There is no question that keeping accurate GCP architecture diagrams is essential for well managed and easily communicated network infrastructure.
Having up to date diagrams on hand allows you to easily understand the design and operation of your Google Cloud architecture and gives you the ability communicate your network design at all levels of your organisation.
There are a number of things to consider when deciding your documentation strategy. In this post, we'll take a look at those and more specifically hava.io's approach to these considerations.
Google Cloud Architecture Diagrams
Clear, concise and logically laid out GCP infrastructure diagrams will typically be laid out by environment (cloud account) as the canvas which contains your network, the underlying availability zones and subnets.
Having your network topology laid out like this shows you what zones you have configured and what resources have been commissioned in each zone. This is particularly useful when designing in redundancy to your network. What happens to your application if any one of your zones has an outage. Will your application persist?
Interactive Google Cloud Platform Diagrams
The downside to manually creating GCP network topology diagrams is the massive amount of tedious effort involved. Constantly flipping backwards and forwards from your drawing application to your console to establish what resources are there and how they are configured is both time consuming and susceptible to error.
The way Hava approaches this challenge is automation and separating the resource attributes onto a separate attribute pane.
Instead of trying to fit all the known datapoints for each resource onto the diagram, Hava diagrams are interactive. If you want to deep dive into the configuration of a visualized resource, you simply click on it and the attribute pane to the right of the diagram changes to reveal contextual metadata relating to the resource selected.
Selecting the demo-redis icon on the above diagram changes the attribute pane to show all the known data relating to that resource.
The result of this approach is that all the critical data you might need is 1 click away without having to leave the diagram, yet the diagram remains clean, uncluttered and easy to read.
Custom GCP Diagrams
Using Hava's automated diagram solution your GCP configuration is scanned when you connect to it and discovered environments are used to generate diagrams.
Sometimes you are only interested in a subset of an environment, like an individual subnet, a certain type of resource or everything that is tagged with a specific value like "development" or "production"
In this situation Hava provides the ability to generate custom diagrams using a number of reserved parameters as well as customer generated tags meaning there is almost unlimited flexibility to create just the diagrams you need.
The reserved search parameters include multi platform terms like
- Region:
- Name:
- VPC:
- Subnet:
- Type:
- Source:
- IP:
As well as GCP Specific terms
- Project:
You can also use user generated tag names when defining custom diagrams. So for instance if you created a tag to identify whether a resource was related to a development or production environment it might look something like "Status:Production" or "Status:Dev".
The "Status" tag could then be used to build diagrams that just show everything in "Dev"
Any search parameter entered that isn't in the list of reserved terms is treated as a tag.
You can execute these queries to build on-the-fly diagrams to view once. The typical use case is where you are trying to locate a specific resource that could be in any one of hundreds of client environments.
If you want to revisit the custom diagram, then you have the ability to save it to your dashboard. Once you save the diagram, Hava will treat it like all other diagrams and continuously poll the components looking for changes and automatically update the diagrams and version history when changes are detected.
A typical use-case for saved custom diagrams are to isolate dev vs production environments onto separate diagrams, create single resource type diagrams, drawing data from multiple accounts onto one diagram (like databases for a DbAdmin) , or to create Hybrid cloud diagrams from multiple cloud vendors.
Accessing GCP Network Topology Diagram Version History
Keeping your Google Cloud Platform network topology diagrams up to date can be tedious and is an often overlooked task we all mean to get around to doing, but rarely do.
Unless you automate the process.
Just like Hava automatically generates your diagrams when you connect a data source, it also keeps your GCP diagrams up to date by continuously polling your configuration settings and spawning a new diagram set when changes are detected.
There can be a downside to this automation. If a number of consecutive config changes are made that have unexpected consequences, then there is a danger that the previous working network design will be lost if you didn't make copies of the diagrams. Having diagrams of the last stable configuration is essential when diagnosing outages or identifying critical resources that have gone offline or have been inadvertently modified or deleted.
It's also useful to have an audit trial of consecutive configuration changes to enable you to track back between network designs to see why things deteriorated or improved due to the changes.
Hava's approach to this challenge is to automatically update your diagrams as changes are detected, but ALSO place the superseded diagram sets INDIVIDUALLY into a version history.
These "Versions" are a complete diagram set that is fully interactive, meaning you can open up an older version, click around the diagram, pull up resources and metadata as it was configured at the time the version was captured.
Exporting GCP Diagrams for Editing or Presentations
From an engineering perspective, especially for your existing GCP infrastructure, the native Hava diagrams should have everything you need.
Sometimes however there are good reasons to export your diagrams.
Presentations. You need a JPG or PNG of existing infrastructure for inclusion into a presentation or proposal.
Offline Storage. You may have compliance or internal policy requirements to keep your network documentation in hard copy or stored separately.
Diffing & Comparisons. You may encounter a scenario where you need a granular comparison of resource settings between two diagram sets (versions). Exporting is available to both CSV and JSON to help with this.
Editing. Hava has built a reputation on accuracy. The diagrams generated and stored within the application reflect what actually exists in your cloud configuration. The diagrams can be relied upon as they are generated from the source of truth and cannot be manipulated. Sometimes however, being able to use your network diagrams as a starting point when designing improvements or making changes can be a time saver, so we provide the ability to export Visio VSDX file formats so you can edit the diagrams outside of Hava. If you don't have Visio, importing the VSDX files into draw.io provides similar editing functionality.
GCP Icons
Hava discovers resources configured in your GCP account console. Depending on the resource, discovered components may or may not be visualised on your GCP infrastructure diagrams.
Items that are not visualised on your diagrams are available on the "List View" so you can still analyse and export a full list of everything discovered.
Resources Visualised |
|
Compute Backend Service |
|
External VPN Gateway |
|
Compute Instance |
|
Compute Interconnect |
|
Compute Nat Gateway |
|
Compute Network |
|
Compute Router |
|
Compute Subnetwork |
|
Compute URL Map |
|
VPN Gateway |
|
DNS Managed Zone |
|
Memory Store Instance |
|
SQL Instance |
|
Storage Bucket |
|
Imported resources not visualised on your automated interactive cloud infrastructure diagram will appear within the attributes tab and on the Hava List View
Non Visualised Resources |
Compute Address |
Compute Autoscaler |
Compute Backend Bucket |
Disk |
Firewall |
Forwarding Rule |
Forwarding Rule Targets |
Instance Group |
Interconnect Attachment |
Network Endpoint Group |
Node Group |
Route |
SSL Certificate |
SSL Policy |
VPN Tunnel |
If you would like to check out Hava GCP diagrams, you can open a free account and import a demo GCP environment to get familiar with the process here:
Also read: DevOps vs Agile