Skip to main content

Cloud

Cloud Map navigation

This topic provides additional details about navigating the Map's Infrastructure View. For details specific to AKS, EKS, and GKE clusters, see Navigating AKS, EKS, and GKE clusters.

Interacting with Cloud Map

You have these ways to navigate the map:

  • Use the filters at the top of the page to locate and zoom in to specific areas or resources; see Filtering your map resources.

  • Click anywhere in the map to refocus the view to that level. For example, you have zoomed in to an object. Click outside the cloud groups to refocus on the full map.

  • Use the built-in map tools to zoom in:

    • Click the plus (+) for a group to expand it:

      cloud-map-zoom1.png

      To collapse a group so that you it's not expanded and you see the resources within it, click the minus (-) icon.

      cloud-map-zoom-out.png
      cloud-map-zoom-aws.png

    • Click the white space within a group to zoom in:

      cloud-map-zoom3.png

    • Use the map tools to more easily investigate the traffic and resources of most interest. For example, configure the view so that it's isolated to specific resources and relationships, such as only resources with a peered VPC/VNet. Or, use the map tools to zoom to the appropriate level for easier viewing.

      icon-cloud-map-config.png

      Map Configurations. See Configuring your View.

      icon-cloud-map-fit-view.png

      Zoom to fit entire map within view

      icon-cloud-map-zoom-in.png

      Zoom in

      icon-cloud-map-zoom-out.png

      Zoom out

Filtering your map resources

At the top of the page, the Map includes a Resource filter. To make it appear, click the magnifying glass icon:

map-mag-glass-icon.png

You can set one of several filters to show or hide different elements of your data and focus your Map on what is most important to you.

The Resource filter includes several options, including Cloud, Account ID, Region, Object Type, VPC/VNET ID, Subnet ID, Cloud Tags, and others.

By default, when you first open your Map, the Resource filter is empty. The Map displays groups for each of the clouds you have onboarded — AWS and Azure. Next, it displays the accounts you've onboarded from each of those public clouds.

When you are filtering for resources that support displaying traffic flows, the Map includes a traffic filter to help you narrow the traffic flows to display:

map-filter-feb-2025.png

Important

As you use the filters to manipulate the Map display and display details about accounts and the resources in them, a message may display saying that it can't display all the results for your query because your filter results would display more than 2,000 resources or more than 10,000 traffic flows. When this happens, refine your query so that it is more focused and returns fewer results.

See Limitations for Using Map.

When filtering by IP addresses, use CIDR blocks to include a range of IP addresses. For example, adding "/16" to an IP address will search for flows with IP addresses starting with the same first 16 bits as the specified IP address, such as 10.104.XXX.XXX. Similarly, adding "/24" or "/30" will search for flows with IP addresses starting with the same first 24 or 30 bits as the specified IP address, respectively. Note that the number after the slash specifies the prefix length.

Note

In GCP, under a network you have subnets. The subnet hierarchy is cloud > projects > global resources (like VPC) > region > regional resources. However, when there is no filter applied, the region is not rendered on the map. This means that all the regional resources are displayed rather than grouped by region. To display regional resources grouped by region, use a filter (such as cloud, account, or any feature).

When considering filtering, note that GCP virtual machines are zonal but display at the regional level. You can see the zone in the resource properties panel.

Note that if your GCP account is associated with multiple NICs under various subnets and VPCs, the map displays the instance and traffic at the region level instead of the project level. For easier navigation in GCP environments, Illumio recommends using filters on the map, such as filter cloud:gcp, and using additional filters as you navigate to narrow your view as needed.

Configuring your view

Click the Map Configurations button, which has the gear icon, to open the Map Configurations panel. Under the Resources & Relationships portion of the panel you will see checkboxes for showing relationships between specific types of resources. These are unchecked by default. If you check one or more of them, the map will stop displaying anything from your filtered results that does not correspond to checked boxes.

For example, if you check the box for Show peered VPC/VNet, all resources not associated with a peered VPC/VNet will be hidden, as seen in the following figure.

show-vpc-vnet-peering.png

Some things to remember:

  • The Map Configurations button will appear only when your filtered results contain items that have corresponding checkboxes in the Map Configurations panel

  • If you check one or more boxes in the panel, a numeral appears in the upper right-hand corner of the Map Configurations button to remind you that you have non-default view configurations in place

The panel has checkboxes for the following resources:

  • Peered VPCs/VNets

Display resource side panel

When you click a resource in the Map, it opens a right-side panel that displays the resource metadata. For example, you can click an EC2 instance to see summary information about the resource.

cloud-map-resource-side-panel.png

When you open a VM (Azure) or an EC2 instance (AWS) the right panel will include a Traffic tab. The Traffic tab displays when that resource is sending or receiving traffic. In the tab, you can view information for the flows, such as source and destination, label sets, port/protocol, associated security groups, packet counts, etc.

At this time, the Map only supports displaying traffic data for VM (Azure) and EC2 instance (AWS) resources. For resources that don't support displaying traffic flows, the panel includes a Summary tab only.

Map traffic lines

The Map includes solid traffic lines for resources that are sending and/or receiving traffic. Flows that are one direction are displayed with a single arrow line. Bidirectional flows have dual arrows.

cloud-map-traffic-links-in-map-colored.png

Orange lines indicate mixed state (both denied and allowed) traffic. Green lines indicate allowed traffic. Red lines indicate denied traffic. These traffic lines are displayed from the lowest level node selected. For example, you may have green lines between two regions, indicating that strictly regional traffic is enabled. However, if you drill down, you might see a pair of resources, one in each region, with mixed state traffic between them. Dotted lines indicate relationships rather than flows.

When you select a traffic line, a Traffic Details panel will open, showing flow status, source, destination, and the like. When you hover over a traffic line, the map shows an animation of the traffic flow for just that traffic line. Similarly, when you hover over a resource displaying a traffic line, the map refreshes with an animation of the traffic flow for just that resource. This animation isolates the traffic flow for only the resource of interest. Using hover is a good way to isolate a resource and see at a glance all the flows from that point of view coming from and going to that resource. To stop the animation, simply move your cursor to another part of the map.

cloud-map-traffic-links-in-map-moving.png