Network Watcher Topology should get information for resources in different resource group than VNET
The preview of Network Watcher has a Topology feature which draws objects connected to a specific VNET, which is great. But, I noted that for a full topology, ALL resources need to be on the same Resource Group than the VNET chosen. That doesn't make sense, because is pretty common to have VMs and NICs on different RGs. Would be great if you choose a RG and a VNET as a starting point, and Topology feature gather all other resources interconnected independently of their RGs.
We are working on improving the capabilities of the Network Watcher Topology. This includes visualising resources across Resources Groups as well as across subscriptions, filters, handling large resource counts well and more.
Customers can expect access by Jan 2021 latest.
For preview access, sign up here: https://aka.ms/ARTaccess
Dimitris Strevinas commented
This is one of the most important features to be able to perform an security architecture review on Azure infra.
Not sure if resources like App Services that can be associated with a VNET are currently featured in the topology. If not, this is also an important point.
Pranavam Rajan, Hari commented
I completely agree ,this needs to be changed and this can only used for demo environment as of now. Most of the enterprise are isolating the VNET resource item to a different resource group and other resources are creating different resource groups in order to implement the azure RBAC , again it is a best practice as well . I felt this doesn't have any use in the enterprise environment.
Second thing is that , we have more than 300 plus routing table in the UDR which is associated to each subnets and the topology diagram draw all these 300 plus routing table thus it is not much useful. Please hide UDR routing table entries from the topology diagram in order to respect User experience.
Vassilis Ioannidis commented
Hello, any news on this one?
Hello Microsoft, thank you for the update and great news that you plan to implement this. Now the question is, when? Can you estimate what quarter or half of what year this will land in preview? Your users are crying out for this!
Hello Microsoft, what is the status of this planned enhancement? You last responded 1 year ago and the community is unanimous that the topology diagram is essentially useless as it stands. We need this!
we need this topology digram
This is a must have. Vnet is never in same RG as the resources being monitored.
David Hughes commented
+3 - next they could add searchable NSG rules to VM's :)
Mat Bailey commented
I agree - Added 3 votes for this.
This is crazy. What enterprise customer has PCs and VNETs in the same RG?
Andy Ball commented
voted - would say having dedicated RG for VNets / Network artifacts is a pretty de-facto standard in corporate environments
Douglas James Boyd commented
we always place network related services in a dedicated Resource Group, as they generally have a different lifecycle and RBAC requirements