Forum Discussion

khatland's avatar
khatland
Copper Contributor
Jul 01, 2025

CloudNetDraw – Instantly generate Azure network diagrams

Hi everyone,   I wanted to share a tool I’ve built that might help some of you who regularly document or review Azure network topologies. CloudNetDraw is a free tool that generates Azure network d...
network
nsg
routing
OfekBenEliezer's avatar
OfekBenEliezer
MCT
Jul 02, 2025


I constantly work with network topologies across various client environments — and CloudNetDraw looks like a huge time-saver.

The fact that it visualizes hub-and-spoke architecture, NSGs, UDRs, and exports clean Draw.io diagrams is extremely valuable.
Also, I really appreciate the ability to self-host - that’s a game changer for enterprise clients with strict data policies.

A few suggestions that could make it even more powerful:

Support for peering connections and VPN gateways
Terraform/ARM template import for IaC-based environments
Option to save or compare versions for change tracking
Role-based access controls for collaborative environments

I'll definitely share this with my community and students - tools like this are exactly what Azure professionals need.
Thanks for making it open source!

Ofek Ben Eliezer, MCT

  • khatland's avatar
    khatland
    Copper Contributor
    Jul 03, 2025

    Thank you for the kind words Ofek Ben Eliezer!

    I struggle with a lot of the same which is why I eventually made the tool!

    The self-host option was a requirement from my enterprise clients as well, so glad to hear that you have seen the same! 

    VPN Gateway is honestly just an oversight, it will be added very soon! Most my clients use ExpressRoute exclusively and some don't allow VPNs anymore, which is why I have not included it, but I will fix!

    There are already several tools able to map out networks based on IaC, my issue with that is that the map (code) and reality (terrain) does not always match. There is often things that is not visible in the code that someone just set up manually. So I don't fully trust the IaC and would like a real snapshot of the running environment. But I do see the value of being able to do both, so I will add it to the list.

    Save or compare versions, yes! For the self-host options I add a timestamp to all the files and my end-goal here is to integrate it directly to ServiceNow, Jira, Confluence, etc. to be able to do that. But that will require some further work.

    Not quite sure how to address the RBAC for collab environments, not sure what issue you see there, but please elaborate and I will answer as best I can! 

    I will likely add the visuals to see spoke-to-spoke peerings and VPN gateways first of all in the next release! 

    Update: VPN Gateways should now be usable, but only within the hub vNet.
    Test it at https://www.cloudnetdraw.com

    Br
    Kristoffer

Resources