It’s been a busy and fruitful season for our product team, with final launch of many new features that required sophisticated design and heavy lifting. This issue’s theme? Visibility for the Cloud! We officially announced our cloud visibility solution at NFD19 and AWS re:Invent. We’ve added new integrations with AWS and introduced a new portal Admin UI that makes it easy to onboard flow logs from your cloud providers. Beyond that, there’s also new functionality and UI enhancements in the areas of data enrichment, mitigation, dashboarding, customized visualizations, and more. Now let’s dive in…
Since Kentik’s founding, our core focus has been to provide a 360° view of the performance, composition, and paths of actual network traffic. We started with visibility for owned/on-prem infrastructure. As more and more organizations have incorporated cloud infrastructure, we’ve extended our traffic analytics to follow suit, first by integrating with GCP VPC Flow Logs this past summer, and now with support for AWS Flow Logs. By enabling a unified view across all of your infrastructure — whether it’s on-prem, hybrid-cloud, or multi-cloud — Kentik is now a complete infrastructure visibility solution.
Need cloud visibility, but you’re not sure where to begin? No problem! To get you started we’ve now expanded our portal Library with a broad set of predefined dashboards that provide detailed views of cloud network traffic flows. You’ll find these preset dashboards under Cloud and Data Center in the Library sidebar. As shown below, there are eight dashboards for AWS and nine for GCP. Several are highlighted in the Library’s Featured Content (indicated by an orange check mark).
Our cloud dashboards are a joint effort of our field engineering and solution engineering teams. They’re based on real-world customer scenarios, such as investigating rejected traffic that utilizes the security action field (accepted/rejected) in AWS Flow Logs. For GCP, we’ve created dashboards that use the RTT_MSEC field in GCP flow logs, which measures application and network latency, to help you analyze the performance of your services and applications in Google Cloud.
We’ve also incorporated some of these same cloud metrics into alert policy presets that we’ve added to our Alerting Library. These new policies can identify unexpected changes in the source, destination, or composition of traffic in key parts of your cloud infrastructure.
As mentioned above, Kentik now integrates with AWS. If you have workloads running in VPCs on AWS, Kentik can now ingest the AWS VPC Flow Logs as a primary data source for analytics.
The steps to connect AWS infrastructure and add AWS VPC Flow Logs as a data source are fairly straightforward:
Once the new AWS Cloud is added it will appear in the Admin » Clouds page with details including name, provider, and status.
Last but not least, Kentik Detect is now available in the Amazon AWS Marketplace. Customers can simply pick a plan and subscribe to the Kentik analytics service on AWS.
In concert with our cloud efforts we’ve also taken an overall look at how best to support two important useability goals: improving ease of onboarding and making it easier for you to discover valuable features that you might not be aware of.
To simplify Kentik Detect setup in the portal we’ve added a landing page to the Admin section, with setup tasks grouped into panes that each correspond to a stage of the setup workflow:
In addition to adding a landing page in Admin we’ve also made the sidebar collapsible, so it’s out of the way when you’re not navigating from page to page. To access the Admin menu, just move your mouse toward the left edge of any Admin page, which will expand the sidebar and show the familiar list of Admin pages.
Admin isn’t the only area that’s been rethought. The landing page of the portal Library has also been revamped to make it easier to discover features that will maximize the benefits you can gain from Kentik Detect. We’ll continue to make valuable features more apparent. At the moment we’re using the landing page to highlight the following options:
Autonomous systems (ASes) represent the networks that collectively make up the Internet and enable the use of BGP to compute routes for the delivery of traffic. With our new AS Groups feature we allow you to assign one or more AS to a group that you name so that you can view traffic from a set of ASes as if they were a single entity. There are several scenarios in which this ability to control how ASes are represented in query results may be useful to the operator of a network:
As shown here, Kentik Detect users with Admin access can find the AS Groups page either from the Admin landing page, in the Enrich Your Data pane, or via the popout sidebar on all Admin pages.
The AS Groups page allows users to configure/add groups of ASes, either private or public. If a group includes just one AS then the group’s name will simply override Kentik’s default name for that AS.
The use of AS groups has the following effect on Kentik Detect queries:
Beyond new features, we’ve continued our ongoing work on refining the utility and performance of Kentik Detect. The following enhancements cover areas that you can see as well as areas that are under the hood.
Anomaly detection, alerting, and mitigation, which are among the core features of Kentik Detect, sometimes involve complex situations like multiple mitigation actions and overlapping alarms. To better handle these scenarios we’ve simplified our state machine model. Updates include:
In addition to these backend changes, the UI for mitigation actions in the Active Alarms table (Alerting » Active) has been changed to provide more flexible and granular control. Play and Stop icons have now been replaced with context dependent icons and tool tips that reflect the current mitigation state.
A number of customers requested that we allow Interface Classification rules to be applied to some devices and not others. As shown below, the IF settings in the Add Rule dialog now include two new controls that enable you to tailor sets of Included Devices and Excluded Devices that govern application of the rule.
These whitelists and blacklists will also be displayed, as shown below, in the Rules List on the main classification page (Admin » Interface Classification).
Kentik Data Engine is the backend where your network traffic data is collected and enriched, and from which it is pulled at query run-time. Recent enhancements enable Kentik Detect to support ad-hoc queries over longer time ranges with much higher cardinality. For example, we can see source/destination IP pairs as a time series over a time range of 90 or more days. As requested by some customers, Data Explorer’s Table view can also now display much deeper results — up to 50,000 rows — for queries on certain group-by dimensions when the metric type is Total. Additional changes include improved performance for queries that filter on long lists of IP addresses.
As we work to make Kentik Detect more powerful we’re also aware that features are most valuable to users when they’re easy and straightforward to use, as well as to customize for individual needs. The improvements in the next couple of sections are designed with that in mind.
Working with dimensions for both group-by and filtering is an integral part of defining the queries used throughout Kentik Detect. We’ve taken a fresh look at how customers access and select dimensions, and made the following improvements in the dimension selectors for both group-by and filtering:
Kentik customers have always recognized UI design as one of our major differentiators. The ability to customize aspects of that design, tailoring it to individual needs and preferences, makes it even more powerful. Our latest step in this direction is the new Visualizations tab, which you’ll find on the My Profile page (access from the drop-down menu at far right in the main portal navbar).
As shown below, you can tune five different color settings that determine how visualizations are rendered:
When changing the Quantitative and Qualitative color palettes, you can preview the effect on different view types by choosing a view type from the drop-down menu at upper right of the preview visualization. Once you save the changes, the new palette will be applied to all of your existing (and future) visualizations of that type (Quantitative or Qualitative) throughout the portal.
Finally, for Qualitative and Qualitative settings, you can create custom color palettes by turning on the Use custom values switch.
For more information, please contact the Kentik Customer Success team at email@example.com.