Map
This topic describes the purpose of the Illumio Map page, found in the left navigation menu. Use the Map to visualize workloads that form logical groups (based on labels attached to workloads) and to better understand the traffic flows between workloads. For reading and filtering the map, see Reading and Filtering the Map.
-
You can hover your mouse over a cloud item, such as a region. Illumio will display information about it such as the number of resources and applications. Right-click items to see additional details.
-
Left-click items to write policy for them. See Writing Organization Policy.
Grouping in the Map
Groups in the Map represent a collection of workloads or services that communicate with each other and for which you can write rules. Groups are displayed in the Map after you pair workloads.
The Map displays three different types of groups: a group based on a single label, an app group, or a common set of labels.
Once you pair VENs to create workloads or connect to cloud accounts to get the cloud resources and traffic logs, PCE analyzes the workload data and the traffic data. Based on the traffic flows among your workloads, the Map organizes them into groups. A group could represent an instance of an application running in your data center, such as an HRM application running in the Test environment in your North America data center, or a Web store in Production with its web workloads hosted in AWS and its databases hosted in your private data center.
The Map lets you group by labels, locations, app groups, etc. It also lets you split the view when in Map view mode by selecting items on the Map.
Configurable Grouping
The Group by menu allows you to specify different levels of grouping, such as grouping by types of labels and their order. You might want to group by OS and then by environment. If you do not specify a particular grouping, Illumio groups workflows that have the same set of labels. You can change your default grouping through the Group by menu.
For optimal scale and performance, if there are two connections with the same source workload, destination workload, destination port, and protocol but the process or service names are different, the two connections are combined in the Map. The process or service name that was part of the most recently reported connection is displayed.
Tips for Grouping in Your Map
- Each group is a label set. Every workload which has the same set of labels is grouped into one of those label-sets.
-
Mousing over a group in the Map displays a pop-up dialog box with the list of labels and the number of workloads using the labels.
- In the Group by drop-down list, you can drag and drop labels in the list to re-order how the Map displays groups. Labels at the top of the list control the prominence of those groups in the Map.
- The UI displays the groups in your Map using the colors you've selected for your labels. Use these colors to help orient yourself on the Map.
Map Layout Options
You can choose how the UI displays the Map:
Not every layout choice is good for your Map data. See the descriptions of each layout in the Layout menu.
For example, the Organic Layout option attempts to organize groups so that the workloads that are connected are grouped together and displays less cross traffic. Workloads that are communicating are grouped together on one side of the Map and the traffic links aren't crossing as much.
The Tiered Layout option provides a sense of traffic flow from top to bottom. The Tiered Layout option is better for smaller data sets than larger ones.
Panels in the Map
Use the drop-down selector above the panel to switch between the Policy Data and Vulnerability Data modes.
When you click an object in the Map, a side panel opens on the right that contains a number of tabs.
Summary Tab
The Summary tab displays information about the selected object. To view the Summary tab, click an item on the Map. The information displayed depends on the type of object you clicked and how deeply you've drilled into the object. For example, when you click a group in the Map, the Summary tab displays the labels in use, the number of workloads and virtual services, and the enforcement level. In general, the deeper you drill into an object, the more detailed information that is displayed in the side panel.
Traffic Tab
The Traffic tab is a summary version of the main Traffic table and filtered by what you've selected in the Map. The Traffic tab appears regardless of what you select in the Map: group types, workloads, IP lists, private addresses, public addresses, or links. By default, the Traffic tab displays the following columns.
- Policy Decisions (reported and draft)
- Source Labels
- Destination Labels
- Destination Port Processes
You can add additional columns by selecting options from the Customize columns drop-down list:
- Source Port/Process User
- First Detected
- Flows/Bytes
- Last detected
Workloads Tab
The Workloads tab displays a list of all workloads in the selected group and the following information for each workload:
- Connectivity
- Enforcement
- Visibility
- Name
- Policy Sync status
- Ransomware Exposure
- Protection Coverage Score
- Labels
- When the policy was last applied
As you drill in and out of the groups in the Map, the Workloads tab adjusts to show the workloads in the super set group.
Virtual Services Tab
The Virtual Services tab displays a list of all Virtual Services in the selected group. A drop-down selector allows you to filter the list by Virtual Services with Traffic or All Group Virtual Services. The list provides following information for each virtual service:
-
Name
-
Provision Status
-
Service/Ports
-
Addresses
-
Labels
-
Workloads / Container Workloads
-
Description
You can add or remove columns by using the Customize columns drop-down list.