After a well earned break, our talented developers have been busy putting the finishing touches to a number of new features and enhancements to make your Hava diagrams more detailed and flexible.
Hide default egress arrows on AWS Security View.
Hava's AWS security group view is a unique visualization of your configured AWS security groups, which allow you to select mapped groups and view the attached resources and other useful metadata.
Overlaid on the groups are the open ports with ingress/egress details that visualize how traffic enters and exits your VPCs.
Typically there are a number of egress rules allowing traffic out to the internet that can distract from the more important details of the ingress traffic allowed into your network.
The new option found in the "View Options" allows you to hide these egress arrows so you can concentrate on the more significant port information.
This is the same security group diagram view, but with the default egress arrows hidden, which reveals an open egress port 20 origination from the demo-internal-servers security group.
Networks on Security View are now separate.
Hava gives you the ability to create diagrams with multiple networks on the same diagram. These can be multiple AWS VPC's or a hybrid diagram detailing virtual networks from your Azure or GCP accounts.
Since the release of the security view, we have collated the discovered security groups into a single block. Now with introduction of Azure security views and the increased use of the custom search function to create custom diagrams containing multiple VPCs we have refined the security view diagram to segment the individual network security groups into their individual networks which are stacked on top of each other,
Take or instance this custom diagram that details two VPC's that are potentially from different AWS accounts,
Up until now the security group details from the two networks would have been merged.
Now with this latest update the security group details are segmented.
Ports now display Protocol information
When you inspect a security group on the security group view, it will show you information related to the ports that are open for traffic ingress/egress.
With this update, protocol information has been added to the ports so you can assess the type of traffic moving across the network.
Connected groups now displayed.
The security view really got some love with this update. The final improvement relates to connected security groups.
With a small environment, it's easy to get a read on where a connection starts and finishes. The source and destination are easy to establish. However on large diagrams with lots of connections, when you click on the visualised connection arrow, you would need to scroll your diagram all the way to the left to see the source group name, and then scroll back to the arrow, then up or down to find the destination group, then scroll all the way back to the left to find the destination group name. So all perfectly doable, but unnecessary.
This update sees the source and destination groups displayed in the attribute pane when a traffic arrow is selected on the security group view.
Infrastructure Routing connections upgrade.
Hava will display connections between resource instances on your infrastructure diagrams in two scenarios.
Firstly if you select a resource on an infrastructure diagram, like say an elastic load balancer, the diagram will display the connections between the ELB and the EC2 instances it connects to.
The second scenario, is if you change the view options on the diagram canvas to display connections, which will display all the connections to infrastructure instances in the VPC.
To date these connection lines have been straight dotted lines that would often intersect unrelated instances.
This update sees the introduction of connection lines that route around unrelated resources so you can avoid any confusion by assuming a resource is connected when it is not as the connection line was passing under an unrelated resource, but could have given the impression that it was connected.
To solve this rare but potential problem, the connection lines between resource instances now route around unrelated instances.
Azure Resources Added
Azure got some attention in this round of updates. A number of additional resources are now supported and will appear on your auto generated Azure diagrams.
The newly supported resources are:
- DNS
- Event Hub
- Service Bus
- Azure Database - MySQL / PostgreSQL / MariaDB
- Private Endpoints
Our developers are currently working on more Azure resource types which will be available in upcoming releases.
Azure Security View
Probably one of the most requested features from clients building on Azure is for a security group view like the one available for AWS. After many long nights and possibly a bit too much coffee, we're pleased to announce that the Azure Security View is now generally available.
Each security group is represented by the large blue rectangle and the connected destinations shown horizontally. Traffic and rules are represented with arrows with the green and red horizontal arrows displaying inbound and outbound rules, ports, protocols and source/destination and the vertical arrows showing traffic between different sources and destinations.
With a Network Security Group selected on the diagram the attribute pane to the side of the diagram will show :
- NSG Name
- Region
- Provisioning State
- Inbound Rules
- Outbound Rules
- Connected Network Interfaces
- Connected Subnets
Please feel free to play around with the new Azure Security Group view. It's new and shiny with plenty of scope for enhancement for which we would value your opinion and suggestions.
SSO is now Generally Available
Hava users with a Business account can now leverage the convenience of SSO to sign in to Hava.
Initially SAML and OIDC are supported while other providers may be added in the future subject to feedback, demand and changes to technology.
That's a quick run through the new features and updates to Hava released mid January 2022, we hope you like them. If you are not using Hava yet to fully automate your AWS, GCP and Azure network topology diagrams, you can use the button below to take a free, no strings attached 14 days trial. Feel free to connect a data source, or import some demo data to evaluate how Hava can save you time by automating the production and updating of your network diagrams.
