Spotlight on Cisco Tetration and Cisco Intersight at NFD16

Peter Welcher
Architect, Operations Technical Advisor

As you’d expect, Cisco did a great job of presenting at #NFD16. I’d have to say they dazzled us, with some solar contribution. In this post, I’ll summarize Cisco’s presentation, but for details, you’ll want to watch the video recordings.

Cisco split its time across two topics:

(Love the pun, since the latter product is also inter-site. One might even say the goal of the product is the ex-site-ing of UCS management.)


My first impression: Tetration is clearly evolving and improving. It may be just me, but I think I heard more emphasis on agents and third-party sources, and less on Nexus 9K hardware. That makes sense in terms of not holding up purchase until hardware refresh time — something that previously may have deferred some/many ACI and Tetration buying decisions. Admittedly, hardware-based approaches have fewer touch points.Networking Field Day

Initial customer interest in Tetration was light due to high price until recently, when smaller models became available.

The key point to me with anything like this or NetFlow, particularly for security applications, is that you really need to have ubiquitous coverage. Tetration does appear to potentially solve a lot of the problems with partial NetFlow deployments, or with performing a Network Packet Broker deployment. The Cisco presentation also certainly makes it appear the product is getting a lot of attention within Cisco and is rapidly maturing.

If you’ve read my prior blog posts, you know I’m a fan of using flows to understand applications better, especially before moving components to cloud or remote datacenters. That was the initial push with Tetration, in part since you need that info to migrate to ACI-based security.

More recently, and notably in the NFD16 presentation, Tetration is now also rapidly becoming more of a security alerting and mitigation tool.

Complementing all that, Tetration now has:

  • ERSPAN input as an option
  • NetFlow as an option
  • Campus ISE integration, for ID awareness and context, and for policy enforcement
  • Open API for Tetration Analytics: feed alerts to Kafka and notification event consumers, also for add-on apps
  • Multi-tenancy, AAA, and RBAC

The presenters went on to talk about feeding Splunk and Phantom (see also my NFD16 Gigamon blog post), and Service Now. Yes, Cisco also talked about “Ecosystem”, as one would expect.

Hey, this was an X (X = Tech, Network) Field Day event, so of course there were demos and more! (Hint: see the videos.)

Project Starship (Now Launched as Cisco Intersight)

We got a pre-announcement view of Cisco Intersight. By the time these words appear, it will be well past launch date for that.

Concerning Intersight, I heard someone comment “Meraki-ize” UCSM, and that might not be far off base. Strength AND weakness: CI/CD (can you say: “instant bugs and quick fixes”?). There are some potentially compelling aspects for customers in the future (not initially):

  • Fewer hassles around upgrading the management software
  • Ability to bring domain knowledge and TAC experience to the customer’s installed base in an automated fashion
  • Ability to potentially lower the amount of in-house or consultant expertise needed (consultant’s reaction: “darn!” <tongue in cheek>)

Think about it: With customer UCS systems feeding data to Cisco in an automated and ongoing way, Cisco will get great crowd-sourced data on failing components, common problems, etc. — particularly if they can correlate your gear with your TAC calls.

Other early impressions:

  • The initial release seems kind of read-only, a Good Thing when building trust with a large customer base
  • Functionality will grow, as (hopefully) will trust
  • One hopes the registration and connection process will not be labor-intense or balky or slow

There is one aspect of Intersight that I really appreciate Cisco presenting on. There was a very strong effort that apparently went into securing the product. Cisco clearly does not want to become a vector by which their customers get hacked, via the tunnels from the SaaS offering back to the site UCSM. It sounds like security got baked into Intersight (and the coding and management teams) from day one.

See the videos for details. I imagine as the offering matures the slide decks will get more polished and detailed, but what’s in the videos gets things off to a great start!


My fellow NFD16 delegates and Cisco have been busily blogging boldly, per below:


Comments are welcome, both in agreement or constructive disagreement about the above. I enjoy hearing from readers and carrying on deeper discussion via comments. Thanks in advance!

Disclosure Statement
Cisco Certified 20 Years

Leave a Reply


Nick Kelly

Cybersecurity Engineer, Cisco

Nick has over 20 years of experience in Security Operations and Security Sales. He is an avid student of cybersecurity and regularly engages with the Infosec community at events like BSides, RVASec, Derbycon and more. The son of an FBI forensics director, Nick holds a B.S. in Criminal Justice and is one of Cisco’s Fire Jumper Elite members. When he’s not working, he writes cyberpunk and punches aliens on his Playstation.


Virgilio “BONG” dela Cruz Jr.

CCDP, CCNA V, CCNP, Cisco IPS Express Security for AM/EE
Field Solutions Architect, Tech Data

Virgilio “Bong” has sixteen years of professional experience in IT industry from academe, technical and customer support, pre-sales, post sales, project management, training and enablement. He has worked in Cisco Technical Assistance Center (TAC) as a member of the WAN and LAN Switching team. Bong now works for Tech Data as the Field Solutions Architect with a focus on Cisco Security and holds a few Cisco certifications including Fire Jumper Elite.


John Cavanaugh

CCIE #1066, CCDE #20070002, CCAr
Chief Technology Officer, Practice Lead Security Services, NetCraftsmen

John is our CTO and the practice lead for a talented team of consultants focused on designing and delivering scalable and secure infrastructure solutions to customers across multiple industry verticals and technologies. Previously he has held several positions including Executive Director/Chief Architect for Global Network Services at JPMorgan Chase. In that capacity, he led a team managing network architecture and services.  Prior to his role at JPMorgan Chase, John was a Distinguished Engineer at Cisco working across a number of verticals including Higher Education, Finance, Retail, Government, and Health Care.

He is an expert in working with groups to identify business needs, and align technology strategies to enable business strategies, building in agility and scalability to allow for future changes. John is experienced in the architecture and design of highly available, secure, network infrastructure and data centers, and has worked on projects worldwide. He has worked in both the business and regulatory environments for the design and deployment of complex IT infrastructures.