Licensing and Usage for Illumio Insights
Illumio Insights license usage is measured using the number of Insights Workloads (IWL). IWLs are calculated based on the number and type of resources in your environment that are processed by Insights.
Each resource is mapped to an Illumio Resource Type and grouped using the following categories:
Cloud Resources
Data Center Resources
Endpoint Resources
Cloud Resources
Illumio Insights uses 11 resource types to categorize cloud resources. Each resource type groups similar services from various Cloud Service Providers (CSPs). As each CSP follows its own naming conventions, this table shows how their resource collections match up with Illumio’s resource types for Insights.
Illumio Resource Types | AWS | Azure | GCP |
|---|---|---|---|
Cloud virtual machine | EC2 Instances, Snapshots, Spot Instance Requests, etc. | Virtual Machines, Scale Sets, etc. | Compute Instances, Node Groups, Instance Groups, Instance Templates, etc. |
Cloud container | EC Instances running Containers, EKS Cluster, EKS Nodegroup, ECS Container Instance, ECS Cluster, etc. | VMs running Containers, Managed Clusters (AKS), Container Groups, Container Registry, etc. | Compute Instance running Containers, Container Node pools, Container Clusters, etc. |
Cloud database | Memory DB Cluster, RDS DB Cluster and DB Instance, ElastiCache Cluster, Redshift Cluster, Doc DB Cluster and DB, Dynamo DB Table, etc. | SQL Servers and Managed Instances, Mongo Clusters and databases, DatabaseAccounts/databases/tables, PostgresQL servers and databases gremlin Databases, cassandraKeyspaces, Redis, etc. | SQL Instances, SQL databases, etc. |
Cloud storage | S3 Buckets, Bucket Policy, Glacier Vault, EC2 Volume, etc. | StorageAccounts, etc. | Storage Buckets, Disks, etc. |
Cloud firewall | Azure Firewalls | ||
Serverless function | Lambda Functions | Sites, Functions | |
Network security and management | Security Groups, Keys, Network ACL, User, Account, Subnets, Network Interfaces, EIP, VPC Peering etc. | Network Security Groups, Firewall Policies and RuleCollectionGroups, Application Security Groups, KeyVaults, Subnets, Network Interfaces, IP Configurations and Addresses, Connections, Network Peerings, KeyVault, etc. | Firewall (rules), Subnetwork, Network Attachment, Network Endpoint Group, etc. |
Network routing and resource management | Nat/Transit/VPN/Internet Gateways, RouteTables, LoadBalancers, Connections, VPC Attachment, etc, | Nat/Transit/VPN/Internet/App Gateways, RouteTables, LoadBalancers, Network Connections, Resource Groups, etc | VPN Gateways and Tunnel, Proxys, URL Map, Routers, Routes, Interconnect, FirewallPolicy, Rules, Backend Service, Address, etc. |
Virtual network | VPC | Virtual Networks | Network |
Infrastructure management | ResourceShare, CodeDeploy, Flow Logs, etc. | Subscription, Batch Accounts, Certificates, Network Watchers and Flow Logs, Diagnostic Settings, App Config Stores etc. | Pubsub Topic, Subscription, Schema, Batch Job, Logging, etc. |
Private endpoint | VPC Endpoint | Private Endpoints |
Determining Insights Resource Count
To estimate resource count by resource type in your environment, run the resource count script provided by your technical contact at Illumio. If you have onboarded your cloud subscription to Insights, you can view the actual resource count under the Usage menu (Usage > Illumio Insights tab > Usage Details).
Daily, Weekly, and Monthly Averages
Cloud resource counts are conducted every hour.
To calculate daily usage, the average of the hourly counts over the past 24 hours is used. The monthly average resource count is then calculated by averaging the daily usage values across all days in the month.
Since cloud resources can scale up or down throughout the day, using averages helps mitigate short-term usage spikes and reduces the risk of overage charges.
Converting Resource Count to Insights Workloads
After you have determined the number of resources for each resource type in your environment, calculate the Insights Workloads (IWL) using the following conversion ratios:
Illumio Resource types | Conversion Ratio |
|---|---|
Cloud Virtual Machine | 1 RESOURCE = 1 IWL |
Cloud Container | 1 RESOURCE = 2 IWLs |
Cloud Database | 1 RESOURCE = 1 IWL |
Cloud Storage | 10 RESOURCES = 1 IWL |
Cloud Firewall | 1 FIREWALL = 100 IWLs |
Serverless Function | 50 FUNCTIONS = 1 IWL |
Network Security and Management | 10 RESOURCES = 1 IWL |
Network Routing and Resource Management | 1 RESOURCE = 10 IWLs |
Virtual Network | 1 NETWORK = 1 IWL |
Infrastructure Management | 10 RESOURCES = 1 IWL |
Private Endpoint | 20 ENDPOINTS = 1 IWL |
Additional Data Processing * | 25 MB = 1 IWL |
Note
* Each Insight Workload (IWL) includes 25MB of data processing per day. Exceeding this allowance is rare for typical workloads. If your usage exceeds the allowance, you can purchase additional IWLs for additional data processing.
Sample Calculation for Insights
Consider an environment with the following number of cloud resources on a monthly average:
Illumio Resource types | Number of Resources |
|---|---|
Cloud Virtual Machine | 300 resources |
Cloud Container | 100 resources |
Cloud Database | 20 resources |
Cloud Storage | 3 resources |
Cloud Firewall | 2 firewalls |
Serverless Function | 100 functions |
Network Security and Management | 30 resources |
Network Routing and Resource Management | 40 resources |
Virtual Network | 14 networks |
Infrastructure Management | 100 resources |
Private Endpoint | 10 endpoints |
Use the Illumio Workload Calculator to determine the number of Insights Workloads (IWLs) you require.
Resource Coverage Expansion
Illumio continuously enhances its security coverage by adding support for additional resource types. When new resources are added to Insights capabilities, they will be included automatically in your security coverage. This may increase your usage metrics and associated billing.
Caution
As a best practice, Illumio recommends that you review your usage dashboard regularly to manage your consumption. Contact your Illumio account team with any questions about usage trends or billing impacts.