When you are responsible for the delivery and maintenance of critical or complex applications built on cloud infrastructure, the chances are you are relying on multiple in house engineers or teams of engineers, devops and external consultants to keep your network and applications operating at peak performance for your end users.
If you are a highly technical manager who keeps up to date with the frenetic pace of changes in the cloud computing landscape and gets hands on with your network infrastructure coding and monitoring, then you can probably assume with some accuracy how your network(s) are constructed and how they are performing.
If you are a little more disconnected from the coal-face so to speak and rely on your exceptional managerial skills to delegate the required engineering to build and scale your cloud infrastructure to meet user demand and spikes in traffic loads, then you probably are a little more reliant on feedback from your teams and consultants in relation to how your network(s) are constructed and how they are performing.
In either scenario you'll find the automated information produced by Hava.io incredibly valuable and time saving.
What is Hava?
Hava visualizes your AWS, GCP and Azure cloud infrastructure and AWS security with clean easy to comprehend (we'd say beautiful) diagrams by simply entering a set of secure read-only cloud platform credentials into Hava SaaS or fully self hosted version.
Once connected, Hava scans your cloud configuration and builds diagrams for each virtual network or VPC discovered. The diagrams are logically laid out by availability zones and subnets, which is important when it comes to why you need Hava reason 2.
A typical AWS VPC diagram could look like this.
Or this if viewed through the 3D option
Currently AWS visualizations include a security group view that lays out security groups and the traffic ingress, egress and paths that transit across your cloud infrastructure.
This view provides a unique visualization that lets your security team easily spot vulnerabilities or config issues that are concerning to them.
There are also AWS container workload diagrams and AWS Well Architected compliance reports automatically generated when you connect your AWS account to Hava.
Now you have an idea of what Hava is, lets take a look at seven of the many reasons why a Manager responsible for cloud infrastructure can benefit from adding Hava to their team's software utility belt.
Reason 1 : Do expectations match reality?
With no diagrams or manually drawn network infrastructure diagrams you need to assume what you are being told is accurate.
You need to assume that what was designed or manually diagrammed was actually built.
You may also need to trust people or contractors you do not know that well to build and deliver the infrastructure in line with your expectations so you can deliver a robust and capable application.
Hava eliminates any doubt by interrogating the "Source of Truth", being the actual resources configured in your cloud account right now. The resulting diagram will show you all your resources like databases, instances, load balancers, peering connections and all the metadata and settings pertaining to each resource and you select them on the interactive diagram.
The diagram isn't open for interpretation. Any deviations (unintentional or otherwise) from the original network design will be surfaced.
Reason 2: Is your cloud infrastructure safe from regional outages.
They do happen, not frequently but it has been known. An entire provider availability zone goes offline and if you have critical non-replicated resources hosted only in that zone, then down you go!
We thought long and hard about the layout of Hava's infrastructure diagrams with the end result being a diagram that makes it very easy to see what resources are configured in individual availability zones.
This provides even moderately experienced team members with the ability to tell at a glance whether a network could sustain an AZ outage without catastrophic consequences.
As a manager with governance responsibilities, being able to spot redundancy issues and resolve them with some simple load balancing and replication is easily achieved using Hava's automatically generated clean and thoughtfully laid out diagrams.
Reason 3: Are you paying for unused environments?
Before an application using cloud infrastructure reaches production, it will almost always transition through several stages and different teams. There may be conceptual design, engineering, testing, staging and deployment phases each with their own isolated infrastructure and teams.
As applications mature some of these environments can get pushed to the side and become obsolete as they are abandoned as teams move on to new projects, clients or applications.
Sometimes the change of priorities, staff, teams or consultants can result in development and testing environments being left running but unused for months or in some cases years.
Because Hava scans your entire cloud config when you connect, all of these environments are surfaced on your diagram dashboard, so you can start asking questions and decommissioning unused networks that are unused and hidden away in your cloud billing account.
Reason 4: How well architected are your AWS environments?
There are usually multiple ways to achieve a result. There are many ways to store and place data, many ways to route network traffic, many strategies to handle traffic spikes, you get the picture.
Whenever an AWS resource or service is chosen there are almost too many options available to configure them for the best results.
Then of course so many new services, resources and methodologies are rolled out continuously that inevitably what used to be best practice, no longer is.
There could be faster, cheaper, smarter and more secure ways of configuring your AWS environment or there may be new settings added to your existing resources that could improve the performance or security of your network.
Keeping on top of the changes can be challenging and time consuming, which why we added a reporting module to Hava.
The initial report called "AWS Compliance" is also automatically generated (just like the topology and security diagrams) and it compares your AWS config to AWS Well Architected best practice methodology. The report highlights
- Regions in use
- Resource type in use
- Users and Roles configured ( both used and unused )
- Findings graphed by severity
- Detailed findings by severity (like publicly visible S3 buckets)
The report itself is generated daily and downloadable in a stylish management report that you can review and keep on top of config issues and use to present further up the management chain to demonstrate what a fantastic job your engineering team is doing.
Reason 5: Is Your Network Over Engineered?
The rule of thumb with most engineering projects (IT or otherwise) is to take what you think is required and treble it and you'll be much closer to reality.
Designing networks is much the same, to be on the safe side, why not double or treble the size or instances of resources just in case traffic and demand warrant it. Why not, it's a great strategy, foolproof.... Unless of course, you're the one paying the cloud bill.
Having a visualized network, you as a manager can instantly see everything that is running and what the estimated cost is for each individual resource in an easy to read interactive format.
In a 2020 DevOps.com user poll, readers reported around 44% of cloud spend was on non-production environments. We've already discussed identifying these in terms of unused environments.
With Hava you can see the estimated costs of the non-production dev & test environments. If they are significant you can assess the viability of turning them off during non business hours if they are not being used.
Hava diagrams will also help you identify rogue resources that have been set up, but are no longer in use and allow you to spot expensive resources, like massive database instances running at 5% capacity that could potentially be downgraded.
We genuinely had a user discover an unused database instance costing them around US$25k per year that hadn't been used for several years.
Reason 6: The Auditors are here - are you ready?
Keeping up to date network topology diagrams is tedious and time consuming, not to mention expensive if you are paying top engineers or consultant to do it.
But... having up to date diagrams is an important governance issue if you are subject to PCI compliance audits or likely to be subjected to insurance liability or legal claims involving the security or integrity of your network design and data. So as well as an important tool for internal communications and onboarding purposes, up to date diagrams are kind of a big deal.
Hava takes care of this for you, all hands free, set and forget. Once connected, Hava continuously polls your cloud config for changes. Once a change is detected, a new diagram set is generated automatically and the superseded diagram set is placed into a version history.
Which leads us to the last reason in this post.
Reason 7: Quickly Responding to a Disaster
Expect the unexpected is a sound management principle and there's nothing more unexpected than a failed network causing an application to bork out causing inconvenience to your user base.
If a quick check of your cloud vendor reveals no multi region outages foiling your multi region redundancy strategy ( See reason 2:) then you need to quickly establish if anything has changed on your end.
Because Hava captures network changes and places a full set of superseded diagrams into version history, you have an audit trail of changes in interactive diagram form.
By comparing what is running now, v.s. what was running in the last iteration, or the one before that you can compare diagrams side by side quickly to spot missing resources. A missing internet or vpn gateway would be mildy inconvenient and would explain the connection errors blowing up the support desk, or maybe the database holding log in credentials shows as stopped.
All scenarios easily spotted by comparing current diagrams to previous versions.
Hava diagrams are elegant and beautiful (in our humble opinion) but this particular use case is where Hava is in a league of it's own.
There are a number of qualities we believe make Hava.io a simple choice for cloud engineering team managers:
- All automatic.
- Hands free.
- Devoid of human error.
- 100% accurate and impossible to manipulate
- Represent the "Source of Truth"
- Fast diagrams that free up your engineers to build more cool stuff
- User defined custom diagrams so you can diagram just the segments of your networks each team requires.
- Hybrid diagrams. Place GCP, Azure & AWS on the same diagram.
- Single resource diagrams - Give your database admin a single diagram with all your databases across multiple accounts and cloud providers on the same diagram.
The list could go on for ever, but you're a busy person so we'll leave it here and just say, that if you wan't to create a free Hava account and explore what the software can do for your organization please:
If you have any questions or would like to arrange a 1 on 1 demo with one of our expert CSMs please get in touch via the chat widget or email and we'll get right back to you.