You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/iot-edge/production-checklist.md
+12-1Lines changed: 12 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -318,7 +318,9 @@ If your networking setup requires that you explicitly permit connections made fr
318
318
319
319
In all three cases, the fully qualified domain name (FQDN) would match the pattern `\*.azure-devices.net`.
320
320
321
-
Additionally, the **Container engine** makes calls to container registries over HTTPS. To retrieve the IoT Edge runtime container images, the FQDN is `mcr.microsoft.com`. The container engine connects to other registries as configured in the deployment.
321
+
#### Container registries
322
+
323
+
The **Container engine** makes calls to container registries over HTTPS. To retrieve the IoT Edge runtime container images, the FQDN is `mcr.microsoft.com`. The container engine connects to other registries as configured in the deployment.
322
324
323
325
This checklist is a starting point for firewall rules:
324
326
@@ -347,6 +349,15 @@ You can enable dedicated data endpoints in your Azure Container registry to avoi
347
349
348
350
If you don't want to configure your firewall to allow access to public container registries, you can store images in your private container registry, as described in [Store runtime containers in your private registry](#store-runtime-containers-in-your-private-registry).
349
351
352
+
#### Azure IoT Identity Service
353
+
354
+
The [IoT Identity Service](https://azure.github.io/iot-identity-service/) provides provisioning and cryptographic services for Azure IoT devices. The identity service checks if the installed version is the latest version. The check uses the following FQDNs to verify the version.
355
+
356
+
| FQDN | Outbound TCP Ports | Usage |
357
+
| ---- | ------------------ | ----- |
358
+
| `aka.ms` | 443 | Vanity URL that provides redirection to the version file |
359
+
| `raw.githubusercontent.com` | 443 | The identity service version file hosted in GitHub |
360
+
350
361
### Configure communication through a proxy
351
362
352
363
If your devices are going to be deployed on a network that uses a proxy server, they need to be able to communicate through the proxy to reach IoT Hub and container registries. For more information, see [Configure an IoT Edge device to communicate through a proxy server](how-to-configure-proxy-support.md).
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments