Cloud Performance Monitor

Kentik's Cloud Performance Monitor module is covered in the following topics:

• About Performance Monitor
• Performance Monitor UI
• Manage Agents Dialog
• Interconnects Tab
• Services Tab
• Conversations Tab

Note: For general information about monitoring your cloud resources with Kentik, start with Cloud Overview.

Cloud Performance Monitor uses AWS metadata to identify the elements of your AWS resources and enables cloud network engineers to easily view the critical cloud paths between AWS and on-prem infrastructure as well as to monitor the performance of those links. This module feature the following tabs:

• Interconnects: Visualize and monitor your Direct Connect and Site-to-Site VPN connections.
• Services: Manage synthetic testing of important AWS cloud services using flow data to guide you as you choose where to deploy synthetics agents and how to configure tests.
• Conversations: Discover important conversations between VPCs so that you can set up tests to continuously evaluate the health of the corresponding connections.

The Performance Monitor page includes the following main UI elements:

• Time Range: Choose the time range for which performance monitoring metrics and status will be displayed (see Time Range Control).
• Filter (Interconnects tab only): Match a service in the list by its associated AWS Account ID, Entity ID, CIDRs, or Tags. Click the field to enter the text to match. A drop-down will list the matches of each type.
• Agents counters: Indicators showing information about Kentik private synthetics agents (see Kentik Synthetics Agents) deployed on your organization's AWS VPCs. Kentik determines which VPCs are relevant to the current tab (VPCs with interconnects, VPCs using services, and VPCs involved in conversations), and the indicators provide a breakdown of those VPCs into unmonitored (no agent deployed), pending (agent deployed but not yet active), and fully installed.
  Note: On the Services Tab, the count shown in these counters depends on the services that have been selected for monitoring with the Configure Service Monitoring dialog.
• Manage Agents: A button that opens the Manage Agents Dialog.
• Performance Monitor tabs: Each tab covers a different aspect of performance in your AWS cloud resources. See Interconnects Tab, Services Tab, and Conversations Tab.

The Time Range control combines two functions:

• An indicator that displays the current time range covered by the timeline.
• A button that opens a popup that enables you to define the time range.

The popup includes the following controls:

• Time Range: Two fields that each show a date-time, one for the start of the range and the other for the end. The fields are populated by clicking on the lookback list or on the calendars.
• Apply: A button that applies the time range from the values in the start and end fields and hides the popup.
• Cancel: A button that closes the popup and leaves the time range as it was before the popup was opened.
• Lookback list: A list of durations. Click in the list to set the duration (shown in the time range fields above) for which the time range will look back from the present.
• Calendars: Side-by-side monthly calendars that show the time range (if it spans more than one day) and enable you to change the range (shown in the time range fields above) by clicking on a date. The start and end days of the time range are indicated in blue, and the intervening days are indicated in light gray. The calendar controls include forward and back buttons to change the displayed months as well as drop-down selectors for month and year.

The Manage Agents dialog enables you to manage the following aspects of ksynth private agents (see Kentik Synthetics Agents) deployed in your organization's AWS infrastructure:

• See which VPCs Kentik has identified as being relevant to the current tab of the Performance monitor.
• Deploy agents to monitor relevant VPCs.
• Configure agents that have been deployed.

The VPCs listed in the dialog vary depending on the current tab of the Performance Monitor:

• Interconnections: VPCs that are connecting to your on-premises infrastructure.
• Services: VPCs that are using AWS services (S3, EC2, etc.).
• Conversations: VPCs that are involved in VPC-to-VPC communication.

Note: The VPCs listed in this dialog are not affected by which services have been selected for monitoring with the Configure Service Monitoring dialog on the Services Tab.

The Manage Agents dialog consists of tabs that further break down the VPCs that are relevant to the current Performance Monitor tab:

• Unmonitored VPCs: A list of VPCs on which no agent has been installed. To deploy an agent on a VPC, click the Deploy Agent button, which opens the Agent Deployment Instructions dialog. The workflow for this dialog is the same as for Private Agent Setup.
• Pending Agents: A list of VPCs on which an agent has been installed but not yet activated.
• Private Agents: A list of VPCs on which an instance of the ksynth agent is currently monitoring performance. To edit properties of the agent, click the Configure Agent button, which opens the Configure Agent Dialog.

Note: A deployed agent can be uninstalled with the Remove button on the Agent Details sidebar in the Agent Management module of the portal's Synthetics section (see Details Sidebar UI).

The Interconnects tab is covered in the following topics:

• About the Interconnects Tab
• Using the Interconnects Tab

The Interconnects tab enables you to see the VPCs in your cloud resources and the paths that connect those resources to your on-prem infrastructure. Depending on how the connections to your VPCs are configured, this tab will show you either or both of the following:

• Site-to-Site VPN: Each VPN refers to a connection between a VPC and your own on-premises network.
• Direct Connect: Each Direct Connect is a dedicated network connection between your network and public AWS resources through a virtual private gateway.

Note: For diagrammed examples of the different types of connections supported by AWS, see https://docs.aws.amazon.com/vpn/latest/s2svpn/Examples.html.

The VPNs and direct connects on this tab are represented in separate areas of the main display area (VPNs above and Direct Connects below). The VPCs of each type, grouped by region, are shown on the left, with their path to an AWS customer gateway shown to the right (the customer gateway is an AWS resource that represents the customer gateway device in your on-premises network).

A legend at the upper right of the Interconnects tab explains the color of the links between the entities in the diagram:

• Dotted grey lines: Links from VPCs without active agents.
• Solid gray lines: Links from VPCs on which an agent is installed but for which a test has not yet been created (see Create Path Health Test).
• Solid colored lines: Links from VPCs for which a health test has been created. The color (green, orange, or red) depends on the health status (Healthy, Warning, Critical) determined by synthetic tests run from the agent (see Test Status Levels).

To create a health test for the path between a VPC and a customer gateway, an agent must already be installed on the VPC (see Manage Agents Dialog).

1. Click on any of the gray links between the entities on the path.
2. The link popup will open. Choose Create Test.
3. Testing will start. After about a minute the links in the path will be colored based on health status.

The Interconnects tab supports a number of actions that give you a clear picture of your connections to your cloud resources:

• For each region there is a View in Map link that will take you to that region in the Kentik Map.
• Hover over a VPC to see the path that the traffic takes to your on-prem infrastructure.
  
• Hover over a link between network elements in the path (e.g. gateways and connections) to see the upstream (left) and downstream (right) connections that make up the remainder of that path.
• Click on a network element to slide out a Details drawer from the right of the screen. A details drawer provides further information about the element in areas such as Traffic, Performance, and Route Table.
• Click on a link (segment of a path) to open a popup with information about the link. The type of line representing each link depends on whether the link is being monitored with performance testing:
  - Colored line: A green, orange, or red line indicates the health status of a tested link (see Test Status Levels). The popup will indicate the current status of the link for latency, packet loss, and jitter.
  - Dashed gray line: The path is not currently being monitored. The popup (see screenshot at right) includes a Deploy Agent link, which opens the Deploy an Agent dialog so you can begin testing the link.
  
• In a link popup:
  - Click Show Details to slide out a Details drawer from the right of the screen. The drawer contains details about the link in areas such as Traffic and Performance. These details parallel those shown in the details drawer on the Kentik Map (see Kentik Map Details).
  - Click Create Test to activate health testing on the path that includes this link (see Create Path Health Test).

The Services tab of the performance monitor is covered in the following topics:

• About Service Monitoring
• Service Monitoring UI
• Services List
• Configure Service Monitoring

The Services tab of the Performance Monitor helps you manage synthetic testing of important AWS cloud services (S3, EC2, etc.) to evaluate their performance. Using flow data gathered by monitoring your cloud resources we can identify your utilization of various services based on IP address, either public or private (VPC endpoints that expose public AWS services). We then use this information to guide you as you determine the resources on which to test performance. We also make it easy to deploy agents to those resources.

The Services tab includes the following main UI elements:

• Filter field: Enter text to narrow the Services List to services in which the text matches values one of the following fields in the list's cards and tables: Service name, Region, Connection Type, HTTP status, HTTP Latency.
• Update tests: Click to have Kentik automatically configure appropriate synthetic tests to the services that you've chosen to check (see Configure Service Monitoring) and Kentik has discovered that you use.
  Note: This button is only active if agent deployment has changed since the last time tests were updated (see Manage Agents Dialog).
• Test coverage: An indicator stating (a) as a percent of (b):
  (a) the number of VPCs with agents that are active and configured to run tests;
  (b) the count of your organization's AWS VPCs that Kentik has "discovered" as using any AWS services.
• Settings (gear icon): A button that opens the Configure Service Monitoring dialog, where you can include or exclude any discovered service from being tested.
  Note: Changing the services that are monitored will change the counts shown in the agents counters at the upper right when you're on the Services tab of the Performance Monitor page.
• Services list: A list of the AWS services used by your organization (see Services List).

The Services list is a set of cards that each provide information about your organization's usage of one AWS service (e.g. S3, EC2, etc.). Each card includes the following UI elements:

• Service name: The name of the monitored AWS service (CloudFront, EC2, S3, Global Accelerator, etc.).
• VPC counts: The number of VPCs using the service via public and private connections.
• From service: Traffic volume in bps from the service to the monitored VPCs.
• To service: Traffic volume in bps to the service from the monitored VPCs.
• Actions menu (vertical ellipsis):
  - View in Data Explorer: Opens (in a new tab) Data Explorer, with the Query sidebar set to show the AWS traffic for this service.
• VPCs table: A list of VPCs using the service, grouped by region; see Service VPCs Table.

Note: If the health status of any of a service's regions or VPCs is Warning or Critical then the card for that service will be outlined in red.

The card for each service in the Services list includes a table in which traffic related to the service is broken down into VPCs grouped by region, each of which is represented in a heading row. This table includes the following columns:

• Expand/collapse: An arrow that you click on to expand or collapse the VPC rows for a region.
• Region:
  - Region rows: The name of the region, with the number of VPCs given in parentheses.
  - VPC rows: The name and ID of the VPC.
• Connection Type: Public or private.
• From Kbits/s: Bitrate of traffic from the service to the region or individual VPC.
• To Kbits/s: Bitrate of traffic to the service from the region or individual VPC.
• Status Code (only if an agent is activated in the region/VPC): The HTTP Return Code returned by AWS from requests to the monitored region/VPC.
• Avg HTTP Latency (only if an agent is activated in the region/VPC): The average time, for HTTP requests made during the current time range, from making the request to receiving the last byte of the response.
• Actions menu (vertical ellipsis):
  - Synthetics (only if an agent is activated in the region/VPC): Configure Test (region only) takes you to the Test Settings Page for the synthetics test in this region that has been activated via the Update Tests button, while View Test Results takes you to the Test Details Page for that test.
  - Open Quick-view: Opens (in a new tab) the Network Explorer details page for this region/VPC in Kentik's Core module (see Core Details Page).
  - View in Kentik Map: Opens (in a new tab) the AWS Topology page in Kentik Map.
  - View in Data Explorer: Opens (in a new tab) Data Explorer, with the Query sidebar set to show the traffic for this region/VPC.
  - Copy to Clipboard: Copies the region name or VPC ID to the clipboard.

The Configure Service Monitoring dialog, which opens from the Settings button (gear icon), lets you choose the AWS services for which you'd like to enable performance monitoring via synthetics testing. The dialog is structured as two columns:

• Available Services: A list of AWS services that Kentik has discovered are used by your AWS resources. Use the Search field to filter the list to services whose name matches entered text.
• Selected Services: A list of the services that have been chosen from the Available Services list. An X at the right of each service enables you to deselect that service.

To use the dialog:

• To select all discovered services, click All Services in the Available Services list.
• To select individual services
  - In the Selected Services list, deselect All Services.
  - In the Available Services list, click each individual service that you'd like to select.

The Conversations tab shows a series of panes that each represent a region in a cloud provider. If Kentik has detected VPC-to-VPC communication within a given region then each such conversation will be represented on the card with a cell (square).

The color of the each cell indicates its status regarding synthetic testing:

• Agents deployed (green): The performance of the VPC-to-VPC conversation represented by the cell is being monitored with synthetic tests, and no issues are reported.
• Agents with issues (orange): The agents monitoring the performance of this conversation are reporting issues.
• No agents deployed (gray to black): The conversation is not being monitored by any agents. The gray becomes darker as the combined traffic volume in both directions approaches the capacity of the region.

The following actions reveal further information about a conversation:

• Hovering on a cell opens a popup showing status and traffic in each direction of the conversation.
• Clicking a cell opens a popup containing the following options:
  - Show Details: Opens a Details drawer from the right of the screen. The drawer contains details about the conversation in areas such as Traffic and Performance. These details parallel those shown in the details drawer on the Kentik Map (see Kentik Map Details).
  - Create Test: Activates synthetic testing on the path between the VPCs in the conversation.