19 min read

Google Cloud Diagram Generator

July 21, 2020

GCP_Cloud_Diagram_Generator

 

There's no disputing the benefits of an accurate google cloud infrastructure diagram.

The ability to easily communicate your GCP environment design assists key stakeholders in your organisation at every level.

  • Engineering - Onboarding new engineers
  • Architects - Ensuring the implemented infrastructure matches the specified design
  • DevOps - Quickly establish what is running now before making improvements
  • Disaster Recovery - Compare what was running prior to any critical errors
  • Project Managers - Easily explain the state of play now vs planned changes
  • Management - Easily understand what's running and what that costs

Traditionally there have been several friction points when it comes to documenting cloud environments. The main two being the time it takes to produce the documentation and the resources and discipline it takes to keep the documentation up to date.

We understand the challenge.  Having evolved from a DevOps / Cloud Consultancy the team at Hava faced the same challenges as most cloud engineering teams. When starting a new project or taking on a new client's infrastructure, the task of establishing exactly what was running was a massive task that could take days or weeks. Great from a billable hours perspective, but not a task anyone got excited about which is why we built hava.io.

Hava automates the process by simply connecting your GCP credentials and letting the software discover what's running in your account and then rendering logically laid out infrastructure diagrams.

GCP Google Cloud Diagram Generator

The process is as simple as it sounds.

To connect to your Google Cloud Platform (GCP) to Hava you will need to create a "Read Only Service Account" for your project and download the JSON key file to import into hava.io.

Simply log in to your Google Cloud Console then in the IAM & Admin menu, then select "Service accounts" :

 

Then select "+Create Service Account" :

 

Give the account a memorable service account name and an optional description :

 

Select Create, then in the Select a Role dialogue options, Select Project and Viewer

 

On the next page select +Create Key

 

Select the Key Type : JSON and Create

 

This will download the private key to your computer.

 

From the Hava Environments dashboard - select Add Environments

 

In the Import an Environment dialogue, select the Google Cloud Tab and Select "Choose File" and select the file containing the Private Key JSON file you just downloaded.

 

Hava will then connect to your GCP Project, import the resources and create the default interactive diagrams.

Env_Dash_All

Hava imports and visualises the key resources in your GCP Cloud Infrastructure projects.

The resulting diagrams logically lay out the detected resources.

gcp-diagram-generator

The diagram is kept clean and readable with the associated configuration data displayed in a contextual panel to the right of the diagram.

The interactive nature of Hava diagrams means you can select individual resources on the diagram to view all the attributes for that resource - like this URL Map

GCP-URL-Map

Conversely there are also selectable values in the attribute pane that show associated relationships on the diagram. With the Network in focus, the attributes displayed include data like the subnets, firewalls and routes. 

For example, hovering your mouse pointer over a particular firewall will highlight the associated instances belonging to that firewall.

GCP-Firewall-Highlight

There are several diagram types automatically generated by Hava including extended infrastructure, container, and a detailed list view that shows all the resources discovered irrespective of whether they are visualised on the diagrams. 

Below is a list of the resources visualised. The resources that are not visualised can be found in the contextual attributes tab and are also visible when viewing the Hava List View

Resources Visualised

 

Compute Backend Service

External VPN Gateway

Compute Instance

Compute Interconnect

Compute Nat Gateway

Compute Network

Compute Router

Compute Subnetwork

Compute URL Map

VPN Gateway

DNS Managed Zone

Memory Store Instance

SQL Instance

Storage Bucket

 

Non Visualised Resources

Compute Address
Compute Autoscaler
Compute Backend Bucket
Disk
Firewall
Forwarding Rule
Forwarding Rule Targets
Instance Group
Interconnect Attachment
Network Endpoint Group
Node Group
Route
SSL Certificate
SSL Policy
VPN Tunnel

 

The possibilities when using hava.io are also not limited to auto generated documentation.  Using the query function, you are able to nominate the resources you wish to visualise. This could be a specific subnet or even a tags. You are in control, so you can build the diagrams you need easily. 

Search2020

You can select a specific project: or vpc: for instance, or say everything with a tag containing "dev" or 'production".  Operators can be stacked to enable quite complex query expressions that yield super specific diagrams when required.

Should you have multiple cloud vendor accounts connected to Hava, you can also build hybrid cloud diagrams containing AWS, Azure and GCP resources.

Keeping your GCP diagrams up to date.

As we mentioned at the start, documenting and diagramming your infrastructure is only the start. Keeping your documentation up to date is a perpetual challenge.

Hava steps up to this challenge by continuously checking your config files and updating your diagrams when changes are detected. Of course just overwriting the diagrams could be problematic if you are trying to track down changes that may have caused errors with your applications. 

If your current documentation is all you have, there's no baseline comparison, which is why every automatic diagram update saves the previous diagram set to a version history that is always available and fully interactive just as if it was the 'live' diagram set. This means you can go back in time and compare infrastructure to see what has changed.

This is not only incredibly valuable to help identify issues, but it is also enables you to answer tricky pci or insurance audit questions should your network integrity ever be called into question.

So to recap:

  • Producing accurate GCP network topology diagrams is extremely worthwhile.
  • Automating the process will save you days or weeks of expensive labour costs.
  • Automating the process of keeping documentation up to date will ensure you always have accurate diagrams and documentation on hand.

If you would like to try hava.io out for yourself, we are currently offering a 14 day free trial. There is no credit card required to take the trial and our support team are available to assist you at any stage of the trial.

Try Hava For Free Today!   

Hava is available in SaaS form which meets most requirements, however we can also arrange a self-hosted solution should that better suit your company or data security policies

 

 

 

 

Team Hava

Written by Team Hava

Featured