LuckyStep -

Cisco samples OpenTelemetry-based observability tool blends

Updates set to ship this week and next quarter will unify data collection for Cisco's observability and security tools and catch them up with full-stack competitors.

Cisco rolled out a tech preview of its new Full-Stack Observability platform this week, along with tighter OpenTelemetry-based integrations between its IT monitoring and security tools.

OpenTelemetry, a Cloud Native Computing Foundation project, provides a standard set of data collectors that support multiple tools. OpenTelemetry is best known for its distributed tracing support. But it also supports application performance metrics and will soon have production-level support for log data collection, according to Cisco officials.

Cisco is a major contributor to OpenTelemetry and plans to use it to unify data collection among the various performance and security monitoring tools it has bought over the last six years. These include AppDynamics, acquired in 2017 for application performance monitoring; ThousandEyes, acquired in 2020 for cloud, SaaS, internet and API security and performance monitoring; Portshift, also acquired in 2020 for container-based application and DevOps pipeline security and renamed Cisco Panoptica in 2022; and Kenna Security, acquired in 2021 for risk-based vulnerability management.

The Full-Stack Observability (FSO) platform already underpins AppDynamics Cloud, released in June 2022, which collects OpenTelemetry data through the AppDynamics hybrid agent, according to Carlos Pereira, Cisco fellow and chief architect in the vendor's strategy, incubation and applications business. The FSO tech preview will now open the platform to customers and partners to build similar integrations ahead of general availability in June.

"This is not a traditional Cisco product, where you have a SKU. It's a horizontal play where you build an ecosystem around it," Pereira said. "The tech preview is exposing the SDKs and the API and how you consume that and how you can extend it, so people can build."

Application vendors, such as SAP, plan to build apps on top of FSO, Pereira said, along with systems integrators, managed service providers and other Cisco channel partners. In the meantime, Cisco also plans to ship its own new FSO-based bi-directional integration between AppDynamics and ThousandEyes in April. This new tie-in will add support for customer digital experience monitoring as well as correlation of business issues between application transactions and their external dependencies, the network path and internet routing.

"This is not about forcing [people in different roles] to converge within an organization but contextualizing the information within their preferred tools to provide observability across the whole stack," he said.

Andy Thurai, vice president and principal analyst, Constellation ResearchAndy Thurai

Regardless of how the broader FSO strategy plays out, customers have been looking for stronger links between these specific tools, said Andy Thurai, an analyst at Constellation Research.

"The AppDynamics UI and [previous] integrations with ThousandEyes and Intersight are very clunky from what I hear," Thurai said. "They all come across as islands of products as of mid-year last year."

Business Risk Observability demos FSO-style integration

Long-term, broader and deeper combinations of tools from Cisco's product lines and those of third-party vendors, such as Dynatrace and Datadog, will also be forthcoming, Pereira said.

Along these lines, this week Cisco rolled out another new feature, Business Risk Observability (BRO), slotted into its AppDynamics Secure Application module, which serves as an example of how the vendor plans to further combine its separate tools, according to Pereira.

BRO combines Talos threat intelligence data on common vulnerabilities and exposures (CVE) with AppDynamics end-user experience and business-transaction monitoring; Panoptica data about API security; and Kenna's Risk Meter score distribution.

"In an application ecosystem like an SAP landscape, on average, we have over 200 vulnerabilities in a typical customer [environment], and let's say 50 to 70 that are critical, which is still a lot," Pereira said.

With BRO, "I take the Kenna [data about the] likelihood of it being exploited and merge it with AppDynamics' visibility into business transactions and create business risk scoring … so that the two or three critical vulnerabilities that have a high likelihood of being exploited and high business impact are where you focus first," he said.

Cisco observability platform banks on enterprise appeal

FSO is on the bleeding edge of what OpenTelemetry can do in terms of supporting log data. But generally, Cisco is a latecomer to full stack observability. It's trailing competitors such as Dynatrace, which is already shipping its own unified back end for observability called Grail, as well as observability-security integrations already offered by vendors such as Splunk, Sumo Logic and Datadog. FSO has been Cisco's publicly stated product direction since July 2022, but it has yet to see a full general release.

This is not a traditional Cisco product, where you have a SKU. It's a horizontal play where you build an ecosystem around it.
Carlos PereiraFellow and chief architect, Cisco

"While Cisco made a couple of decent acquisitions, such as AppDynamics and ThousandEyes, the full stack [integration] -- especially as it relates to cloud native applications -- has somewhat stalled," Thurai said. "Cisco is a strong performer in application monitoring. But the logs and traces are not quite there to make it a complete strong performer for total observability yet."

Pereira said the vendor has chosen a gradual rollout for FSO because large enterprise customers weren't yet ready to consume a totally unified platform a year ago.

"I was hearing from about eight out of every 10 CXOs that I talked to that 'FSO makes a lot of sense, and I'll put it on my strategic plan, but my business still runs on the silos that I have in operations. So even if you bring that together today, I cannot consume it,'" he said.

Cisco's target audience of large enterprises is also different from some of its newer competitors, Thurai acknowledged.

"Cisco's cloud-native observability is very weak compared to the other nimble, smaller players in the market," he said. "However, they have a solid presence in the enterprise market."

Stephen Elliot, IDCStephen Elliot

As a large company with a long track record, Cisco may be able to sell enterprises on its observability strategy in ways smaller, newer companies can't, said Stephen Elliot, an analyst at IDC.

"Cisco has a unique vantage point with its network and security market position with FSO," Elliot said. "It's potentially a very large advantage across people, processes and technology conversations, [and] their [partner] channels can do implementation and process modernization across those teams to drive change."

A small organization might be able to replicate FSO's features with open source OpenTelemetry and a Grafana dashboard, Pereira said. "But when you start talking about multi-tenant, multi-petabyte global organizations, you need a different level of support."

Beth Pariseau, senior news writer at TechTarget, is an award-winning veteran of IT journalism. She can be reached at [email protected] or on Twitter @PariseauTT.

Next Steps

Cloud-native and observability takeaways from Cisco Live

IT pros mull observability tools, devx and generative AI

Emergent observability topics at KubeCon 2023

Dig Deeper on IT systems management and monitoring

Software Quality
App Architecture
Cloud Computing
Data Center