This guide provides instructions for integrating Kentik with Microsoft Azure.
A reference architecture diagram showing Azure subscriptions, roles, and data flow to a Kentik account.
Microsoft Flow Logging Recommendations
Kentik supports processing both VNet (Virtual Network) flow logs and NSG (Network Security Group) flow logs from your Microsoft Azure storage account. However, Microsoft advises enabling only one type of flow log at a time to prevent duplicate traffic recording and additional costs (see VNet Flow Logs Overview).
Kentik encourages all customers to use Microsoft's migration scripts to enable VNet flow logs. This ensures your Kentik account remains current and avoids potential issues.
Process Overview
Integrating Azure with Kentik involves preparing your Azure environment and configuring the Kentik portal to enable the collection of metadata, flow logs, firewall logs, and metrics.
TIP: See the Cloud Overview for an introduction to Kentik cloud setup.
We recommend following this process in order:
Azure Prerequisites & Roles: Verify you have the correct administrative permissions in Azure, choose your authentication method (Kentik Enterprise App vs. Custom App Registration), and gather your necessary Subscription and Resource Group IDs.
Flow/Firewall Log Collection: Configure your Azure environment to generate VNet/NSG flow logs and firewall logs, and export them to a designated Azure storage account.
Kentik Export Configuration: Use the Kentik portal UI to create a "cloud export" that authorizes Kentik to ingest the telemetry from your Azure storage account.
Optional: If you prefer to deploy using infrastructure-as-code, see Automated Configuration (Powershell) to script the Azure storage and Kentik export setup simultaneously.
Once the setup is complete, you can use the Kentik portal to monitor your Azure network traffic, visualize resource utilization, and gain insights to optimize network performance and security.
Next, let’s move onto completing the tasks in Azure Prerequisites & Roles.