March 2019

Time flies, and the first quarter of 2019 is already behind us. Our product team has been working hard this last month to deliver the My Kentik™ API, Tenant SSO, integration with Silver Peak devices, and full support for UDR dimensions in alerting. Let’s take a look at the details…

My Kentik™ Portal is a built-in feature of the Kentik platform that enables curated, self-service network traffic visibility for downstream customers (solution brief here). Because we’re strongly committed to supporting features not only through our portal but also via APIs, we’ve now introduced the My Kentik API.

Providing an initial set of four methods, the My Kentik API enables Kentik customers to programmatically manage settings for their My Kentik Portal tenants. Development work is ongoing to achieve full parity with the functionality that’s available in the Kentik portal via the My Kentik Portal page.

The following methods are available now, and can be tested with the V5 API Tester for our US and EU clusters:

• Tenant List (GET): Returns an array that contains information about all tenants
• Tenant Info (GET): Returns a tenant object containing information about an individual tenant
• Tenant User Create (POST): Creates a tenant user object and Returns information about that individual tenant user
• Tenant User Delete (DELETE): Deletes a tenant user from the system

For more information, please see the My Kentik API topic in the Kentik Knowledge Base or contact our Customer Success team.

With Single Sign-On (SSO), a user can log in with a single ID and password to gain access to any of several related systems. It’s a convenient, centralized way to manage security and access control to applications. For the last couple of years we’ve supported SSO access to customer accounts on the main Kentik portal. Now we also allow Kentik customers to enable SSO for their My Kentik Portal tenants.

Customers who use this new feature will provision tenants on their existing SSO platform, so tenants will be authenticated at login using SSO instead of local user credentials. To configure tenant SSO, you’ll have to have an existing identity provider account or in-house identity management system (see SSO Config Prerequisites), and also be a Super Admin for your organization (see About Super Admin Users).

Tenant SSO is activated in the Kentik Detect portal on the Admin » My Kentik Portal page. At the bottom of the My Kentik Portal Settings pane (below the Save button) you’ll see the “info” notice shown below. Click the My Kentik Portal Single Sign-on Settings link.

In the resulting My Kentik Portal Single Sign-on page (shown below) fill in the fields as described in the KB topic Tenant SSO Settings.

For assistance with getting SSO correctly configured for your tenants (or your own organization), please contact our Customer Success team.

A couple of months ago we announced our new Universal Data Records (UDR) architecture, which enables the Kentik Data Engine (our distributed big data backend) to flexibly allocate columns to the flow fields of diverse devices. We then announced three integrations based on UDR, one for Palo Alto Networks firewalls, one for Cisco Adaptive Security Appliances (ASA), and one for Istio service mesh (Beta). We’ve now added another new integration, this time for Silver Peak appliances running Virtual Acceleration Open Architecture (VXOA version 8.1.8 or higher). These appliances analyze packets as traffic flows through, identify the application with which each packet is associated, and prioritize routing by applying application-specific rules. Our new integration will enable you to filter or group-by in Kentik Detect using the application names identified by Silver Peak and stored in KDE flow records.

If you have a Silver Peak appliance, here’s a quick look at how to use information from it in Kentik Detect:

• Step 1: From the Kentik portal’s Admin » Devices page, use the Add Device button at upper right to open the Add Device dialog, then add a new Silver Peak device. The Type field on the General tab should be set to Silver Peak VXOA.

• Step 2: In the Data Explorer sidebar, click in the Devices pane to open the Devices dialog (see Device Selector with Sidebar). In the Types list on the dialog’s sidebar, click Silver Peak VXOA to include the new device in the set of queried devices, then click Save to close the dialog.

• Step 3: Back in the main Data Explorer window, click Group by Dimensions in the sidebar’s Query pane to open the dimension selector. Now that a Silver Peak device is included in the selected devices, you’ll be able to choose a dimension from the Silver Peak VXOA section. To date the only available Silver Peak dimension is Application Name, which enables you to better understand the applications generating the traffic that flows through your Silver Peak appliances. Note that at this point this dimension would also be available for use in the Filtering pane.

• Step 4: The Application Name dimension can now be used in a query to correlate network traffic with specific applications. The sample Sankey diagram below, for example, shows traffic destined for applications such as Gmail, YouTube, and Splunk exiting via two Silver Peak devices (silverpeak_sf and silverpeak_hnl) to service providers Zayo and HNTEL.

For information or assistance with using Silver Peak dimensions, please contact our Customer Success team.

The benefits of Universal Data Records aren’t limited just to troubleshooting and analytics. UDR also enables us to expand the range of conditions for which our alerting system can generate alarms and trigger mitigations. As explained below, UDR dimensions and metrics are now supported when defining the data that will be evaluated by an alert policy, which is done in the Data Funneling pane of the Alert Policy dialog (Add or Edit).

• Dimensions: The key for a given policy (see About Keys) is set with the Dimensions selector. The selector now includes all of the dimensions that are supported via UDR, including dimensions for Cisco ASA, Palo Alto Networks firewalls, Silver Peak appliances, and Istio.

• Filters: UDR dimensions are now supported as well for the filters that are set with the Filters selector.

• Metrics: We now support UDR metrics, such as Initiator Bytes and Responder Bytes for Cisco ASA, when specifying primary and secondary metrics.

As you can see, UDR-enabled dimensions and metrics take Kentik to a new level in terms of being able to address the intricacies of your own particular network, and this capability is even more powerful now that it’s supported by our alerting system. For help with taking advantage of the device-specific dimensions made possible by UDR, please contact our Customer Success team.