What is an architecture diagram?
An architecture diagram is a picture of your network. At a minimum, it has all the important connections, network components, and network address allocations. It can but does not need to include every network device i.e. PCs and printers.
Here are 5 reasons to create an Architecture Diagram
1. Asset identification – It helps you know what is on your network. This helps you know what needs to be secure.
2. Remote Connections – You can clearly see all the remote connections to your network for easier management of them.
3. Security Assessments – This helps you define the scope of security assessments and to determine what exactly to assess.
4. Updates and Upgrades – Using the diagram it is possible to quickly understand the impacts network updates and upgrades.
5. Network Insight – Sometimes with an architecture diagram you can make conclusion about the security of your network such as proper DMZ setup, redundant communication channels, and backup configurations.
Here are a bonus reason 6 and 7:
6. Communication - A picture is worth a thousand words and the more complex your network is the easier it is to have discussions with your team using a picture.
7. Time Saver – Many of my customers have found that having and maintaining an architecture diagram has been an overall time saver because is contains so much information in one location.
What tools can be used to create the diagrams?
There are several tools that can be used to create the architecture diagram including PowerPoint and Visio. There are probably more complicated tools available however they are not necessary and may hinder keeping it up to date.
How do you create the diagram?
In many cases, creating the initial diagram can be the hardest part. Use your whole team to create an initial draft and then physically check that it is correct by checking racks and tracing cables. Bring a labeler unless you plan to retire in the next couple of months.
How to keep it up to date?
1. Tracking your changes - This should be included in your policies and procedures for making network changes.
2. Yearly Review - Perform at least a yearly review of the diagram.
3. Security Assessment - If you work with an independent security assessment team, they should be using and reviewing it for accuracy as part of an assessment. If you don’t have an architecture diagram, they will probably be creating something just ask them for it.
Create your own architecture diagram, or if you have one check it for accuracy. See your network clearly!