Cloud Infra
Overview
Forward Enterprise provides capability of collecting cloud elements from Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP). This collection includes Subnets, VPN Gateways, Route Tables, Internet Gateways, NAT Gateways, Load Balancers etc on a per VPC level.
To learn more about setting up the collection in Forward, visit our AWS collection setup , Azure collection setup and GCP collection setup page.
Once the collection is complete, Forward will automatically generate respective cloud topology within the network. Upon each new collection, the topology will automatically update to the most accurate version. To explore more about the cloud topology, navigate to Search application to access the global topology view. Select the appropriate location for the cloud provider and it should allow deep dive into the specifics.
AWS topology experience
When user navigates to the specific AWS topology location, the landing screen will show total number of VPCs belong to the location.
The user will have options to expand more on each of the VPCs by clicking on the VPC icon to see the detailed view.
In this table view, users will have choices to enable or disable specific VPC to show or hide on the topology diagram. The information such as IPv4 subnet, IPv6 subnet, Tags and AWS account are visible in the table for user's reference.
In addition to that, expanding the VPC view will allow user to deep dive into assets connected within the VPC. The bottom half of the screen shows number of subnets deployed per region or sub-region.
Clicking on subnets card will provide a table where the user will be able to see subnet name, configured IP address, tags, AWS accounts it belongs to etc. It also gives the user an option to enable or disable a specific subnet which allow him to deep dive into resources connected in the same subnet.
When users deep dive into the resources connected to the subnets, they will have visibility by resource types. The resource type includes EC2 instances, Load balancers, NAT gateways, Transit gateways, Service endpoint and Network devices.
Azure topology experience
When user navigate to the specific azure deployement location, it will show number of VNETs available to the location.
Clicking on one of the VNETs will allow user to deep dive into the deployment as shown below. It provides subnet cards along with the resources attached to the subnet.
The user has option to also see table view of the subnet and resources.
GCP topology experience
For GCP, the experience is similar to how AWS and Azure provides when user navigates to one of the deployed locations within GCP cloud. If there are elements not part of a specific VPC, it will show up in the topology with their respective connection links to the rest of the deployment. As it shows in the image below, the load-balancer is connecting to one of the VPCs.
Clicking on one the VPC will provide a detailed analysis of what the VPC contains. As seen in the image below, a VPC consist of NAT and various subnets.
The detailed view is shown where user can understand their deployment better in terms of type of resources deployed, their IP details, connectivity etc.
Visual options
The users will have ability to modify view as per their requirements. The cloud topology does not have the usual topology editing functionalities.
Some visual elements are explained below.
All the visual options are similar for AWS, GCP and Azure. For the purpose of this document, the options are shown with respect to the AWS cloud topology.
The user will be able to show or hide column of their choice for subnet table and resource table.
The user will be able to select what information they would like to see on the resource card when looking at various resources within each subnet.
The side panel on the right side of the screen provides options to extend the topology view to peer locations as well as peer VPCs. The user can also filter subnets by selecting options provided in the side panel.
Path Analysis
The user will have ability to explore paths to and from any cloud element. When searching a path, it will show all the hops from the sources to the destination. The hops will be grouped by the VPC it belongs to.
