The Hybrid Cloud observability feature set in Kentik Portal makes a big leap forward these June and July months, with a special focus on Amazon Web Services features, read on !

AWS Entity Explorer

A quiet but mighty addition to our product, the AWS Entity Explorer puts important network metadata at our user’s fingertips. You might not know it, but the details that dictate how cloud networks behave are buried behind APIs or inside cloud interfaces — which were built for automated consumption — and certainly not for solving problems for network engineers. With this new feature, engineers can answer questions like “What VPC is this internet gateway associated with?”

Features include:

• Instantly find any network element using our quick search utility. Search on owner IDs, entity IDs, tags, and names.
• Jump from gateways to attached VPCs to quickly navigate around complex metadata.
• Our new “Open in Map” feature allows users to quickly locate and understand how infrastructure is placed within their environment.
• Open cloud networks elements in Quick Views and Data Explorer.

Support for Peered Transit Gateway Traffic Queries

The Transit Gateway in AWS continues to stymie network engineers trying to get a handle on how their traffic is routed within their AWS cloud network. Our original implementation of TGW support only looked at traffic that had originated on a directly-attached VPC. However, Transit Gateways can be peered with each other — meaning that a single Transit Gateway can actually be forwarding traffic to or from an adjacent Transit Gateway. Being that we are awesome, and because we are the only network observability company with a solution to monitor traffic through Transit Gateways, we solved this problem by writing an algorithm that discovers peered Transit Gateways — so you can always see the correct amount of traffic flowing to or though your TGWs.

AWS “Show Path” Feature

A truly kick-ass, differentiating feature for Kentik Cloud. Understanding how traffic flows from one VPC to another over a cloud network is truly a painful experience — one that has network engineers switching back and forth between their command lines and the AWS console for minutes before arriving at a simple answer. The AWS Show Path feature eliminates this pain and replaces it with an intuitive, complete and beautiful way to see paths between sources and destinations in the cloud.

Show Path works across peering connections, transit gateways, over direct-connects and site-to-site VPNs and also works locally, within a VPC. The feature elegantly handles default and covering routes by suggesting specific routes from adjacent devices ensuring that the path drawn is as complete as possible.

AWS Configuration Status

One thing that has become clear over the last few months is that we need to continue to strengthen our ability to quickly and easily onboard AWS flow logs and metadata. However, with the multitude of architectures we support and data + flow logs coming in from tens or sometimes hundreds of different sources per customer, we never had a way to concisely convey the health of a customer’s Kentik implementation… until today.

The AWS Configuration Status page aims to make this easier by helping users get an at-a-glance overview of how complete (or incomplete) a customer’s AWS/Kentik configuration is. For each region that a customer has configured an export for, we extract the account ID, and display a high-level overview of the API and Flow status. Clicking on a row allows customers to get more details such as a listing of exactly which APIs our system requires and a success state for each. Warning messages are detailed and complete on the mouseover. Below the APIs, we enumerate the flow logs configured for each entity within a given account/region and flag any accounts that don’t appear to have flow logs configured such that Kentik could ingest them.

Search Feature for Kentik Map + Performance Monitor

Building a map for large customers with hundreds or thousands of accounts is definitely possible, but doesn’t always result in the most useful of visualizations. That’s why we added a search and filtering feature to both the Kentik Map and the Performance Monitor. This feature allows users to quickly find ‘needle in the haystack’ entities like VPCs, subnets, and gateways. Our search intelligently recognizes the format of each search string entered and builds a complex search query that can be saved for quick reuse.

Support for External ID

At the request of one of our customers, we’ve added support for External IDs in the API and S3 calls that we initiate to AWS. External ID helps protect our customers from “Confused Deputy” attacks that could allow our service to be abused by malicious 3rd parties to attack our customers. (We don’t believe that the access we request could ever be used in such a way, but better safe than sorry!) As this feature has become more front-and-center in AWS’ role configuration dialogs, we are glad to support this enhancement. The feature now injects a unique string per customer with each request that we send to AWS. This string is set to be the Kentik customer CID.