As fall begins, we’re happy to report a rich harvest of product improvements from Kentik. One focus in September was on enhancing customer control with more granularity and more flexible options. Another was to ensure that Kentik Detect remains robust and scalable as both the number of our customers and the size of their data sets continue to grow. Scalability and flexibility have both been key differentiators for Kentik since the start of our journey, and we continue to extend those capabilities, providing customers with a better user experience while enabling them to achieve their goals.
Kentik Detect has long offered the ability to resolve IP addresses to domain names. When Enable Reverse DNS Lookups is on (shown below left; see the Knowledge Base topic on Query Advanced Options), the domain names are displayed next to the addresses in any table returned from a query using source and/or destination IP address as a group-by dimension. But our public DNS lookup obviously isn’t able to resolve IP addresses in a private (RFC 1918) namespace. Until now that has resulted in the display of a hyphen (”-”) where the names associated with a private address would otherwise be (see below right).
We’ve now addressed this with Custom DNS, a feature that enables you to designate one or more DNS servers for Kentik Detect to use for reverse lookups instead of our default public DNS server. The result is that the names associated with IP addresses will be displayed according to your designated reverse DNS servers rather than the Kentik-default DNS server. Using your dedicated DNS servers will result in Kentik Detect being able to display not only public but also private names.
Configuring Custom DNS is very straightforward, involving just a few clicks. Navigate to Admin » Custom DNS, where you’ll find the Custom DNS page shown below. In the callout near the top of the page you’ll see the IP address from which Kentik will query your designated DNS servers; you’ll need to be sure that the servers you designate are configured to allow queries from this address. Enter the IP of a DNS server into the Add DNS IP field, then click the Add button. If the IP address is valid then it will be added to the DNS Servers list at right. You can add multiple DNS servers to the list and queries from Kentik will be evenly distributed across the set.
After configuring a DNS server, you can use the Verify Reverse DNS Lookup button to open a dialog (shown below) in which you can test the lookup of any IP address.
For additional information, please refer to the Custom DNS article in the Knowledge Base. As always, for further information or help you can also contact the Kentik Customer Success team at email@example.com.
Back in Q2 of this year, we announced the My Kentik Portal, which enables curated, self-service network traffic visibility for downstream customers (see the My Kentik solution brief). Building on this initial launch, we’ve subsequently been improving the feature-set to add value for our customers and their customers (internal or external), whom we refer to as “tenants.” A number of these major updates were completed in September, including the ability to expose tenants to alerts, a redesign of the tenant configuration UI, and a “spoofing” capability that allows customers to see the My Kentik portal through the eyes of an individual tenant. Here’s a closer look at these improvements.
One of the key features of Kentik Detect is its ability to generate alerts based on highly customized network traffic conditions that are defined in Alert Policies. If you’ve configured policies you can now enable the tenants in your My Kentik portal to receive alerts from some or all of those policies. And you can even tailor the thresholds that will cause those policies to trigger alerts for a given tenant.
There are two ways to enable your tenants to view alerts in the My Kentik portal. One is by adding one or more of your policies to the Tenant Default Alert Policies list so they can be seen by all of your tenants (see Tenant Default Content below). The other is to add one or more policies to an individual tenant (shown at right), so that the policies can be seen by any user assigned to that tenant. You do that in the Add Tenant dialog (opened by the button of the same name) or Edit Tenant dialog (opened by clicking on a tenant in your Tenant List). These tenant settings include an Alert Policies Settings pane where you can choose the policies to make available to the users assigned to that tenant.
Once you add one or more policies, the Alert Policy Settings pane will resemble the image below. If individual thresholds are shown for the policy you can make tenant-specific adjustments to the criteria that will trigger an alert to be displayed in the My Kentik portal.
Once you’ve added alert policies to a given tenant’s configuration, the My Kentik portal for that tenant will include icons for Alarms and Alert History (shown at right). When tenant users click on Alarms they’ll see a list of of Active Alerts. When users click on Alert History they’ll see a list of alarms, mitigations, and matches for a specified time range (see Alert History).
As mentioned above, you now have the ability to assign default content that will be visible to the users of all of your tenants. You specify default content on your main My Kentik Portal admin page under Tenant Defaults, where you’ll find the Views and Alert Policies settings (shown below). Each is a drop-down menu listing the existing views or alert policies in your organization. You can choose any item from the list, and add as many defaults in each category as you’d like to make accessible to all of your tenants.
Tenant “spoofing” enables you to see your My Kentik portal as if you were a specific user assigned to a specific tenant, so that you can evaluate for yourself how that tenant’s current portal configuration is meeting users’ needs. Instead of having to create an account for yourself in the userspace of a tenant, you can now simply click the Open in Tenant View button on the My Kentik Portal page. In the resulting dialog (shown below left), select a tenant and an individual user to spoof. When you’re done, click on the user menu at the right of the navbar and choose Stop Spoofing from the drop-down menu (below right).
Kentik Detect has long supported two-factor authentication (2FA) which strengthens security by requiring not only a username and password for login, but also the additional “factor” of a token that is generated either by a TOTP (Time-based One Time Password) app on different device (e.g. Google Authenticator running on your mobile) or by a YubiKey. Instead of requiring that you choose a single such method, we now enable you to create a list of 2FA methods, any of which will be accepted at login.
You specify your 2FA methods on the Authentication tab of your User Profile (choose My Profile from the drop-down menu at the right of the main portal navbar). As shown below, you’ll see a list of currently enabled 2FA methods (if any), as well as buttons that enable you to add a YubiKey or TOTP method. For further information on adding methods, see the Register YubiKey or Register TOTP topics in the Kentik KB; for information on login procedures see Portal Login. Need help? Contact the Kentik Customer Success team at firstname.lastname@example.org.
Both Custom Dimensions and Flow Tags allow you to label flow records based on criteria defined in advance and evaluated at ingest. As announced in the HSCD topic of our May/June 2018 Product Update, our backend engineering team has been hard at work re-engineering these systems under the hood to drastically increase their capacity, scalability, and agility. As of September, all Custom Dimensions natively support this increased scale.
As part of enhancing the usability of Custom Dimensions and Flow Tags, we’ve also added a new Batch API that simplifies management by enabling bulk loading of either Populators (for Custom Dimensions) or Tags. To help you get started, we’ve posted a Hypertagging API in GitHub that you can use in Python to call our Batch API. For additional information, please refer to the Batch API topic in the Knowledge Base or contact the Kentik Customer Success team at email@example.com.
Bracketing allows you define from two to five ranges (brackets) of values and assign various colors to the brackets (see Bracketing Options dialog below) so that you can see at a glance the range into which the current value falls. If bracketing is turned on for a given query the colors will be applied to the query’s returned table. Depending on the visualization type (see Chart View Types) these colors may also be applied to the visualization itself.
We’ve recently added Time Series Line Graph to the list of view types that support bracketing for visualizations (see Bracketing View Types). In this case, as shown below, the boundaries between brackets are represented by the colored horizontal lines that run across the chart at 100, 150, 200, and 400M.
Notification channels are assigned in an alert policy to determine who will be notified when there’s a change in the alert state, e.g. an alarm is triggered by one of the alert’s thresholds. Each channel represents a notification type (e.g. email) and, where applicable, one or more notification targets (e.g. a set of email addresses). Kentik Detect supports multiple notification types (e.g. email, JSON POST Webhook, PagerDuty, Slack Channel and system log) so that each customer organization can use its prefered methods of notification. As shown below, we’ve now added a couple of additional options for notification types: OpsGenie and ServiceNow.