When an alert is raised, it can be sent via notification channels including Email, Slack, PagerDuty and more. We now embed the “Dashboard” and “Data Explorer” links that are associated with that alarm in the Alerting Email Notification as shown below.

This allows the user to quickly jump to the appropriate view and reduce problem resolution times, rather than manually pulling up the needed reports. Dashboard and view links will soon be integrated into other alerting channels as well.

Differentiated services or DiffServ is a simple and scalable mechanism for classifying and managing network traffic and providing quality of service (QoS) on IP networks. DiffServ can be used to ensure performance for applications that require low-latency such as voice or streaming media, while providing simple best-effort service to non-critical services such as web traffic or file transfers.

Kentik now supports two dimensions for QoS attributes, “ToS” and “DSCP”.

For complete IP and BGP Routing Dimension support information, please see the IP and BGP Routing Dimension reference topic in the Knowledge Base.

Labeling network traffic with application names provides a way to contextualize network insights with application and security and security metadata which is a huge value for Ops teams. Kentik now supports Custom Application labels as well as an “Application” Dimension to standardize support for application names and labeling.

Custom Applications

Custom Applications provide the ability for customers to define their own custom application names based on combinations of Protocol, Port, IP Address, and ASN. The “Custom Applications” configuration options are found in the Admin >> Enrich Your Data menu.

The example below shows how you can define Google Hangouts as an application using Protocol/Port Number/ASN matching criteria.

The “Application” Dimension

We’ve also added an “Application” dimension in the “Application Context & Security” Group:

In the example below, you can see application names associated with various traffic sources. Built-in application names include:

• Well-known service names
• OTT applications
• Cisco NBAR and other vendor-specific applications (e.g., Palo Alto FW APP ID, Silver Peak, Gigamon, and more coming soon)
• Custom Applications you’ve defined (as described above)

For more on Custom Applications and the Application Dimension, refer to the Custom Application topic in our Knowledge Base.

We have implemented a significant improvement in our data ingest layer that dramatically increases the flow volume that Kentik can accept from each source. This is a milestone achievement that provides the ability for Kentik to receive and store every single flow record without sampling.

Our capability to consume high volumes of unsampled flow is critical for many security and forensic use cases, application dependency and visibility use cases, and corporate network end-to-end use cases.

For more information on high volume flow source options and pricing, contact our Customer Success Team.

In the last couple of months, we announced VRF Support Phase 1 and Phase 2.

• Phase 1 enabled VRF awareness for Cisco L3VPN, Cisco VRF-lite, and Juniper L3VPN. There are eight new dimensions associated with phase 1 VRF support: source and destination VRF Name, VRF Route Distinguisher, VRF Route Target, and VRF Extended Route Distinguisher.
• Phase 2: Enabled VRF dimensions in alerting policies, and an API for managing VRF attributes.

Now in Phase 3, we’ve added a new capability that really sets Kentik apart: per-VRF correlation of traffic with BGP routing data. This gives customers complete visibility into end-to-end traffic flows across L3VPN topologies, including BGP paths and Ultimate Exit attributes.

A quick recap on Kentik’s patented Ultimate Exit technology: Ultimate Exit enables end-to-end network visibility by tagging traffic at the point of ingress with egress attributes like Site, Device, Interface and more. This enables engineering, architecture and product teams to cut costs (e.g., peering) and to more accurately estimate the cost of carrying any set of traffic for any given customer. For more information about Ultimate Exit, please refer to this blog post, or the Using Ultimate Exit topic in Kentik Knowledge Base.

Examples of VRF Support

The following examples show how traffic in the VRF named “acme” enters and exits the network. VRF dimensions can be combined with any other dimension to uncover additional detail.

For more VRF visibility support information, please see VRF Dimensions in the Knowledge Base, or contact our Customer Success team.

Kentik is on the fast track to expand cloud visibility for both on-prem infrastructure and public clouds. After completing integrations with Google Cloud Platform and Amazon Web Services VPC Flow Logs last year, Kentik now also turns Azure NSG Flow Logs into powerful real-time traffic insights. For more detail, read our new Solution Brief about Azure NSG Flow Logs for Kentik.

Azure NSG Flow Logs allow you to get information about ingress and egress IP traffic through a Network Security Group (NSG) on a per-rule basis. The onboarding workflow is straightforward—to export Azure NSG Flow Logs to the Kentik platform, just follow these seven steps:

1. Gather Azure Information: This might include Azure Role, Azure Subscription ID, Resource Group and Location from your Azure instance. The main goal is to make sure that you have the essential information handy and have the right permissions granted for the exporting.
2. Add Azure Cloud in Kentik and Complete the Settings for Azure Flow Log Export:

• Authorize Access to Azure: Enter the Subscription ID of the Azure instance from which Kentik’s NSG Flow Exporter application will export flow logs and authorize access for the app.
• Specify Azure Resources: Enter the Resource Group Name and Location, as well as the Storage Account where flow logs will be generated.
• Configure Flow Log Export to export flow logs to a Storage Account from the specified Resource Group and Location. (Kentik auto-generates a script for this.)
• Validate the Configuration.

For detailed configuration information, please see the Kentik for Azure topic in the Kentik Knowledge Base.

With the integration of all three major public clouds (GCP, AWS, Azure), you can now have a single-pane view of traffic that flows in/out of each cloud platform. The following example shows an egress traffic overview for all the clouds in one graph so you can see your business footprint for each cloud and compare.

The My Kentik Portal is a built-in feature of the Kentik platform that enables curated, self-service network traffic visibility for downstream customers (learn more in the My Kentik Solution Brief).

To enhance the experience of creating tenants in a scalable way, Kentik now allows you to group views and alert policies into a template which can be assigned to tenants. For example, you could build a set of tenant settings that are then applied to multiple, similar tenants while still being able to add individual settings that are specific to each tenant.

From the Admin > Customize menu, choose My Kentik Portal. Here you will find the Templates UI on the right. It lists all existing Templates with an Add Template option to create a new one.

Once you’ve added a template, you can then apply it as new Tenants are created:

For more information, see the Tenant Templates topic in the Knowledge Base, or contact our Customer Success Team.

The benefits of Universal Data Records aren’t limited just to troubleshooting and analytics. UDR also enables us to expand the range of conditions for which our alerting system can generate alarms and trigger mitigations.

As explained below, UDR dimensions and metrics are now supported when defining the data that will be evaluated by an alert policy, which is done in the Data Funneling pane of the Alert Policy dialog (Add or Edit).

• Dimensions: The key for a given policy (see About Keys) is set with the Dimensions selector. The selector now includes all of the dimensions that are supported via UDR, including dimensions for Cisco ASA, Palo Alto Networks firewalls, Silver Peak appliances, and Istio.

• Filters: UDR dimensions are now supported as well for the filters that are set with the Filters selector.

• Metrics: We now support UDR metrics, such as Initiator Bytes and Responder Bytes for Cisco ASA, when specifying primary and secondary metrics.

As you can see, UDR-enabled dimensions and metrics take Kentik to a new level in terms of being able to address the intricacies of your own particular network, and this capability is even more powerful now that it’s supported by our alerting system. For help with taking advantage of the device-specific dimensions made possible by UDR, please contact our Customer Success team.

A couple of months ago we announced our new Universal Data Records (UDR) architecture, which enables the Kentik Data Engine (our distributed big data backend) to flexibly allocate columns to the flow fields of diverse devices. We then announced three integrations based on UDR, one for Palo Alto Networks firewalls, one for Cisco Adaptive Security Appliances (ASA), and one for Istio service mesh (Beta). We’ve now added another new integration, this time for Silver Peak appliances running Virtual Acceleration Open Architecture (VXOA version 8.1.8 or higher).

These appliances analyze packets as traffic flows through, identify the application with which each packet is associated, and prioritize routing by applying application-specific rules. Our new integration will enable you to filter or group-by in Kentik Detect using the application names identified by Silver Peak and stored in KDE flow records.

If you have a Silver Peak appliance, here’s a quick look at how to use information from it in Kentik Detect:

• Step 1: From the Kentik portal’s Admin » Devices page, use the Add Device button at upper right to open the Add Device dialog, then add a new Silver Peak device. The Type field on the General tab should be set to Silver Peak VXOA.

• Step 2: In the Data Explorer sidebar, click in the Devices pane to open the Devices dialog (see Device Selector with Sidebar). In the Types list on the dialog’s sidebar, click Silver Peak VXOA to include the new device in the set of queried devices, then click Save to close the dialog.

• Step 3: Back in the main Data Explorer window, click Group by Dimensions in the sidebar’s Query pane to open the dimension selector. Now that a Silver Peak device is included in the selected devices, you’ll be able to choose a dimension from the Silver Peak VXOA section. To date the only available Silver Peak dimension is Application Name, which enables you to better understand the applications generating the traffic that flows through your Silver Peak appliances. Note that at this point this dimension would also be available for use in the Filtering pane.

• Step 4: The Application Name dimension can now be used in a query to correlate network traffic with specific applications. The sample Sankey diagram below, for example, shows traffic destined for applications such as Gmail, YouTube, and Splunk exiting via two Silver Peak devices (silverpeak_sf and silverpeak_hnl) to service providers Zayo and HNTEL.

For information or assistance with using Silver Peak dimensions, please contact our Customer Success team.

With Single Sign-On (SSO), a user can log in with a single ID and password to gain access to any of several related systems. It’s a convenient, centralized way to manage security and access control to applications. For the last couple of years we’ve supported SSO access to customer accounts on the main Kentik portal. Now we also allow Kentik customers to enable SSO for their My Kentik Portal tenants.

Customers who use this new feature will provision tenants on their existing SSO platform, so tenants will be authenticated at login using SSO instead of local user credentials. To configure tenant SSO, you’ll have to have an existing identity provider account or in-house identity management system (see SSO Config Prerequisites), and also be a Super Admin for your organization (see About Super Admin Users).

Tenant SSO is activated in the Kentik Detect portal on the Admin » My Kentik Portal page. At the bottom of the My Kentik Portal Settings pane (below the Save button) you’ll see the “info” notice shown below. Click the My Kentik Portal Single Sign-on Settings link.

In the resulting My Kentik Portal Single Sign-on page (shown below) fill in the fields as described in the KB topic Tenant SSO Settings.

For assistance with getting SSO correctly configured for your tenants (or your own organization), please contact our Customer Success team.