Forum Discussion

khatland's avatar
khatland
Copper Contributor
Jul 01, 2025

CloudNetDraw – Instantly generate Azure network diagrams

Hi everyone,

 

I wanted to share a tool I’ve built that might help some of you who regularly document or review Azure network topologies.

CloudNetDraw is a free tool that generates Azure network diagrams (HLD and MLD) directly from your environment. It supports both user login and service principals — or you can self-host it.

What it does:

  • Visualizes hub and spoke topology
  • Shows all subnets with CIDRs
  • Highlights NSG and UDR presence
  • Exports editable Draw.io files
  • Hosted version available, or deploy it yourself
  • Open source on GitHub

Try it here:

https://www.cloudnetdraw.com

 

GitHub repo:

https://github.com/krhatland/cloudnet-draw

 

Privacy & Security:

CloudNetDraw does not collect any information about your network resources or environment. Drawings are generated in memory and deleted immediately after use. We do not store, access, or analyze your topology data.

 

Would love to hear your thoughts or suggestions!

 

Thanks,

Kristoffer

network
nsg
routing

2 Replies

  • OfekBenEliezer's avatar
    OfekBenEliezer
    MCT
    Jul 02, 2025


    I constantly work with network topologies across various client environments — and CloudNetDraw looks like a huge time-saver.

    The fact that it visualizes hub-and-spoke architecture, NSGs, UDRs, and exports clean Draw.io diagrams is extremely valuable.
    Also, I really appreciate the ability to self-host - that’s a game changer for enterprise clients with strict data policies.

    A few suggestions that could make it even more powerful:

    Support for peering connections and VPN gateways
    Terraform/ARM template import for IaC-based environments
    Option to save or compare versions for change tracking
    Role-based access controls for collaborative environments

    I'll definitely share this with my community and students - tools like this are exactly what Azure professionals need.
    Thanks for making it open source!

    Ofek Ben Eliezer, MCT

    • khatland's avatar
      khatland
      Copper Contributor
      Jul 03, 2025

      Thank you for the kind words Ofek Ben Eliezer!

      I struggle with a lot of the same which is why I eventually made the tool!

      The self-host option was a requirement from my enterprise clients as well, so glad to hear that you have seen the same! 

      VPN Gateway is honestly just an oversight, it will be added very soon! Most my clients use ExpressRoute exclusively and some don't allow VPNs anymore, which is why I have not included it, but I will fix!

      There are already several tools able to map out networks based on IaC, my issue with that is that the map (code) and reality (terrain) does not always match. There is often things that is not visible in the code that someone just set up manually. So I don't fully trust the IaC and would like a real snapshot of the running environment. But I do see the value of being able to do both, so I will add it to the list.

      Save or compare versions, yes! For the self-host options I add a timestamp to all the files and my end-goal here is to integrate it directly to ServiceNow, Jira, Confluence, etc. to be able to do that. But that will require some further work.

      Not quite sure how to address the RBAC for collab environments, not sure what issue you see there, but please elaborate and I will answer as best I can! 

      I will likely add the visuals to see spoke-to-spoke peerings and VPN gateways first of all in the next release! 

      Update: VPN Gateways should now be usable, but only within the hub vNet.
      Test it at https://www.cloudnetdraw.com

      Br
      Kristoffer

Resources