Copilot Overview

CoPilot leverages the intelligence, advanced network, and security services delivered by Aviatrix’s multi-cloud network platform to provide enterprise cloud network operations teams both familiar day-two operational features such as packet capture, trace route and ping and new operational capabilities specifically built for multi-cloud network environments.

I’m not going to cover the deployment but if needed it can be found here:

https://community.aviatrix.com/t/q6hzza1/deploy-configure-and-experience-aviatrix-copilot

CoPilot is a platform where multiple application or day 2 “must have” features can be added. Currently, the following features are provided:

• Dashboard
• Topology
• FlowIQ
• Performance
• Cloud Routes
• Notifications
• AppIQ
• Security
• ThreatIQ
• Anomalies
• Reports

I’m going to unpack CoPilot running version 1.8.2 in the sections below.

Dashboard

Overview

The dashboard overview provides a cloud inventory of all resources across all regions and currently supported (Alibaba, AWS, Azure, GCP, OCI) cloud service providers (CSP). Besides the inventory, the dashboard overview provides the status of those resources inside “chips”:

You can click in a chip to check the status of those resources.

Traffic

It provides the total amount of traffic across all regions and clouds for the last 24 hours in 5 minutes increments:

Topology

Network Graph

The CoPilot automatically draws a map based on the information retrieved from the Controller:

Objects on the topology maps support drag and drop. You can click, drag and drop resources to reorganize the objects.

Clicking on a connecting line shows the status of those connections:

The green line means the connection is healthy, real time latency is displayed, and on the right a new panel displays the latency overtime.

The Aviatrix gateways running in your multi-cloud network enable you to run diagnostics from them directly from Topology. Performing diagnostics from Topology can dramatically reduce the time spent troubleshooting issues:

Latency Monitor

The Latency Monitor reports the latency between gateways:

Topology Replay

Topology Replay shows when route, credential, and other metrics in your cloud network constructs changed:

FlowIQ

FlowIQ provides visualization of traffic flows that is moving across any gateway managed by the Aviatrix Controller in the Aviatrix transit network (multi-cloud or single cloud network):

FlowIQ has 5 tabs: overview, trends, geolocation, flows, and records:

Filters can be grouped creating “AND” and “OR” logical operators

• Trends:

• Geolocation:

• Flows:

Records:

From the records tab one can export flows of interest.

Performance (Telemetry)

In Performance, CoPilot displays the resource utilization (telemetry) data for all managed resources across your Aviatrix transit network (multi-cloud and single cloud):

When choosing multiple resources, CoPilot displays the telemetry data for those resources in a comparative graph.

The telemetry data CoPilot displays for managed resources includes:

• Free memory
• CPU utilization
• Disk free
• Rx rate of the interface
• Tx rate of the interface
• Rx Tx rate combined of the interfaces

Cloud Routes

Cloud Routes is a central point of routing information visualization for managed resources spanning your Aviatrix transit network, including resources across clouds (multi-cloud) and on-prem (for Site 2 Cloud connections):

Notification

In Notifications, you can configure alerts so that you can be notified about changes in your Aviatrix transit network.

CoPilot supports Webhook alerts. You can send a Webhook to any system that can take an HTTPS callback. A single alert can notify multiple systems/people.

You can pause alerts. For example, if you are going to perform maintenance tasks on the network that you know will trigger pre-configured alerts, you can pause the alerts temporarily and unpause them when the maintenance is complete.

The alerts can be based on common telemetry data monitored in the network.

The full list of metrics can be found at: https://docs.aviatrix.com/HowTos/copilot_reference_guide.html#metrics-used-for-triggering-notifications

AppIQ

AppIQ creates a comprehensive report of latency, traffic, and performance monitoring data between any two cloud instances connected via your Aviatrix transit network:

Once source, destination, protocol, and interface are selected, it takes a few seconds to CoPilot to compile and display the information:

The report can also be saved as pdf (right top corner button). The report generated above can be found here.

Security

CoPilot uses visual elements to demonstrate the segments in your Aviatrix transit network that can and cannot communicate with each other. The segments are enabled by way of security domains and their ability to communicate with each other is dictated by security domain policies.

Security domains and set security domain policies are enabled in Aviatrix Controller.

Domain Segmentation

CoPilot shows the logical and physical view of the domain segments and their connection relationships.

Egress

Egress display stats from the egress gateways:

Audit

Audit provides a single location to work with events from a multi cloud environment. Filters are provided to pick up the desired actions:

ThreatIQ

ThreatIQ enables you to monitor for security threats in your Aviatrix cloud network, set alerts when threats are detected in the network traffic flows, and block traffic that is associated with threats.

ThreatIQ provides visibility into known malicious threats that have attempted to communicate to your cloud network. Aviatrix Cloud Network Platform communicates with a well known threat-IP source (proofpoint) to stay abreast of malicious sites or IP addresses known to be bad actors (threat IPs). Netflow data is sent to CoPilot from Aviatrix Gateways in real time and CoPilot analyzes the traffic and compares it with a database of known malicious hosts to quickly detect traffic from threat IPs.

ThreatGuard enables you to take actions on those threats:

• Alerts
• Block threat-IP traffic: To block threat-IP traffic, alerts must first be enabled. When blocking is enabled, the Controller upon first detecting a threat IP in a traffic flow, instantiates security rules (stateful firewall rules) on all gateways that are within that flow (all gateways within the VPC/VNET/VCN) to immediately block the threat-IP associated traffic.

Anomaly Detection

Anomaly detection is the identification of unexpected events, observations, or items that differ significantly from the norm. Typically, anomalous data is linked to some sort of problem or rare event such as hacking, bank fraud, malfunctioning equipment, structural defects / infrastructure failures, or textual errors. For this reason, identifying actual anomalies rather than false positives or data noise is essential from a business perspective.

Before enabling detection, first the selected virtual networks need to stay in learning mode for at least 2 weeks.

The sensitivity fines tune CoPilot anomaly detection algorithm to fit a deployment needs.

The anomalies detected at this time are:

• ingress ports
• egress ports
• ingress IPs
• egress IPs
• ingress Bytes
• egress Bytes
• total Bytes
• total packets

Reports

In Reports, one can create detailed reports showing the inventory of managed resources (resources managed by Aviatrix Controller) in a single cloud or across all clouds in your multi-cloud network and their utilization

• Create reports for aggregated gateway system and network metric data within a given time frame. The first step is to select a time range for the utilization report:

System and Network metrics can be selected for a granular report:

Once the report is generated, it can be downloaded in pdf format. An example can be download from here.

• Generate inventory report for managed resources:

An Aviatrix Inventory Report example can be found here: https://lab-test-aviatrix-docs-public.s3.amazonaws.com/avx_inventory_report.pdf.

References

https://community.aviatrix.com/t/q6hzza1/deploy-configure-and-experience-aviatrix-copilot