By Guest May 10, 2017
This is a contributed blog post by Cisco Datacenter Solutions Senior Product Marketing Manager, Ravi Balakrishnan.
You can also learn more on the Cisco Blog.
Splunk is closely aligned with Cisco across a range of areas including Application Centric Infrastructure (ACI), Cisco’s business-relevant software defined networking (SDN) policy model spanning networks, servers, storage, security, and services. Splunk was an inaugural ACI partner and inaugural participant in the Cisco ACI App Center. Both at Cisco Live Berlin and at a recent Insieme organized Customer Advisory Board (CAB) meeting, I’ve seen customers evince keen interest in leveraging Splunk software in their Cisco ACI environments. It is no surprise to me that Cisco recently named Splunk as a Global ISV Partner of the Year … for the second year in a row
What is ACI? Cisco Application Centric Infrastructure (ACI) is a comprehensive SDN architecture. This policy based automation solution supports a business-relevant application policy language, greater scalability, and greater network visibility. Cisco ACI reduces TCO, automates IT tasks, and accelerates data center application deployment times from weeks to minutes and dramatically improves IT alignment with business objectives and policy requirements.
Deploying Splunk in a Cisco ACI environment enables centralized proactive monitoring, root cause analysis, compliance/audit and risk analysis, and distributed cross-tier visibility. With these capabilities, Cisco ACI customers can gain comprehensive Insights into APIC (ACI) health. This helps reduce MTTR which directly translates into cost savings. Our joint customers also get granular operational analytics and can leverage the prebuilt dashboards of the customizable Cisco ACI App for Splunk Enterprise. Our app collects various metrics that can be used for meeting SLA compliance and audits. Finally, the Splunk platform enables users to correlate data between multiple technology tiers for cross-tier visibility. This results in reduction of the number of monitoring tools and shortened time to value.
Many ACI customers have been excited to learn about the robust, free and fully customizable Cisco ACI App for Splunk Enterprise. I am writing this blog to take you on a quick tour of recent innovations on the Cisco ACI App for Splunk, key use cases, and how the combination of Splunk and Cisco ACI addressed data center operations related pain points.
The Cisco ACI App for Splunk uses Cisco's open API framework to collect APIC events, health scores and inventory data into the Splunk platform. Using this data, the Splunk platform delivers centralized, real-time visibility for applications and ACI infrastructures across bare metal and virtualized environments. Ultimately, the Cisco ACI App for Splunk offers offers a flexible approach to monitoring Cisco ACI and all other elements of your technology stack.
How does the Cisco ACI App work with Splunk Enterprise?
- The Cisco ACI Add-on is the back-end of the app. It’s responsible for the data collection portion and includes scripts that run at regular intervals to fetch data into Splunk
- REST API request are sent to the APIC securely (via SSL)
- APIC responds with the data in JSON format and Splunk indexes the incoming data with correct metadata
- The App references the indexed data, extracted fields and populates the dashboards.
The Cisco ACI App for Splunk collects faults, performance and inventory data. Syslog messages are pushed from APIC controller to Splunk Indexers. Syslog messages include user information such as authentication logins and changes made to the environment for audit purposes. Performance metrics and inventory data are sent through API calls executed against APIC API.
New Innovations in the App
Now, let us look at the new innovations that have been added recently to the Cisco ACI App for Splunk to cover advanced use-cases. These features work with Splunk version 6.3 and above and APIC version 1.3/2.0/2.1 respectively.
- Multi-pod for distributed fabric visibility
- Micro segmentation for risk analysis
- Enhanced user interface (system faults view, home dashboard)
- App Center Integration
Multi-pod for distributed fabric visibility: This feature enables an overview of the complete fabric segmented by multiple Pods and drilldown to a specific Pod to gain health and statistical information. Data center administrators can gain segmented visibility across interconnected separate ACI fabrics, known as Pods and utilize information in the Cisco ACI app for Splunk to gain knowledge about entities relating to various pods.
Micro segmentation for risk analysis: Monitor and get details of uEPGs and uEPGs that are quarantined or are restricted communication between end-points by applied filters. Micro-segmentation feature in the app allows users to view granular information on endpoints defined in a logical security zone, known as EPGs. Check on isolated endpoints, contracts associated between EPGs along with the health scores. Correlate this information with established security policies to monitor east-west traffic within the data center.
Enhanced user interface:
The easy to use, easy to understand user interface helps navigating and monitoring entities within the app with better time-to-value resolution for your use case. Dashboards are laid out in the form of single value entities, graphical representations and statistical tables. The user interacts with the app by using drilldown capabilities on the representations to gain further details.
Key dashboards features that cater to the use cases:
System Faults |
Home |
Authentication |
Tenant Details |
VM Manager (VMware) |
Segmented view of system faults by Nodes, Tenants, Domain, Rules, etc |
Single consolidated view of all the entities in ACI fabric
|
Audit and track user logins and interactions with the APIC |
Check health scores of Tenants and faults per Tenant |
Gain client end point details of your virtual environment |
Additional drilldown capability to view faults distinguished by color codes |
Toggle between multiple APICs hosts/ACI fabrics |
Maintain compliancy checks on all users |
Drilldown on Tenant’s health to analyze underlying affected objects |
Integration capability with the VMware app to monitor ESXi and host error logs |
|
|
|
|
|
Other useful dashboards
System Threshold:
Specifying threshold values for each logical entity helps you monitor the number of entities created and you can configure alerts when they exceed their threshold specified
Radial gauge panels for these entities gives a better view for monitoring limit exceeds
Using the Cisco ACI App for Splunk enables customers to achieve operational efficiency through proactive real-time monitoring, analytics, compliance capabilities powered by the Splunk platform. Data Center admins get better visibility to enterprise-wide data and correlate with ACI infrastructure, with a single click app download.
ACI App Center integration: CiscoSplunkConnector App
A separate Splunk integration –CiscoSplunkConnector - is also available on the Cisco ACI App Center.
Conclusion:
With the expansion of data center virtualization, insight into both virtual and physical network connectivity is critical for root-cause analysis of problems in virtual environments. Because Splunk Enterprise can harness machine data from any technology, it offers single-console visibility across multiple technology tiers, even bridging virtual and physical domains. As ACI and Splunk initiatives expand, customers can leverage cutting-edge innovations to address newer challenges in the area of operational analytics and incident management, and meet their compliance, audit and stringent security requirements.
To learn more, check out the below resources:
- Cisco ACI and Splunk Solution Brief
- Cisco ACI App for Splunk Enterprise
- Cisco ACI App Center (blog post)
- Cisco Validated Design: Cisco ACI with Splunk Enterprise
Better yet, join us June 25-29 at Cisco Live Las Vegas where you can chose from more than 70 sessions about Cisco ACI and learn from Splunk insights across Cisco’s industry-leading security, networking, wireless, data center and collaboration portfolios.
Ravi is an industry recognized marketing executive with over 20 years of experience in Enterprise Applications, Datacenter and Cloud Networking, Network analytics, Compute and Storage technologies. Ravi worked at SUN, HP, Oracle in past as a Product Manager and cisco (present) as a Product Marketing Manager and has a broad interest in AI, Machine learning, Big Data, and other emerging trends. Ravi has several accomplishments and notable ones in recent times include “Best of Interop” awards for the Cisco Nexus 9516 and Cisco APIC in 2014 and 2015 respectively. Ravi is a recognized public speaker and a distinguished blogger on Cisco and partner blog forums. Ravi holds a MS in EE and a MBA in Marketing.