IOS, Nexus 9000 Cisco UCS VMware NetApp Servicenow UNIX/Linux
Splunk App for Cisco UCS NEW AND IMPROVED as of May 2015 Aggregates, monitors, trends and analyzes all relevant data from Cisco UCS Manager instances Enables proactive capacity and performance monitoring/ management, fault trending, power and cooling, and more Works with other Splunk add-ons and data sources (including Enterprise Security and PCI Compliance add-ons) to aggregate and correlate data across your enterprise 14 Applications Operating Systems Hypervisors UCS server, storage, network
COLLECT DATA FROM ANYWHERE SEARCH AND ANALYZE EVERYTHING GAIN REAL-TIME OPERATIONAL INTELLIGENCE The Power of Splunk 15 Making machine data accessible, usable and valuable to everyone.
Turning Machine Data Into Business Value Index Data: Any Source, Type, Volume Online Services Web Services Servers Security GPS Location Storage Desktops Networks Packaged Applications Custom Applications Messaging Telecoms Online Shopping Cart Web Clickstreams Databases Call Detail Records Smartphones and Devices RFID On- Premises Private Cloud Public Cloud Ask Any Question Application Delivery Security, Compliance, and Fraud IT Operations Business Analytics Industrial Data and the Internet of Things Developer Platform Report & analyze Custom dashboards Monitor & alert Ad hoc search
17 Splunk Enterprise 6.3 Breakthrough Performance & Scale Doubles performance and lowers TCO Meeting the needs of the most demanding organizations Advanced Analysis & Visualization High Volume Event Collection Enterprise-Scale Platform Supports DevOps and IoT data analysis at scale Simplifies analysis of large datasets Enterprise management and integration
Breakthrough Performance, Scale, TCO 18 Search Performance Indexing Speed Intelligent Scheduling 25%+ Capacity Gain 2X Execution Speed 2-4X Data Rate Vertical scaling maximizes use of CPU power Total System Capacity 20-50% Increase Improve speed of searches & reports Onboard & analyze larger datasets Optimize resource utilization Reduce TCO by 20% or more Comparisons to Splunk Enterprise 6.2
19 UCS 6200 Series Fabric Interconnect UCS Manager 16 Servers Per Rack • UCS Domain (160 Servers (with FEX) • 80 Servers direct connect) • Manage by UCS Manager • Up to 11.2 PB storage • Multiple UCS Domains • Interconnect using Nexus 7000/9000 • Scalable to 1000s of servers • Centrally manage by UCS Central Simple Scalability w/ Performance at Scale
Horizontal Scaling with UCS • Scalable, componentized architecture • Additional systems can: • Grow data capacity • Increase search capacity & performance • Provide HA and DR • Takes advantage of: • Cisco Validated Design • Cisco Reference Architecture • Cisco UCS Service Profiles 20
Vertical Scaling with UCS • Task parallelization software design • Additional CPU capacity/system • Improve search performance • Grow data onboarding speed and capacity • Takes advantage of: • Cisco UCS CPU capacity • Cisco UCS system architecture 21
Splunk – Cisco UCS Benchmark Preview 22
SplunkBase app resources Cisco’s Big Data Design Hub features Cisco Validated Designs (CVDs) and other architectural docs Big Data Applications Hub features reference architectures, solution briefs, infrastructure, automation, etc. Learn More About Splunk on Cisco UCS!
Thank You for Attending For TechWiseTV episodes, TechWiseTV Workshops, Fundamentals and Networking 101’s visit http://www.Cisco.com/go/TechWiseTV.com. https://www.facebook.com/techwise https://twitter.com/techwisetv

More Related Content

Cisco UCS and Splunk Workshop

  • 2. Copyright © 2015 Splunk Inc. Cisco TechWiseTV Splunk
  • 3. Agenda Introduction How Cisco IT Operations Uses Splunk Operational Intelligence Splunk quick overview Splunk on UCS 6.3 and results on UCS Splunk IT Ops Demo
  • 4. Cisco’s Footprint with Splunk • 70+ Monitored Applications • 7+ Year Relationship • Across 7 Global Data Centers • Flexible infrastructure to accommodate new business needs
  • 5. Applying Splunk to Cisco IT Requirements  Aggregated multiple siloed systems into Splunk  Monitoring 70+ Applications  846% increase of search volume per day in one year  Operational Intelligence in minutes rather than hours Cisco IT uses Splunk to index a broad range of system logs and machine data for networking devices, operating systems, unified communications, video events, and applications.  Proactive monitoring enables 50% reduction in high priority issues  80% reduction in operational costs  90% improvement in problem resolution & root cause analysis times  Improvements in system stability, availability and performance
  • 6. Insights Across Cisco - Platform Business Unit Platform SPLUNK App Sources and Logs SYSLOG Windows Active Directory ACS Storage • Infra Structure • IT OPS • Security • Commerce • Sales & Marketing • Channels • Engineering • Webex • CCIX (web + app) • FTP • RAC DB • WSG • PING • OBIEE • ACE • Splunk on Splunk • Deployment Monitor • UCS App • JMX App • Unix App • NetApp App • Network • Linux / Unix • UCS • VMWare ESXi • Datacenter battery / temperature logs • Pre-Prod Event Logs • Production Event Logs • Event Logs • Event Logs • AAA Logs • ISE Logs • Event Logs Search Heads Indexers Storage Data Center • 16 VMs (64 core X 32 GB) • 20 VMs (16 core X 16 GB) • 70 + Unique Indexes • 56 TB SAN – Hot & Warm • 28 TB NAS - Cold • Prod: RCDN – 8 SH & 10 Indexers • Prod: ALLEN – 8 SH & 10 Indexers • Dev: RTP – 4 SH & 2 indexers
  • 7. 10 Indexers 16 Search Heads 47 Search Heads 20 Indexers Daily Indexing ~ 2TB 2014 2014 2015 2015 2015 Cisco’s IT Operations Evolving with Splunk Daily Indexing 300G 2010
  • 8. Splunk Activity – Daily Average 1. Interactive Searches = 55K+ 2. Scheduled Searches = 45K+ 3. Total Searches = 100K+ 4. Number of Users = 180+
  • 11. Replacing Legacy SIEM at Cisco CSIRT Enter Splunk: Flexible SIEM and empowered team – Easy to index any type of machine data from any source – Over 60 users doing investigations, correlations, reporting, advanced threat detection – All the data + flexible searches and reporting = empowered team – 2TB/day and searches take less than a minute. 7 global data centers with 350TB stored data – Flashback Malware Example – Estimate Splunk is 25% the cost of a traditional SIEM
  • 12. 33 percent reduction in the time required to conduct security investigations All security data is readily available in a single, centralized portal for faster and simpler access Ability to automate routine tasks and search log data allows CSIRT analysts to work more effectively Substantially easier correlation allows for more thorough investigations Heading Cisco Security Analytics Results
  • 13. 240+ security apps & add-onsSplunk app for Enterprise Security Splunk Apps for Cisco Environments Cisco ASA NetFlow Logic OSSEC Cisco WSA Cisco ESA Cisco ISE Sourcefire Active Directory Cisco Security Suite MobileIron Bit9 ETD Norse Darklist 600+ apps/add-ons Cisco ACI, IOS, Nexus 9000 Cisco UCS VMware NetApp Servicenow UNIX/Linux
  • 14. Splunk App for Cisco UCS NEW AND IMPROVED as of May 2015 Aggregates, monitors, trends and analyzes all relevant data from Cisco UCS Manager instances Enables proactive capacity and performance monitoring/ management, fault trending, power and cooling, and more Works with other Splunk add-ons and data sources (including Enterprise Security and PCI Compliance add-ons) to aggregate and correlate data across your enterprise 14 Applications Operating Systems Hypervisors UCS server, storage, network
  • 15. COLLECT DATA FROM ANYWHERE SEARCH AND ANALYZE EVERYTHING GAIN REAL-TIME OPERATIONAL INTELLIGENCE The Power of Splunk 15 Making machine data accessible, usable and valuable to everyone.
  • 16. Turning Machine Data Into Business Value Index Data: Any Source, Type, Volume Online Services Web Services Servers Security GPS Location Storage Desktops Networks Packaged Applications Custom Applications Messaging Telecoms Online Shopping Cart Web Clickstreams Databases Call Detail Records Smartphones and Devices RFID On- Premises Private Cloud Public Cloud Ask Any Question Application Delivery Security, Compliance, and Fraud IT Operations Business Analytics Industrial Data and the Internet of Things Developer Platform Report & analyze Custom dashboards Monitor & alert Ad hoc search
  • 17. 17 Splunk Enterprise 6.3 Breakthrough Performance & Scale Doubles performance and lowers TCO Meeting the needs of the most demanding organizations Advanced Analysis & Visualization High Volume Event Collection Enterprise-Scale Platform Supports DevOps and IoT data analysis at scale Simplifies analysis of large datasets Enterprise management and integration
  • 18. Breakthrough Performance, Scale, TCO 18 Search Performance Indexing Speed Intelligent Scheduling 25%+ Capacity Gain 2X Execution Speed 2-4X Data Rate Vertical scaling maximizes use of CPU power Total System Capacity 20-50% Increase Improve speed of searches & reports Onboard & analyze larger datasets Optimize resource utilization Reduce TCO by 20% or more Comparisons to Splunk Enterprise 6.2
  • 19. 19 UCS 6200 Series Fabric Interconnect UCS Manager 16 Servers Per Rack • UCS Domain (160 Servers (with FEX) • 80 Servers direct connect) • Manage by UCS Manager • Up to 11.2 PB storage • Multiple UCS Domains • Interconnect using Nexus 7000/9000 • Scalable to 1000s of servers • Centrally manage by UCS Central Simple Scalability w/ Performance at Scale
  • 20. Horizontal Scaling with UCS • Scalable, componentized architecture • Additional systems can: • Grow data capacity • Increase search capacity & performance • Provide HA and DR • Takes advantage of: • Cisco Validated Design • Cisco Reference Architecture • Cisco UCS Service Profiles 20
  • 21. Vertical Scaling with UCS • Task parallelization software design • Additional CPU capacity/system • Improve search performance • Grow data onboarding speed and capacity • Takes advantage of: • Cisco UCS CPU capacity • Cisco UCS system architecture 21
  • 22. Splunk – Cisco UCS Benchmark Preview 22
  • 23. SplunkBase app resources Cisco’s Big Data Design Hub features Cisco Validated Designs (CVDs) and other architectural docs Big Data Applications Hub features reference architectures, solution briefs, infrastructure, automation, etc. Learn More About Splunk on Cisco UCS!
  • 24. Thank You for Attending For TechWiseTV episodes, TechWiseTV Workshops, Fundamentals and Networking 101’s visit http://www.Cisco.com/go/TechWiseTV.com. https://www.facebook.com/techwise https://twitter.com/techwisetv