Suneet Nangia suneetnangia

## iothubprivatedataegress.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              1 star
            
          
                suneetnangia
                / iothubprivatedataegress.md
            
            
              Last active
              February 13, 2023 20:44
            
              
                Iot Hub Secure Data Egress with Private Network and Public Device Endpoint
              
          
    Iot Hub Secure Data Egress with Private Network and Public Device Endpoint

This document explains how we can securely create IoT Hub in a private virtual network and at the same time allow devices (both leaf and edge devices) to connect to this IoT Hub without being part of the virtual network, the latter is the key part of the challenge we are addressing in this solution. If we enforce devices to be in the same network as that of IoT Hub, the flexibility is lost as not all devices can connect to Azure Virtual Network without a significant pre-work ahead of time, which may not even be an option in some cases. On the other hand, if we do not enable Private Link for IoT Hub, the data egress endpoint is made publicly available which is not always ideal, as most customers would like to keep data processing private.
The following diagram provides the overarching solution and it's key components:

  
## MinecraftOnMesh
{
  "$schema": "http://schema.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "location": {
      "type": "string",
      "defaultValue": "WestEurope",
      "metadata": {
        "description": "Location of the resources (e.g. westus, eastus, westeurope)."
      }

## Dec15PreviewApiAppParameters.json
{
  "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "apiAppName": {
      "value": "MyAPIAppName"
    },
    "externalUrl": {
      "value": "http://myapp.azurewebsites.net"
    },

## Dec15PreviewApiApp.json
{
  "$schema": "http://schemas.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "externalUrl": {
      "type": "string",
      "metadata": {
        "description": "External url of the service used to access the service and for auth redirections."
      }
    },

## ZumoTokenClientFlowPlugin.cs
namespace Postcode.Performance.Plugins
{
    using System;
    using System.Collections.Generic;
    using System.ComponentModel;
    using System.Globalization;
    using System.Net.Http;
    using System.Threading;
    using System.Threading.Tasks;
	{
	"$schema": "http://schema.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json",
	"contentVersion": "1.0.0.0",
	"parameters": {
	"location": {
	"type": "string",
	"defaultValue": "WestEurope",
	"metadata": {
	"description": "Location of the resources (e.g. westus, eastus, westeurope)."
	}
	{
	"$schema": "http://schemas.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json#",
	"contentVersion": "1.0.0.0",
	"parameters": {
	"externalUrl": {
	"type": "string",
	"metadata": {
	"description": "External url of the service used to access the service and for auth redirections."
	}
	},
	namespace Postcode.Performance.Plugins
	{
	using System;
	using System.Collections.Generic;
	using System.ComponentModel;
	using System.Globalization;
	using System.Net.Http;
	using System.Threading;
	using System.Threading.Tasks;