A network map represents the relationship between objects. This representation can be 2-dimensional or 3-dimensional depending on how the data is structured. Network maps are useful for mapping social relationships, supply chains, and, as I’ll demonstrate in this post, computer networks.
Creating maps of cyberspace is inherently unintuitive. The instantaneous and global nature of networks like the internet defy traditional spatial interpretation. By depicting these networks, for example, on a 2-deminsional plane, the relationship between devices in a network become easier to interpret at a glance.
Below is a network topology map I created to illustrate the relationship of devices I personally manage. For the creation of this map I used the free tools from lucidchart.com. The free component of the tool is limited to 60 elements, including line features.
The network consists of 8 servers, 2 desktops, 2 laptops, 2 firewalls, and 8 media devices over 2 sites. By using a combination of symbology and labels, each computer and it’s function can be quickly interpreted.
I’d like to take a moment to stress the importance of what I mean when I say “at a glance” or “on the fly” when referring to data visualizations. Data, in its rawest form, can be difficult to interpret quickly. Visualizations aid the analysis of data by making it more easily interpretable through communication, in terms of presentation, or by analyst in terms of speed and reliability. When I’m referring to elements of data visualizations like maps that contribute to easier data conveyance at a glance, I’m directly addressing things that make the data more communicable in terms of conceptual and spatial accessibility, speed of interpretation, and reliability as related to distinction and the ease of identification.
Stylistically, the above network map is radial in nature, with the internet occupying the space near the center. In networks that use intranets, or private networks, this space might provide a space for the main routers, switches, domains, or any other device that sees the most traffic or performs a key role in the network. The network is split into three parts, all communicating to the other devices through the internet. For this reason the internet becomes the central feature of the map, the backbone of the network. It’s enunciated by its position on the map and since this central position tends to draw the eyes, it’s easier to, you guessed it, interpret at a glance.
Their are 3 sections of the general network structure. We’ll call the line going to the top of the diagram from the internet symbol site A, and the one drawn towards the bottom, site B. The three separate lines drawn from internet symbol going towards the left represent assets that are in the “cloud” or hardware I don’t have physical access to. These machines aren’t on the same network, represented by the separate, non-intersecting lines, but they’re grouped according to the remote nature of their access.
I tried to make the symbology as intuitive as possible, labeling the different devices by their role, technical specifications, operational capacity. For example, the brick wall represents a firewall unit. At the top we see the all-in-one Untangle unit I wrote about in this article (Working with Untangle Firewall). Site A utilizes a two network setup. All the server assets sit behind the firewall and all the personal devices operate off their own router. This is a network security concept called compartmentalization. If a personal device ever became compromised, it could be leveraged against the rest of the network. The server farm is more operationally secure by the extra layer of security provided by the firewall. This also allows the personal devices to bypass firewall rules which might interrupt leisurely “workflows” while at the same time simplifying firewall operation by not requiring additional rules and conditions.
Site B utilizes a different strategy, this Untangle box, featured in this article (Building an Untangle Box) routes and shapes all traffic. However, the traffic is compartmentalized internally by two separate wifi networks and a hardwired network. The server built in this article (Building a 50TB Workstation/Server) operates off of this box via ethernet. Everything that is not handling sensitive operations like SSH work or banking operates on one Wifi with rules tailored specifically for this heightened level of security. Home media and leisure devices use the other wifi. The idea is that if a router ever becomes compromised, it won\t have leverage over all the devices on the network. This is in addition to the routers being in access point mode, sending all traffic to the untangle box for rules and routing. It never hurts to have these fail safes. All traffic going to site B sits behind a firewall, as opposed to site A which sits behind a modem and router combo unit. This is inherently safer considering all traffic must pass through the untangle box as it moves to or from the internet or, theoretically, other devices.
In the cloud there are 3 VPS servers. These host a variety of functions with the core functionality listed beside them on the map. Like mentioned earlier, these servers aren’t on the same network, or even the same country for the matter. This network relationship is related by the individual lines that do not intersect on there way to the internet symbol.
Creating a network consists of a few design element with plenty left up to the author. It’s easy to begin with a radial design in mind, with devices that serve central points in the network at the center. Grouping devices by role or location helps the reader spatially interpret assets on the fly. Using easily understandable symbology and utilizing verbose labeling helps clarify finer details. Like all maps, computer network maps can change and having a program that allows you to update and edit features is useful for making changes.
The future of maps consists of an abundance of cyberspace assets. Being able to map these networks will define a key component in the toolkits of future cartographers.