How to create an Azure Network Diagram

There’s no question that an accurate infrastructure diagram is invaluable to your cloud team. Whether you’re a cloud architect looking to redesign existing infrastructure, a devops engineer tasked with implementing a design or a project manager making sure the roll out has been executed according to the scope, an accurate diagram makes life easier at every step of the project.

How to create an Azure Network Diagram

In the past, the thought of having to create network diagrams was never met with a rush of excitement or enthusiasm. In reality it was a bit of a nightmare. Hours and hours dragging and dropping icons, checking and rechecking console settings, trying to logically arrange things so they could easily be understood and connecting the resources, so you could tell what was going on.

Then you would always be second guessing yourself. Did I miss something? What are the other teams rolling out in this environment that i’m not aware of yet? Have any resources been added or removed since the initial design.

If you’re working in a fast paced dev environment, you may have even avoided creating documentation, until of course the CTO asks why the cloud spend increased by 50% this quarter.

The biggest challenge with diagramming cloud infrastructure, apart from finding the time to do it in the first place, is keeping it up to date. Especially with dynamic components, autoscaling resources and the need to build in acceptable redundancy into the network designs, the ever changing cloud configuration presents an ever moving target that can be expensive and time consuming to document.

Enter Hava.

hava.io provides both a cloud based or self hosted solution to automatically document your cloud environments by:

• Connecting your Azure cloud account via Service Principle Credentials
• Automatically generating diagrams in a logically laid out 100% accurate format
• Tracking changes and auto generating a new set of diagrams
• Archiving fully interactive diagrams ‘pre-config change’ so you can audit if required
• Providing a full list of resources and attributes (including cost estimates per resource)
• Providing API access to build documentation into build pipelines
• Providing the ability for easy creation of custom cloud diagrams

How to create an Azure Infrastructure Diagram using Hava

To import environment diagram data from Azure, you will need to access your Azure Portal at https://portal.azure.com , create a new Service Principle and retrieve a set of credentials for your account.

Open the Azure Portal and launch PowerShell from the top menu bar :

From the command line create a new Service Principal ( In this example we use “HavaServicePrincipal”, but you can use any name )

$sp = New-AzADServicePrincipal -DisplayName HavaServicePrincipal

Then assign read only permissions to it.

$sp = New-AzRoleAssignment -ApplicationId $sp.ApplicationId -RoleDefinitionName “Reader”

Then decrypt the Secret Key ($password)

Decrypt the Password$Ptr = [System.Runtime.InteropServices.Marshal]::SecureStringToCoTaskMemUnicode($sp.Secret) $password = [System.Runtime.InteropServices.Marshal]::PtrToStringUni($Ptr) [System.Runtime.InteropServices.Marshal]::ZeroFreeCoTaskMemUnicode($Ptr)

You will now be able to retrieve the necessary credentials to plug into Hava.

You now have the credentials to login!

Now log in to Hava which will open up the environments screen.

Add Environments

Select “Add Environments”

Click on the “Azure” Tab and enter the credentials you have just gathered from Azure.

Hava will import your Azure Environment, layout the diagram and add the environment tile to the Hava Environments screen. From this point Hava will sync with Azure every hour and log any structural changes, so you always have an accurate visual representation of your Azure Environment and a versioning audit trail of any changes made.

Hava visualises the important components of all the environments it supports. There are other attributes that are displayed when visualised elements are selected to keep the diagrams clean and readable.

Here is a list of imported Azure resources. Visualised resources will appear as a container or icon. Attributes will appear in the Attributes sidebar as elements are selected.

Once imported, all the virtual networks detected in your Azure account will be presented as tiles on the Hava dashboard.

Once Hava has auto generated your Azure infrastructure diagrams, you can create custom diagrams featuring subsets of data like:

• An individual Virtual Network
• Single or multiple subnets
• Combinations thereof
• Networks from multiple Azure accounts onto the same diagram
• Hybrid or multi cloud diagrams — mix AWS, Azure & GCP on the same diagram

Because the hava application is 100% API driven, anything you can see visualized on the diagrams or resource lists can also be returned via API call and integrated into your build pipeline artefacts or internal code or documentation repositories.

Whether you are looking at the current set of diagrams, of viewing historical archived versions, all the Hava diagrams are fully interactive. Clicking on a resource changes the attribute pane to reveal all the important settings related to the resource like :

• Network Interface
• Security Groups
• Public IP address
• Route Tables
• Subnets
• Network Gateways

Clicking on the data in the attributes pane, will dive deeper into the associated resources, so you can find out all you need to know without having to go back to the Azure portal.

The Azure diagram is laid out as follows:

1. Environment — when this top level view is selected, the data source and total monthly estimate is shown
2. Resource Group — Details all the resources in the group such as Network Interfaces, Public IPs, Route Tables, Subnets, Local Network Gateways. If selectable in the Attributes Tab, you can select and view more details pertaining to the resource.
3. Virtual Network — contains resources such as load balancers, subnets etc
4. Subnet — Select a subnet and the attribute tab will display information such as the Network Security Groups the Subnet belongs to and Route Table information.
5. Resources external to a Virtual Network. In this example we have a Virtual Network Gateway, Local Network Gateway, Express Route Circuit and several Storage Accounts.
6. Attribute Tab — this displays attributes and their values that are contextual to the currently selected resource or network segment.
7. We firmly believe that the accurate yet effortless cloud documentation automatically produced by hava.io is the fastest and most accurate way to keep your cloud documentation up to date.
8. Hands free, you release yourself and your team from drag and drop forever.
9. You always have an historical audit trail of all the major changes to your cloud settings should you ever be subjected to a PCI compliance, insurance or legal audit.
10. You can also export diagrams and itemised costing spreadsheets via CSV so you can complete your monthly reports easily, or respond to requests from your up line management or accounting department in minutes not days.
11. You could also build API calls into a dashboard to watch your cloud spend estimates live as your environment autoscales. With the API your options are limitless.
12. You can view detailed walkthrough here:

If you would like start building 100% accurate hassle free Azure diagrams, we have a 14 day free trial you can use to get to grips with this easy to use software.

The trial is fully functional & you won’t need a credit card to take it for a spin.

Hop on over to https://www.hava.io to check it out.

Originally published at https://www.hava.io.