Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Next Generation Monitoring in Cisco Security Cloud Leon De Jager and Nitin Thakur

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 What is Cisco Security Cloud Operations? Challenges faced Scale of the Solution How AppDynamics was selected Speed & Ease of deployment Issues identified so far What next?

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3 Many organizations want the savings and efficiency benefits of cloud computing, but don’t want to sacrifice traditional levels of control and security. Security is traditionally applied at the network perimeter; this disappears in cloud-based computing, in which borderless networks connect many types of users with enterprise private data centers and cloud-based resources. Some transactions, such as a remote worker accessing Salesforce.com, don’t even pass through the corporate network or scanning systems The Cisco Borderless Network architecture addresses this challenge, securing cloud computing by placing intelligent control points and endpoints throughout the network. Cisco ScanSafe Web Security Cisco IronPort® Cloud Security, Hybrid Security and Managed Security Cisco Registered Envelope Service Cisco AnyConnect Secure Mobility Solution Cisco Security Intelligence Operations Cisco Cloud Web Security (CWS) provides industry-leading security and control for the distributed enterprise. Users are protected everywhere, all the time when using CWS through Cisco worldwide threat intelligence, advanced threat defense capabilities, and roaming user protection.

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5 Mobile App Monitoring NO VENDOR Diagnostics End User Experience Monitoring DotCom + EC2 Database Monitoring Business Transaction Monitoring NO VENDOR Tier-1 + Run Book Automation Application Monitoring HOMEBREWSynthetic Monitoring Server Monitoring HOMEBREWAlerting Network Monitoring Cacti, Nagios, OpenNMS HOMEBREWLog Monitoring Big Data MonitoringKibanaHOMEBREWCloud Monitoring Cisco currently uses a limited number of multiple standalone technologies from homegrown tools and multiple vendors. These separate implementations have created an expensive, fragmented amalgamation of independent products that: Limits – visibility into apps & the business transaction functions performed Strains – capital and manpower budgets Dilutes – a clear-cut root-cause of an issue by the confusion of multiple tools Delays – time to remediation

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6 Current State Mobile App Monitoring NO VENDOR Real User Monitoring DotCom + EC2 ? Business Transaction Monitoring NO VENDOR Application Monitoring Server Monitoring Network Monitoring Cacti, Nagios, OpenNMS Big Data Monitoring Kibana AppDynamics will add missing capabilities and help consolidate and compliment our existing monitoring solution In a single tool, AppDynamics provides complete end-to-end transactional visibility for rapid troubleshooting of Production and Development application performance issues. The in-depth features of our product and the power of their integration will allow your teams to: Unify – various teams by providing the same relevant view into apps Saves – capital and manpower budgets Simplify – NO manual configuration when changes are introduced Enables – teams to focus on new, more relevant projects instead of firefighting Current State Application Diagnostics Database Diagnostics Tier-1 +Run Book Automation HOMEBRE W Alerting HOMEBRE W Synthetic Monitoring HOMEBRE W Log Monitoring HOMEBRE W Cloud Monitoring CUSTOM ROADMAP

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7 Requirement gathering from multiple teams and end users Some high level requirements which we looked at: Compute requirements to be minimal for running the APM solution Ease of auto detection of business transactions Future roadmap from AppDynamics more aligned with business requirements PoC run for an extended period, including performance tests to ensure no negative impact on applications Runbook automation functionality to help reduce false positives from existing monitoring infrastructure

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8 23 Datacenters Globally Hub & Spoke Architecture Design

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9 23 Datacenters Globally 6.3 Billion Web Requests scanned per day 200 Million Threats blocked per day Reporting Database contains 500 billion rows on average. Reporting Database is approximately 220TB in size Web Scanning Hosts distributed globally AppDynamics deployed onto JVMs globally

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10 Global deployment across 23 datacenters covering hosts in less than a week. Example puppet module available on GitHub. GitHub

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11 Some of the issues we’ve been able to identify with the use of AppDynamics:- Unique Slow Business Transactions affecting services: Identified Configuration errors in applications: Identified and remediated (Prevented 70M Slow transaction from occurring) Unique behavior of the service dependent on end user usage Identified, further analysis undertaking Inter application communication and failure in the network stack Identified and remediated

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12 Nagios used for existing application monitoring, approximately 25 service checks configured per host. AppDynamics Monitoring Extensions to be used to replace Nagios application checks Runbook Automation Further integration into more Security Cloud Operations Products Chaos Monkey vs Runbook Automation

Thank you.