How to view your AWS, GCP, and Azure auto generated diagrams using Hava
View diagram is the core functionality of Hava and is where you can view all the resources that are both visualised on the diagram and detailed in the Attributes list.
While the initial diagram view will show a simple logically laid out representation of the major resources in your cloud environment, the true power of Hava is the deep analysis of the resources and relationships between them.
Not only can you see the structure of your cloud architecture at a glance, you can drill down into each individual resource and see all the attributes, security, routing, estimated costs for that resource.
Selecting an Environment Diagram to View
To get started, from the Environments dashboard, select the environment diagram you wish to view by clicking on the tile.
Select the Visualized Environment Diagram to View
This will open up the latest diagram.
Once connected to Hava, your cloud environment configuration is continuously polled. If there is a structural change detected, a new diagram version is created and the previous diagram is preserved in the Version History.
Each interactive diagram is constructed from the source of truth data, being the actual resources that are configured and running in your cloud environment. This eliminates errors or omissions often associated with manually created diagrams.
AWS architecture is laid out based on VPC Containers, availability zones and subnets, with external storage resources and gateways being detailed outside the main VPC containers.
Clicking on any resource or box surrounding a VPC, Availability Zone or Subnet will populate the Attributes Tab with the attribute data pertaining to the selected resource.
AWS VPC Layout
Each AWS VPC Container is represented by a green border. Clicking the border or any blank area inside the VPC will change the Attributes tab data to the information pertaining to that VPC.
Building a multiple source diagram will enable multiple VPC containers to be displayed along side other cloud infrastructure such as Microsoft Azure and Google Cloud Platform on the same diagram.
AWS Availability Zones
Availability zones set up in your AWS architecture are laid out in columns on the Hava interactive diagram.
Subnets within your AWS infrastructure are detailed within the availability zone that they are configured in.
Selecting the subnet by clicking the border or a blank area inside the border will display the subnet attributes such as availability zone, IP's, connected resources and estimated cost.
Once you connect your Microsoft Azure credentials to Hava the infrastructure is analysed and Hava produces the interactive Diagram. From this point Hava will track changes and preserve a version history for auditing and problem diagnosis.
Environment - when this top level view is selected, the data source and total monthly estimate is shown
Resource Group - Details all the resources in the group such as Network Interfaces, Public IPs, Route Tables, Subnets, Local Network Gateways. If selectable in the Attributes Tab, you can select and view more details pertaining to the resource.
Virtual Network - contains resources such as load balancers, subnets etc
Subnet - Select a subnet and the attribute tab will display information such as the Network Security Groups the Subnet belongs to and Route Table information.
Resources external to a Virtual Network. In this example we have a Virtual Network Gateway, Local Network Gateway, Express Route Circuit and several Storage Accounts.
Attribute Tab - this displays attributes and their values that are contextual to the currently selected resource or network segment.
Interactive Diagram Export
Hava will export your cloud environment diagrams in several major formats.
Select the 'Export" button to open the export dialogue :
Select the required output format : Hava will prepare the download - once the "Export Complete" notification is visible, you can download the exported file.
Interactive Diagram View Options
These controls allow you to show or hide detail on your environment diagram.
By default the resource names and connections are suppressed to produce a clean diagram, but you are able to display these as required.
When Hava creates your diagram it can also display network connections based on the meta data returned with the resource. So long as one resource has an explicit link to another resource, Hava will display a connection when a resource is selected, or using the Connections toggle in the view options.
Autoscaling groups to load balancers (ELB, ALB, NLB)
CloudFront to Lambda Functions
CloudFront to Load Balancers (ELB, ALB)
CloudFront to S3 Buckets
CloudFront to WAF
DirectConnect to Transit Gateway
DirectConnect to VPN Gateway
EC2 Instance to load balancers (ELB, ALB, NLB)
Transit Gateway to Customer Gateway
Load balancers (ELB, ALB, NLB) to WAF
Virtual Machine to Load Balancers
Backend Service to Instances
Router to NAT Gateway
URL Map to Bucket
URL Map to Backend Service
URL Map to Instances
Target Pool to Instances
Hava also has the 2019 and pre 2019 AWS icon sets available for selection on the "View Options" dialogue.
The "Layout Controls" introduce the ability to stretch or compress the diagram width and/or height and also stretch or compress the subnet columns.
The first control "Resource Width" adjusts the width of the canvas.
Hava Layout Adjustment Resource Width
The screenshot above is a standard AWS VPC. The below diagram is the result of adjusting the diagram canvas using the width adjustment.
Hava Layout Resource Width After
This width adjustment results in more distance between resources while keeping the entire environment on screen. This is especially useful when displaying resource names. Just using the zoom option to achieve the same result would scale the diagram so only part of the diagram was visible on screen.
The Resource Height adjustment works in the same manner, increasing the horizontal gap between visualized resources.
Hava Resource Layout Height
The final control is the Subnet Column adjustment. This control allows you to expand or contract the width of the subnet columns without affecting the distance between resources.
On the initial diagram with default settings, the resources in each subnet are stacked based on the available screen space.
Hava Layout Default Subnet Diagram
By increasing the Subnet Column width, you can increase the number of resources visualized on each row within the subnet, while preserving the original spacing between resources. This is especially useful where you have a large number of resources in one subnet.
Hava Layout Increased Subnet Width
There are five distinct ways to view your cloud architecture built into Hava.
Extended Infrastructure View
Security Group View
Infrastructure View (AWS, GCP, Azure)
They are selectable from a collapsible drop down menu in the bottom right "Select Your View".
Select the type of Diagram View
By default when you open your Cloud Architecture Diagram the "Infrastructure" View will be displayed.
Also by default the infrastructure view has no labels or connections displayed. All the example screen shots above are taken from the Infrastructure View.
Extended Infrastructure View (AWS, GCP, Azure)
The extended Infrastructure view displays key information relating to the visualised resource.
For instance a Nat Gateway visualised on an Extended Infrastructure View Diagram will display the Nat Gateway name and both the public and private IP addresses. A visualised RDS Database will display the Database Identifier, Engine type and allocated storage capacity.
The extended information is contextual to the type of resource being visualised and is typically the most useful parameters a security or solutions architect would need to know.
List View (AWS, GCP, Azure)
List view is an alphabetic list of detected resources Hava has detected in your cloud architecture.
This includes all the resources that are not visualised on the two infrastructure views.
The list view toolbar has the option to sort by Name, Price and Type
You can select resources in the list and the detailed attributes are displayed in the Attributes Tab.
At a glance you can also see a cost estimate for the resource.
Some of the unvisualised resources you will find in the List View include :
Elasicache Cluster Nodes
Workspaces and Workspace Directories
Elasticache Subnet Groups
There is a Filter option in the "List View Toolbar" to filter on the type of resource you wish to view.
Place a check mark next to the resources you wish to view. You can select multiple types.
Security Group View (AWS Only)
Built with your cloud security engineers in mind, the Security Group View is a visualisation of all the security groups set up within your cloud architecture. It details the ports configured for use and resulting traffic flow.
Selecting a security group in the visualisation will populate the connected resources for that group in the Attributes Tab to the right.
The attribute data also details the ingress and egress IP addresses, ports in use and port types.
Container View (AWS)
When you have containers configured within your cloud infrastructure and have detects them, a "Container View" option will appear in the header toolbar and in the "view selection" dropdown menu.
The Hava container view gives you an overall diagram of your entire ECS cluster. You can see every service and task currently running, any load balancing available to your containers, as well as unused or pending capacity.
Service and Capacity Information
The Container View will generally show one main cluster container around one or more service containers, showing the individual services that make up the cluster as well as the tasks running inside.
At the top of the container you can see information about the state of the container as well as it's location, while at the bottom you can see the name and the ID of the service. Clicking anywhere in the service will display all the services attributes in the right hand attributes panel.
Towards the top of the service you will see load balancing information if there are any load balancers connected to your containers. This will show the port and the container the load balancer is connected to for each task. Click the load balancer box to see more information about the target group or class load balancer that is attached.
Each of the tasks running within the service are shown as a hexagonal icon that can be clicked to see the information for the specific task. Tasks are displayed in different styles depending on their current state:
Green tasks are running successfully.
Yellow tasks are in a pending state, usually starting up or shutting down. You can click the task for more details.
Dashed tasks are spare capacity in the service, where the desired count is less than the running count.
Detailed Resource Information
Clicking on any resource on the diagram will display detailed information about that resources in the attributes bar on the right hand side. This can be used to get more detail on what the diagram is displayed.
From the main cluster you can see what services and tasks are running, as well as the container instances the cluster is spread across. If you are running in an EC2 cluster you will also be able to see the underlying EC2 instances.
From the service you are able to see the task definition it's using as well as deployment and placement information. You can also see a list view of all the tasks running within the services currently, and any load balancing available to those tasks.
In the task attributes you can see the containers running within the task, the container instance it's deployed onto, and the current status of the task.
Possibly one of the most powerful features of Hava especially from a fault analysis and governance perspective, versioning is built in and active from the moment you connect your cloud infrastructure and start building your interactive diagrams.
Hava polls your cloud infrastructure on an continuous basis.
Once a resource change is detected, a new version of the interactive diagram is created and the state change is recorded.
The Versions Tab can be found adjacent to the Attributes Tab.
The "From" date represents when the archived diagram was created.
The "To" date is the date/time that the diagram was superseded due to a state change.
To view an archived diagram, simply select it from the versions list.
Having the version history readily to hand enables your engineering team, security team or compliance audit reports to accurately see the state of play at any point in time. Need to see how your cloud infrastructure was configured 6 months ago ? Hava has you covered.