Cisco's Tetration telemetry analytics has had six months since launch to bed down so Switchzilla has decided it's time for a refresh.
As part of that process, the company is trying to build a third-party developer ecosystem around the product.
However, more importantly for users, it has taken the original discovery and visibility and added policy enforcement to it, with an eye to security.
Speaking to The Register earlier this week, senior director of product management Yogesh Kaushik said the emerging theme of "zero-trust" security policies is great in theory but difficult to implement.
It's sensible to start with a locked-down assumption – that is, only open holes that an application needs to function.
However, that's also hopelessly slow in today's environments. Just mapping everything in an environment can take ages, and it's going to change in two weeks.
The world of DevOps demands that developers can spin things up and down "whenever they need to, and talk to whoever they need to," Kaushik said – which is fast but very insecure, but you can't function if the developer needs to open five tickets to do anything.
Tetration comprises an appliance, not for collection but for analytics: Cisco claims the appliance can search through a hundred billion records in less than a second. Data collection comes from network agents (if the kit is Cisco's), software agents for other vendors' environments, and hooks into third-party collectors.
The aim, Kaushik said, is to "look at every packet, and process every user – to get a good understanding of what applications are and how they behave".
That way, the customer can get a grasp of what their policies look like ("what holes I need to punch"), and who is in control of different policies (which can get cumbersome when network ops, server ops, infosec and developers all have a say).
The other pitch Cisco hopes gets legs is that Tetration can consolidate the control environment: "You don't want a different policy controller for Amazon AWS, virtual machines, containers, and the network."
Headlining today's launch is the addition of full application segmentation to Tetration, capturing up to a million events per second in realtime to create an application map.
With that in hand, the security team can see what's associated with an application – is the finance team the user base? Is this application carrying credit card data? Is it accessed by a branch office in China?
Its "attribute-based" approach lets the infosec team say: "If this is associated with a credit card, keep it out of the data centre. If [an application] contains financial information, don't let it interact with a process in AWS."
Developers, partners and competitors will soon be able to write software that interacts with the Tetration API, "to make sure customers aren't limited to what Cisco can build," Kaushik said.
Initially, he said, Cisco will start by working with a handful of its partners, and publish some sample applications of its own.
And he said the company's taken a conservative approach to what's in the API: "This is its first release, and we will want feedback from the community about what they want opened up."
Too often, he said, companies like Cisco overload the APIs they release and leave it up to others to sort out problems.
"We want to get that feedback," he said, about the features and capabilities developers want to use.
The opposite of scale
The other change Cisco's making in upcoming Tetration releases is to offer a scaled-down version.
There will be a small-scale appliance supporting up to 1,000 workloads, and an AWS-deployable virtual appliance with the same scale.
The choice to go large first was easy to make, Kaushik said.
From the engineering point of view, he said: "It's easier to build a large scale appliance and shrink it."
Trying to scale up something that started small, on the other hand, is a monumental task. ®