Getting Started with Azure

Getting started with Hava interactive network diagrams and Microsoft Azure.

To import environment diagram data from Azure, you will need to access your Azure Portal at , create a new Service Principle and retrieve a set of credentials for your account.

Open the Azure Portal and launch PowerShell from the top menu bar :

From the command line create a new Service Principal ( In this example we use "HavaServicePrincipal", but you can use any name )

$sp = New-AzADServicePrincipal -DisplayName HavaServicePrincipal

Then assign read only permissions to it.

New-AzRoleAssignment -ApplicationId $sp.ApplicationId -RoleDefinitionName "Reader"

Then decrypt the Secret Key ($password)

Decrypt the Password$Ptr = [System.Runtime.InteropServices.Marshal]::SecureStringToCoTaskMemUnicode($sp.Secret) $password = [System.Runtime.InteropServices.Marshal]::PtrToStringUni($Ptr)

You will now be able to retrieve the necessary credentials to plug into Hava.

You now have the credentials to login!

  • Subscription ID: (Get-AzContext).Subscription.Id

  • Tenant ID: (Get-AzContext).Tenant.Id

  • Client ID: $sp.ApplicationId

  • Secret: $password

Now log in to Hava which will open up the environments screen. (Skip to Add environments)

If you do not have access to powershell, it is still possible to get your log in credentials, albeit a little more complex.

Using the Azure Portal

There are quite a few steps required to allow Hava to access your Azure resources using the Portal, so let's get started!

To allow Hava to import your Azure account you will need to provide access by creating an Active Directory application and assigning read-only permissions to it. To create AD applications you will need admin access to the Azure account.

So without further ado, let's start with:

Creating an Active Directory Application

  1. Select Azure Active Directory azure-1.png

  2. Select App registrations, then click New application registration azure-2.png

  3. Enter the following details

    1. Name: Hava

    2. Application Type: Web app / API

  4. Your application has been created!

Assign Roles to the Application This will step you through adding a role for the application at the subscription level; this will grant Hava access to read everything in your account but not make any changes. You can also apply the access to a specific resource group or groups, or even individual resources - Hava will only draw the resources you give it access to.

  1. Select Subscriptions and select the specific subscription you would like to assign access to azure-5.png

  2. Select Access control (IAM) and then click Add azure-6.png

  3. Select the Reader role and then search for the Hava application you created earlier azure-7.png

  4. Select Hava from the list then press okay to assign read-only permission to the Hava application you created earlier

Get your parameters to give access to Hava You will need four separate parameters to give Hava access to your account, first off is the subscription ID.

  1. Select Subscriptions and then select the specific subscription you will be importing from azure-8.png

  2. Copy your Subscription ID - this is the first value you will need.

Now to get the ID and access key:

  1. Select the app you just created from the App Registrations list in Active Directory azure-9.png

  2. Copy the Application ID and save it as your Client ID - this is the second value you need azure-10.png

  3. In the same screen click Settings and then the Keys link and enter a name for your key name (something like HavaAccessKey) and select Never Expires. azure-11.png

  4. After the key is saved it will show the created value - copy this and save it as your Client Secret, the third value required. This is the only time you see it so make sure you copy it now!

Get your Tenant ID:

  1. Once again in the main Active Directory blade select Properties and copy the Directory ID - this is your Tenant ID - the final value you will need for access azure-12.png

Add Environments

Select "Add Environments"

Click on the "Azure" Tab and enter the credentials you have just gathered from Azure.

Hava will import your Azure Environment, layout the diagram and add the environment tile to the Hava Environments screen. From this point Hava will sync with Azure every hour and log any structural changes, so you always have an accurate visual representation of your Azure Environment and a versioning audit trail of any changes made.

Hava visualises the important components of all the environments it supports. There are other attributes that are displayed when visualised elements are selected to keep the diagrams clean and readable.

Here is a list of imported Azure resources. Visualised resources will appear as a container or icon. Attributes will appear in the Attributes sidebar as elements are selected.



Application Gateway

Availability Set

Express Route

Load Balancer

Local Network Gateway

Network Interface

Network Security Group

Public IP

Redis Cache

Resource Group

Route Table

SQL Server

Storage Account


Virtual Machine

Virtual Machine Extension

Virtual Machine Scale Set

Virtual Network

Virtual Network Gateway

Virtual Network Peering