To help you secure your IoT solution from exposure to the public internet, we’re announcing two Azure IoT Hub features to support the virtual network (VNet) connectivity pattern:
You can use these features to bring your IoT hub into your private VNet and achieve network isolation. For example, you could configure your devices to communicate with IoT Hub over a private IP address and your routing destinations to block all internet traffic, but still receive data from IoT Hub. There’s no need for gateways, NAT devices, or public IP address firewall rules. All your IoT data can be isolated from the internet and stay within the Microsoft network.
IoT Hub’s support for Azure Private Link is generally available in all regions. With this feature, you can:
IoT Hub is now listed a trusted Microsoft service in all services that support first-party integration with IoT Hub including Storage, Event Hub, and Service Bus when managed identity is turned on. This lets you:
Traditionally, a large portion of IoT customers in the enterprise or manufacturing sectors operate devices that are deployed on an on-premise network environment managed by their organizations. An on-premise network typically uses private IP address ranges which, thus far, required device traffic to pass through a gateway (such as HTTP gateway or a NAT) to reach IoT Hub's public-facing endpoint over the internet.
While such a network setup is always secured by IoT Hub's use of TLS encryption for all connections, many customers in manufacturing, healthcare, and other industries need additional security for their sensitive IoT data. Specifically, they need to ensure their cloud resources can only be accessed from within networks they own and control and that the packets never traverse the public internet. These customers can now adopt the VNet connectivity pattern to communicate with IoT Hub as well as other Azure services to achieve end-to-end network isolation.
With VNet support, IoT Hub now offers network isolation for all interaction models it has:
By controlling each of these connectivity scenarios, customers can ensure their IoT data is fully isolated from the public internet and can be accessed from secured networks.
To get started, refer to our full documentation at IoT Hub support for virtual networks.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.