将Azure IOT Hub和Azure Device Provisioning服务的主机名列入白名单 [英] Whitelist the host name for Azure IOT Hub and Azure Device Provisioning service
问题描述
我们为6000台设备的客户实施了物联网解决方案。
设备托管在客户网络中的网络防火墙后面。
客户希望白名单只列出特定的IP地址(不希望白名单列出Azure IOT Hub和Azure Device Provisioning服务的主机名。)
我们需要设置一个带有静态公共IP地址的转发代理服务器(Nginx或HA代理) azure vm。
需要了解设备与Azure设备配置服务之间的初始证书握手流和参数,然后是Azure IOT Hub。
注意:在此方案中,我们是否可以使用Azure Application Gateway处理转发代理。
VINAY KUMAR PANCHOLI
We implemented IOT solution for our client with 6000 devices.
Devices are hosted behind a network firewall in client network.
Client wants to white listed only specific ip addresses (Don't want to white list the host name for Azure IOT Hub and Azure Device Provisioning service).
We need to setup a forward proxy server (Nginx or HA Proxy) with static public ip address on azure vm.
Need to understand the initial certificate handshake flow and parameters between the device and the Azure Device Provisioning Service and followed by Azure IOT Hub.
Note : Can we use Azure Application Gateway for handling forward proxy in this scenario.
VINAY KUMAR PANCHOLI
推荐答案
Hi Vinay,
Hi Vinay,
可以在此处找到Azure数据中心IP范围: https:/ /www.microsoft.com/en-us/download/details.aspx?id=41653
The Azure Datacenter IP Ranges can be found here: https://www.microsoft.com/en-us/download/details.aspx?id=41653
因为物联网集线器和设备配置服务的IP地址可以更改时间并非静态,最好的解决方案是白名单列出托管它的数据中心的IP地址范围。
Because the IP address of the IoT Hub and Device Provisioning Service can change over time and is not static, the best solution is to white list the IP address range for the data center where it is hosted.
谢谢!
这篇关于将Azure IOT Hub和Azure Device Provisioning服务的主机名列入白名单的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!