Cloud Admin

Note: These settings are accessed via the Admin menu, which is displayed to Admin users only (hidden from Member users).

The setup of Clouds and cloud devices in the Kentik Detect portal is discussed in the following topics:

Note: If you would like assistance with any aspect of creating a Cloud, please contact us at support@kentik.com.

 

About Clouds

Clouds in Kentik Detect are based on flow logs generated by cloud service providers such as Amazon Web Services or Google Cloud. A flow log consists of a set of records about the flows that either originated or ended in a given Virtual Private Cloud (VPC). Each individual flow record is analogous to a flow record generated by a device on physical network (e.g. NetFlow, sFlow, etc.; see About Flow), which is made up of a set of fields giving information about a single flow.

Before you add a Cloud in the Kentik Detect portal you need to enable the creation of flow logs in a VPC, create a destination to which the logs are published, and set permissions enabling Kentik to access the logs so they can be pulled into Kentik Detect. The setup workflow varies depending on the cloud provider:

  • To set up flow log ingest from a VPC in AWS, see Kentik for AWS.
  • To set up flow log ingest from a VPC in Google Cloud, see Kentik for GCP.
  • To set up flow log ingest from a Network Security Group in Microsoft Azure, see Kentik for Azure.

Once you’ve completed the required setup tasks in your VPC, you’ll use the Clouds page in Kentik Detect (Admin » Clouds) to create a new Cloud in Kentik, to manage Clouds, and to view information about them.

Clouds and Device Groups

A Cloud in Kentik Detect does not necessarily correspond to an individual subnet, VPC, or interface in the cloud. If you’re using AWS, for example:

  • A Cloud will represent the collection of VPCs (or subnets or interfaces) whose logs are pulled from the bucket specified in the Add Cloud dialog.
  • A device group will represent all VPCs, subnets, and/or interfaces that publish logs to one destination log folder in that bucket. If there are several such folders in the bucket, Kentik will create several device groups, each of which is associated with the same Cloud.

In GCP, meanwhile, each Cloud represents a single Subscription, and there is no subcontainer mechanism equivalent to the destination log folders in AWS. Instead we identify from the logs themselves which subnets are publishing to the Pub/Sub topic to which a given Cloud is subscribed. Each subnet is then represented in Kentik Detect as an individual device group in the Cloud.

Note: The dimension by which you group-by and filter on cloud-based resources in Kentik Detect queries, Device Name, represents individual device groups rather than Clouds.

 

Clouds Page

All of your organization’s Clouds are listed on the Clouds page of the Kentik portal (choose Admin from the Kentik navbar, then Devices from the sidebar at left). The Clouds page is covered in the following topics:

 
top  |  section

Clouds Page UI

The Clouds page includes the following UI elements:

  • Add Cloud buttons (+ icon): The cloud providers currently supported by Kentik Detect are each represented by a tile above the Clouds List. Within each tile there is a plus icon that opens an Add Cloud dialog (see Cloud Admin Dialogs). Click on a plus icon to add a cloud for one of the following providers:
    - Google Cloud Platform
    - Amazon Web Services
  • Flow Log Volume graph: A horizontal bar graph showing the volume, in Gigabytes, of the flow logs ingested by Kentik Detect from each of your cloud providers.
    Note: Volume is estimated (extrapolated from volume measured in last seven days).
  • Filter field: Filters the Clouds List to show only rows containing the entered text in one of the following columns: Provider, Name, Properties, or Device Groups.
  • Group-by selector: Allows you to choose how the Clouds List table will be organized:
    - None: Lists all devices, without categorization.
    - Provider: Shows devices categorized by cloud provider (e.g. AWS or Google Cloud), where each provider is shown as a collapsible list with its associated devices.
    - Plan: Shows devices categorized by plan (see About Plans), where each plan is shown as a collapsible list with its associated devices.
    - Enabled: Shows only devices that are enabled (Enabled switch is on in the Add/Edit Cloud dialog; see Cloud Dialogs UI).
  • Clouds List: A table listing your organization’s Clouds (see Clouds List).
 
top  |  section

Clouds List

The Clouds List is a table that shows information about the Clouds created in your organization. By default the list (or each group if Group by is Provider or Plan) is ordered alphabetically by name (ascending). Click on a column heading to change the sort order of the list.

The Clouds List includes the following columns:

  • Provider: The cloud service provider (e.g. AWS or Google Cloud) from which the flow logs are being pulled by Kentik Detect.
  • Name: The name of the Cloud as specified in the Name field of the dialog with which it was added or edited.
  • Properties: A summary of settings made in the dialog with which the Cloud was added or edited:
    - If Provider is AWS, properties include Path and Role.
    - If Provider is GCP, properties include project and subscription.
  • Device Groups: The device groups auto-created by Kentik when your organization created a given Cloud:
    - If Provider is AWS, each device group represents one destination log folder in the AWS S3 bucket that is the source of the Cloud’s flow logs. All VPCs, subnets, and/or interfaces that publish logs to that folder will be included the same device group.
    - If Provider is GCP, each device group represents one subnet that publishes logs to the Pub/Sub topic that is the source of the Cloud’s flow logs.
  • Flow Log Volume: The volume of flow data ingested over the last 30 days by Kentik Detect from the Cloud’s source S3 bucket (AWS) or Pub/Sub topic (GCP).
    Note: Volume is estimated (extrapolated from volume measured in last seven days).
  • Enabled: Indicates whether the ingest of flow logs for this Cloud is currently turned on or off.
  • Status: The current status of the Cloud:
    - Pending: Kentik is setting up the Cloud based on information provided in the add or edit dialog.
    - Error: A configuration or connection issue is preventing Kentik from accessing the flow logs for this Cloud.
    - OK: Kentik Detect is successfully ingesting flow logs from the source specified with this Cloud.
  • Refresh button: Ingest the latest flow logs for this Cloud.

Notes:
- To see additional information about a given Cloud, click anywhere in the row for that Cloud, which opens the Cloud Details page where you can review and edit settings for that Cloud (see Editing a Cloud).
- To remove a Cloud, use the Edit button on the Cloud Details page to open the Edit Cloud dialog, then click Remove at the bottom left of the dialog.

 

Cloud Details Page

The Cloud Details page, which provides access to the properties and settings of an individual Cloud, is covered in the following topics:

 
top  |  section

Cloud Details Page UI

The Cloud Details page includes the following UI elements:

  • Cloud provider (logo): The logo of the provider whose cloud platform this Cloud is on.
  • Cloud name: The name of the Cloud.
  • Status indicator: The current status of the Cloud:
    - Pending: Kentik is setting up the Cloud based on information provided in the add or edit dialog.
    - Error: A configuration or connection issue is preventing Kentik from accessing the flow logs for this Cloud.
    - OK: Kentik Detect is successfully ingesting flow logs from the source specified with this Cloud.
  • Cloud Summary: Information about the Cloud, including the plan to which it is assigned and other information that varies depending on the provider (see Cloud Summary Information).
  • Enabled: A switch that turns on or off the ingest of flow logs for this Cloud.
  • Edit button: Opens the Edit Cloud dialog (see Cloud Admin Dialogs).
  • Associated Device Groups list: A table listing the device groups associated with this Cloud (see Device Groups List).

Cloud Summary Information

The cloud summary information includes the name of the Kentik Detect plan to which the Cloud is assigned (see About Plans). Additional information varies depending on the cloud provider:

 
top  |  section

Device Groups List

The Device Groups list is a table providing information about the individual device groups that make up a Cloud. The table includes the following columns:

  • Flow: A green checkmark in this column indicates that flow has been received from this device group within the last seven days.
  • Name: The name of the device group.
  • BGP Status: Indicates the BGP Peering status for IP v4 (top) and v6 (bottom):
    - Enabled through another device: BGP is turned on for this device group and a session is currently established indirectly (via another device).
    - Enabled but not established: BGP is turned on for this device group, but a session is not currently established, either directly or indirectly.
    - Not enabled: BGP is turned off for this device group.
    Note: To change BGP setting, see Editing a Cloud.
  • Flow Log Volume: The volume of flow data ingested by Kentik Detect from the device group over the last 30 days.
    Note: Volume is estimated (extrapolated from volume measured in last seven days).
  • View in Chart button: Opens the Current and Historical Traffic Dialog.

Current and Historical Traffic Dialog

The Current and Historical Traffic dialog, opened via the View in Chart button, displays a chart of the total volume of flows (source and destination) for a given device group, both historically and over the last 24 hours.

The dialog includes the following UI elements:

  • Close buttons: To close the dialog, click the X in the upper right corner or the Close button at lower right.
  • View Type: A drop-down menu used to set the type of visualization used for the graph (defaults to Line Chart); for descriptions of the options see Chart View Types.
  • Chart: The visualization of traffic (using the current view type).
  • View in Explorer button: Opens Data Explorer for further exploration of the device group’s traffic. The sidebar will be set so that query results will show same traffic that is shown in the dialog.
 

Cloud Admin Dialogs

Adding or editing a Cloud via the Kentik portal involves specifying information in the fields of the Cloud admin dialogs, which are covered in the following topics.

Note: Cloud admin dialogs are visible only to users whose level is Administrator.

 
top  |  section

About Cloud Dialogs

Cloud admin dialogs are used to collect the information needed to enable Kentik to pull flow logs from your cloud provider. The required information is entered into the fields of either of the following dialogs:

  • Add Cloud when registering a new Cloud with Kentik.
  • Edit Cloud when editing an already created Cloud.

The fields of the Add Cloud and Edit Cloud dialogs vary depending on the cloud provider, with some fields in common to all providers (see Common Cloud Settings) and other fields specific to a given provider as covered in the topics below.

 
top  |  section

Cloud Dialogs UI

The Add Cloud and Edit Cloud dialogs share the same general layout and the following common UI elements:

  • Close button: Click the X in the upper right corner to close the dialog. All elements will be restored to their values at the time the dialog was opened.
  • Remove button (Edit Cloud dialog only): Remove the Cloud from your organization’s collection of Kentik-registered Clouds. This button is only present if the Cloud being edited was manually added.
  • Cancel button: Cancel the add Cloud or edit Cloud operation and exit the dialog. All elements will be restored to their values at the time the dialog was opened.
  • Add Cloud button (Add Cloud dialog only): Save settings for the new Cloud and exit the dialog.
  • Save button (Edit Cloud dialog only): Save changes to Cloud settings and exit the dialog.
 
top  |  section

Common Cloud Settings

Cloud admin dialogs (Add Cloud and Edit Cloud) for all providers contain the following elements:

  • Name (required): User-supplied name string for the Cloud.
  • Description: User-supplied description string.
  • Billing Plan: A drop-down menu with which to assign the Cloud to a plan (see About Plans).
  • Enabled: When on, Kentik pulls and ingests flow logs from the specified cloud provider.
    Note: Disabling a cloud has no effect on the cloud provider side. Publication and collection of flow logs will continue until discontinued on the cloud provider.
 
top  |  section

GCP Provider Settings

Kentik pulls flow logs from the Google Cloud Platform (GCP) by subscribing to a Pub/Sub topic that is publishing flow logs from one or more subnets/VPCs (for more details, see GCP Process Overview). To establish the connection that enables us to ingest those logs into Kentik Detect we need information that you provide in the following fields:

  • Project: All GCP resources (e.g. compute engine services or cloud storage buckets) are contained within a GCP project. Enter the name of the GCP project that contains the Cloud Pub/Sub topic that you created as a destination for the export of flow logs from your VPC (see Create a New Topic).
  • Subscription: Enter the name of the subscription that you created to enable Kentik to subscribe to your Pub/Sub topic (see Create a Pull Subscription).
 
top  |  section

AWS Provider Settings

Kentik pulls flow logs from an AWS VPC, subnet, or interface via a destination log folder in an Amazon S3 bucket (for more details, see AWS Logging Setup Overview). To establish the connection that enables us to ingest those logs into Kentik Detect we need information that you provide in the following fields:

  • S3 Bucket Region: A drop-down list from which you choose the region in which you created the S3 bucket from which Kentik will pull the flow logs (see Create an S3 Bucket).
  • S3 Bucket Name: The name (not the full ARN) of the S3 bucket.
  • IAM Role ARN: The full ARN (Amazon resource name) of the role that you created to establish a “trusted relationship” that permits services in Kentik’s AWS account to access the needed resources in your AWS account.
  • Delete After Read: Determines whether Kentik should delete the logs after they’ve been ingested into Kentik Detect or if you prefer to manage log deletion on your own.
 
top  |  section

Azure Provider Settings

Kentik pulls flow logs from an Azure “storage account” that represents all resources within a given Azure subscription that share a location and have been assigned to the same resource group. The storage account is accessed by NSG Flow Exporter (a Kentik-built enterprise application for Azure), which forwards the flow logs to KDE. The following settings and controls enable creation of the storage account and authorize access to it by NSG Flow Exporter:

  • Subscription ID: Enter the Subscription ID of the Azure instance from which Kentik’s NSG Flow Exporter application will export flow logs.
  • Authorize: Click to authorize the Azure portal to create a Service Principal representing NSG Flow Exporter.
    Note: Your Azure role (e.g. Global Administrator) must allow you to grant access by enterprise applications.
  • Azure Resource Group: Enter the resource group of the Azure resources for which you want to generate flow logs for this cloud.
  • Azure Location: Enter the location of the Azure resources for which you want to generate flow logs for this cloud.
  • Storage Account Name: Enter a name for the Azure storage account to which logs will be exported from the above-specified Azure resources..
    Note: The name must not be already in use by any other storage account, whether in your subscription or that of another Azure user.
  • Configure Manually: Click the button to open a dialog containing a set of manual configuration steps, then go to the Azure portal and follow the instructions (see Choose Configuration Method).
  • Configure Using PowerShell: Click the button to open the Logging Configuration Script dialog, which includes a Kentik-generated script (see Generate PowerShell Script).
  • Validate: Click the button to begin validation of your flow log export configuration.
    Note: Validation may take up to an hour, during which time the Cloud’s status (e.g. on Clouds Page) will be indicated as “Pending” until Kentik Detect completes registration.
  • BGP Settings: If on, enables you to share with this cloud a BGP table from a physical device (e.g. edge router) in a hybrid deployment. Typically used only when your cloud resources function as an extension of your data center servers and all traffic to users is served via your physical infrastructure.
  • Master BGP Device (shown only if BGP Settings switch is on): The device whose BGP table will be shared with this cloud.
 

Add or Edit Cloud

Clouds are added and edited via the Cloud Admin Dialogs. The add/edit process is covered in the following sections:

 
top  |  section

Adding a Cloud

To add a new Cloud to Kentik Detect:

  1. Open the Admin page: click Admin on the main Kentik navbar.
  2. In the Add Data Sources pane, click the Add button corresponding to the cloud provider (e.g. AWS or GCP).
  3. In the resulting Add Cloud dialog, specify the values of the fields:
    - For fields that are common to clouds from all cloud providers, see Common Cloud Settings.
    - For provider-specific fields, find your provider in the topics listed under Cloud Admin Dialogs.
  4. Save the new Cloud by clicking the Add Cloud button (lower right).
 
top  |  section

Editing a Cloud

To edit the settings for an existing Cloud:

  1. Open the Clouds Page: click Admin on the main Kentik navbar, then in the Add Data Sources pane click See details about all registered clouds.
  2. In the Clouds List, click in the row corresponding to the Cloud that you’d like to edit, which will open the Cloud Details page for that Cloud.
  3. Use the Edit button on the Cloud Details page to open the Edit Cloud dialog.
  4. Edit the Cloud settings by changing any fields that you’d like to modify:
    - For fields that are common to clouds from all cloud providers, see Common Cloud Settings.
    - For provider-specific fields, find your provider in the topics listed under Cloud Admin Dialogs.
  5. To save changes, click the Save button (lower right).

Note: To remove the Cloud from your organization’s collection of Clouds, click Remove (lower left).

© 2014- Kentik
In this article:
×