We are excited to introduce a major enhancement to the Upwind platform – comprehensive end-to-end traffic visibility across accounts and clusters in Google Cloud.
For organizations that build cloud infrastructure hosted in Google Cloud, viewing cross-account and cross-cluster traffic can be a major challenge. Upwind’s latest release solves this problem, offering end-to-end visibility of resource traffic.
Google Cloud Infrastructure
In Google Cloud, infrastructure is often separated into multiple accounts for security and isolation purposes. While this approach helps in segmenting resources across different environments (such as development, staging, and production), it creates challenges when it comes to monitoring traffic that spans multiple accounts.
Traditionally, monitoring tools like Grafana and Prometheus collect metrics within individual accounts or projects. However, they lack built-in mechanisms to track traffic moving between accounts, leading to blind spots in cross-account communication. Because they aggregate data per account, they struggle to provide a comprehensive view of multi-account traffic, especially when internal or external IP addresses appear without context in monitoring dashboards. As a result, organizations often cannot track end-to-end communication effectively. For example, when an internal request moves between accounts, monitoring systems may only display an unrecognized IP address, obscuring its origin and destination.
Comparing AWS VPC Peering to Google Cloud
While this new capability focuses on Google Cloud, AWS VPC peering serves as a useful comparison to highlight similar cross-account communication challenges.
In AWS, Virtual Private Cloud (VPC) peering allows two VPCs from different accounts to communicate as if they were part of the same network. This enables secure data transfer over private IP addresses without traversing the public internet.
However, VPC peering does not support what’s known as “transitive routing”, meaning traffic can only flow directly between the two peered VPCs. Each VPC remains isolated, requiring explicit traffic management and monitoring configurations. While VPC peering facilitates account-to-account communication, it lacks built-in visibility into traffic flows, making it difficult to track interactions across VPCs and services.
How Upwind Provides End-to-End Visibility for Google Cloud
Upwind’s new feature addresses the limitations of traditional monitoring in multi-account environments by providing users with complete end-to-end visibility of cross-account and cross-cluster traffic within Google Cloud. This conceptually resembles AWS’s VPC peering, where separate accounts are connected to enable seamless communication. However, while VPC peering enables network connectivity, it doesn’t provide detailed visibility into how services communicate across accounts – which Upwind is able to seamlessly show in Google Cloud.
Connecting Layers 3, 4 and 7 with Kubernetes Context
Upwind achieves this by capturing detailed data from Layers 3, 4, and 7 with our high-performance eBPF sensor. This allows users to track the exact path traffic follows, from the originating service through the load balancer and Kubernetes clusters to the final destination. For instance, Upwind can identify when an application in one Google Cloud account communicates with a service in a cluster within another account.
With this newest capability, Upwind provides users with traffic flow details and mapping across accounts, ensuring organizations gain comprehensive visibility into their communication across Google Cloud infrastructures.
Use Upwind’s latest capability for:
- Detailed visibility of traffic flows across Google Cloud Accounts – Understand how data moves across accounts with full network insights, helping to troubleshoot and optimize communication.
- Improved real-time monitoring of traffic flows – Gain instant awareness of network behavior to detect anomalies, prevent disruptions, and strengthen security.
- Deep context of connected services, load balancers, and clusters – See the entire traffic path, from origin to destination, providing the necessary intelligence for effective cloud management.
Upwind’s next-generation cloud security platform provides groundbreaking end-to-end visibility of traffic across accounts and clusters, enabling organizations to quickly identify security risks, optimize cloud performance, and maintain compliance with minimal effort. By eliminating blind spots in network traffic, Upwind empowers security and DevOps teams with actionable insights that drive smarter, faster decision-making – allowing them to proactively detect threats, optimize performance, and ensure compliance with ease.
To learn more, schedule a demo.
