Why Visualize Your Cloud Infrastructure
The Increasing adoption of cloud based infrastructure by businesses large and small is a testament to the benefits of moving from on premise hardware to infrastructure as a service or the cloud as it more commonly referred.
Easily scalable infrastructure is one major reason companies choose cloud solutions over traditional on-premise computer hardware. Adding additional storage capacity, faster compute capability by choosing instances using increased compute and memory is infinitely easier in the cloud than it ever was upgrading physical hardware.
Conversely the ability to scale back hardware requirements when storage or compute demands drop was never an option with on premise hardware. We’re confident nobody ever replaced their server storage disks with smaller ones because they weren’t being utilised.
Not having to buy and install server hardware, but effectively renting some cloud server space in most cases leads to lower operating costs. You stay in control of your costs and replace large up front capital expenditure with predictable controllable expenses, by only paying for what you use.
Taking advantage of cloud infrastructure also gives you the flexibility to innovate faster, duplicate production environments, scale up or down at will and take advantage of new technologies as they are released.
With all this flexibility also comes a new set of challenges.
So let’s take a look at why you should be visualizing your cloud environments.
Understand the current state of your infrastructure.
Probably the most obvious reason to visualize your cloud infrastructure is so that you can see and review all the resources and instances you have running in your cloud account(s).
With the network laid out in a visual form, you can often identify weak spots or vulnerabilities that could cause an outage of your application if for instance an availability zone or regional outage occurred.
Do you have all the resources replicated in an alternative location so your application persists during the outage? Having the resources mapped out by individual VPC, regions and availability zones will help you answer that question.
Having each resource instance mapped out also allows you to spot unused or legacy resources that are no longer required and costing you money.
Gaining visibility via automatically generated diagrams based on the actual resources running allows your engineering team to easily understand the state of play of your cloud infrastructure, and because it’s generated from the source of truth (the actual resources running) you have a clear picture of what is running where to help guide improvements.
Planning improvements and upgrade deployment.
Accurate diagrams provide everyone in the organization clarity in terms of how your cloud infrastructure is constructed.
Internally, visualized infrastructure can help you personally be 100% aware of all the services and resource instances you have running which can help guide you in decision making processes and also allow you to confidently communicate your cloud infrastructure with your team.
Whether you are working with network architects, cloud engineers, DevOps, security engineers or external consultants, a solid accurate diagram will help you demonstrate the changes needed and gain buy in from management using a format they are more likely to understand.
Troubleshooting network or performance issues.
When your application or network performance degrades or stops working altogether you obviously need to find out quickly how to resolve the problem.
Visuals can quickly communicate your cloud infrastructure and bottlenecks and scaling opportunities can be identified.
Information regarding the infrastructure can easily be passed between teams and team members when it’s in visual form.
One of the features of Hava diagrams is the retention of superseded network diagrams in Version History. When you compare the current infrastructure diagrams to previous versions, you will be able to see the differences.
So if a missing resource or a new one is causing the problem, a quick visual comparison can often surface the issue quickly.
Security is top of mind for every organization storing sensitive information. Building applications in the cloud only adds to the potential security considerations.
Understanding how your security is configured, how your infrastructure can be accessed and how traffic traverses your network is essential when reviewing security.
Having your security groups, ports and IP addresses visualised in diagram form like on the Security View produced by Hava can help demonstrate how your current security is protecting your network.
Also importantly, Hava retains your security diagrams when they are superseded by changes to your infrastructure. This means that you have demonstrable security state configurations for any point in the past. So should you need to respond to questions related to historical incidents, you have easily understood visualizations to show how things were.
There are several security compliance standards and well as platform specific best practices that should be adhered to when dealing with sensitive customer or financial information.
The Payment Card Industry Security Standards Council, (PCI SSC) made up of members of the major banks and financial institutions around the world release and maintain a strict set of guidelines to adhere to when storing financial information related to customer and credit card transactions.
You should be able to demonstrate compliance to the PCI standards as well as best practices published by the cloud vendor platform you are building on.
Visuals assist in demonstrating where your customer data is located, how it can be accessed and how it is secured which are all major components of proving compliance during an audit which is key governance data.
Onboarding new engineers and consultants.
Back in the dim dark past, our engineers provided expert cloud consulting services. Whenever we took on a new client network, the first thing we did was to diagram the existing infrastructure. Depending on the size of the network, this could take days or weeks to complete.
It was extremely rare to walk into an organisation and be presented with a full set of up to date diagrams.
So when your organisation takes on new engineers or engages external consultants, you will save them hours or days getting up to speed with how your cloud infrastructure is configured if you can present them with accurate diagrams.
They say a picture paints a thousand words and nothing can be truer when it comes to cloud network topology diagrams.
Engineers, DevOps and system architects can easily grasp how a network is constructed by glancing at a network topology diagram.
Management can also be brought up to speed with visuals and they help with proposals when you are proposing additional resources or network improvements that will result in increased budget requirements.
When you choose to tackle your cloud network diagramming manually, not only are you embarking on a slow and painful process, you are also running the risk of introducing errors.
The first opportunity for errors is missing resources. With so many services available across the cloud platforms, trawling through your cloud consoles to find all the running resources and their associations can be a lengthy process and it is easy to miss resources.
Next is the possibility of drawing resources that were supposed to be set up, but weren’t, or did exist once, but have been superseded or deleted. Having these resources on your diagrams can give the impression that your network has capabilities it may not.
Finally with the ability for platforms to autoscale and provide the resources required to respond to increases in traffic and to scale back in when traffic drops, it can be a full time job to keep documentation in a state that accurately reflects the current state of the network.
The solution is to automate the process with Hava. Not only does Hava generate network topology diagrams automatically but it also monitors your cloud account config and generates new diagrams when changes are detected.
Diagrams are generated from actual resource configurations found in your AWS, GCP and Azure accounts which are the ultimate source of truth. Nothing is added to the diagrams that does not exist, and nothing is not diagrammed that exists in the cloud account data meaning you can rely on highly accurate diagrams that reflect reality.
One of the major and sometimes unexpected benefits of generating diagrams from the source of truth is that resources can be surfaced that you are not expecting.
In a large complex cloud environment, it is easy to lose sight of unused resources that are still running.
These could be individual unused or duplicate resources, unused test resources or entire development or staging environments that are no longer needed.
By auto generating diagrams from config data, these anomalies are brought to light and can be dealt with accordingly.
We’ve seen a client find unused database instances costing over $2000 per month that were related to legacy testing that had been running for over three years. Once discovered and investigated the instance was deleted and significant savings were made.
Reporting and Governance.
When you are managing a cloud development or operations team, the chances are at some point you will need to present details of your network, how it is secured and why it costs what it does.
Being able to export your diagrams into images and pdf document allows you to integrate easily understood imagery into your reports and presentations.
From a governance perspective, having a good audit trail of how your network is and was constructed, how security was configured and where data is or was stored are all important governance requirements, especially if you are subjected to any type of compliance audit.
How can you automate your cloud diagrams.
Well we may be a little biased, but connecting your AWS, GCP or Azure cloud accounts to hava.io we believe is the easiest way to generate perpetually maintained accurate cloud documentation.
Covering the three major cloud platforms Hava will generate network topology diagrams, container diagrams, security diagrams and 3D views of your cloud infrastructure by simply connecting Hava using cross-account or read-only credentials.
Once created, Hava will keep your diagrams up to date as changes to your cloud configurations are detected.
Using Hava’s API you can also programmatically interact with the diagram generator to quickly add accounts, generate diagrams and integrate the documentation process into you build pipelines.
You can try Hava for yourself at https://www.hava.io or get in touch to arrange a one-on-one demo to see if Hava suits your individual use-case.
Originally published at https://www.hava.io.