Earlier this year, we introduced the Cisco Telemetry Broker (CTB) and showed customers how it can free their telemetry from proprietary protocols and allow them to use the tools and solutions they already have in place to coexist seamlessly. Today, we would like to introduce you all to the notion of the Intelligent Telemetry Plane. Products in the market today like the UDP Director (UDPD) and all its competitors are effectively single box solutions that take in telemetry such as Netflow and Syslog, apply some rules to it and send it out to the manually configured destinations.
With the Cisco Telemetry Broker, we are laying the foundation of a much larger vision. We treat all telemetry in a holistic, enterprise-wide manner and not just as separate streams of data that need to be individually routed. So, while UDPD was deployed as individual telemetry brokers, CTB is deployed as set of broker nodes that work in tandem to satisfy the telemetry requirements of an organization.
Cisco Telemetry Broker enables the next-generation Intelligent Telemetry Plane by giving customers the features and outcomes they desire most:
The figure above shows how a single telemetry broker traditionally operates compared to an Intelligent Telemetry Plane that treats telemetry in a globally holistic manner.
Let’s take a closer look at each of these aspects in more detail.
The Intelligent Telemetry Plane gives incredible control over the management of all telemetry in the network. Features include:
With the Intelligent Telemetry Plane, the goal is to ensure that all telemetry can be delivered from any source to any destination in the desired format. We have added several features to ensure that the telemetry plane is always operating reliably.
All of this is now possible at performance levels never seen before because the Cisco Telemetry Broker nodes have been purposefully designed to operate on telemetry. Furthermore, the Cisco Telemetry Broker architecture can scale seamlessly both horizontally and vertically.
High Availability is an absolute requirement of the Intelligent Telemetry Plane. Nodes can fail and connections can get severed for a variety of reasons. We have implemented a robust set of features to handle failures. With Cisco Telemetry Broker, you can setup multiple clusters consisting of two or more broker nodes and assign various resources to them (for example a virtual IP). There is always one Active node for a resource and the remaining nodes in that cluster are in hot standby, ready to take over instantly if the Active node happens to fail.
Additional features are being planned like operating in Active/Active mode as well as automatically balancing cluster resources (for example, if you assign both a virtual IPv4 and a virtual IPv6 address, the cluster automatically assigns them to different active nodes).
Even when it comes to upgrading the Cisco Telemetry Broker infrastructure, nodes are upgraded in a sequential manner making judicious use of failover such that downtime is completely eliminated.
As we build out the availability capabilities, the goal is for Cisco Telemetry Broker to intelligently manage processing resources as well. For example, if a node in a cluster is heavily over-worked, Cisco Telemetry Broker can shunt traffic to other nodes in the cluster and perform the brokering, filtering, and transformation operations there.
With Cisco Telemetry Broker as the foundation of the Intelligent Telemetry Plane, we give you unprecedented visibility into telemetry in the network. We are just scratching the surface on the visibility feature set. Today we give you end-to-end visibility into telemetry flows, everything from how much telemetry is being generated from each source to where it is going. We have added the ability to classify most telemetry automatically (in a port agnostic manner) so that you know what are all the different telemetry types that are present in the network. And we monitor everything that can be monitored from a health perspective.
We have made sure that the architecture of the Intelligent Telemetry Plane is extensible as we add more features and functionality. The Cisco Telemetry Broker architecture is a very modern one and can easily be extended to add new forms of telemetry for both ingest and egest, customizable transforms and filters, support for Model Driven Telemetry (which is the gaining traction in the telemetry world), and additional deployment options.
All of this is built on a high-performance architecture that is capable of scaling seamlessly to 100Gbps ports and beyond without the need for expensive hardware.
When it comes to managing an organization’s telemetry, there’s no better solution than Cisco Telemetry Broker. No other product is able to leverage the entire telemetry plane of an organization in a seamless and holistic manner, giving customers greater insight into their network. Cisco Telemetry Broker can enhance an organization’s extended detection and response (XDR) strategy. Working alongside Cisco Secure products like SecureX and Secure Analytics, Cisco Telemetry Broker provides the simplicity, visibility, and efficiency security teams need for a more proactive approach to security.
To learn more visit http://cs.co/telemetrybroker
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels