You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/iot-operations/deploy-iot-ops/concept-production-guidelines.md
+4-3Lines changed: 4 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -28,6 +28,7 @@ Ensure that your hardware setup is sufficient for your scenario and that you beg
28
28
29
29
Create an Arc-enabled K3s cluster that meets the system requirements.
30
30
31
+
* Use a [supported environment for Azure IoT Operations](../overview-iot-operations.md#supported-environments).
31
32
*[Configure the cluster](./howto-prepare-cluster.md) according to documentation.
32
33
* If you expect intermittent connectivity for your cluster, ensure that you've allocated enough disk space to the cluster cache data and messages while the [cluster is offline](../overview-iot-operations.md#offline-support).
33
34
* If possible, have a second cluster as a staging area for testing new changes before deploying to the primary production cluster.
@@ -41,8 +42,8 @@ Consider the following measures to ensure your cluster setup is secure before de
41
42
*[Validate images](../secure-iot-ops/howto-validate-images.md) to ensure they're signed by Microsoft.
42
43
* When doing TLS encryption, [bring your own issuer](../secure-iot-ops/concept-default-root-ca.md#bring-your-own-issuer) and integrate with an enterprise PKI.
43
44
*[Use secrets](../secure-iot-ops/howto-manage-secrets.md) for on-premises authentication.
44
-
* Keep your cluster and Azure IoT Operations deployment up to date with the latest patches and minor releases to get all available security and bug fixes.
45
45
* Use [user-assigned managed identities](./howto-enable-secure-settings.md#set-up-a-user-assigned-managed-identity-for-cloud-connections) for cloud connections.
46
+
* Keep your cluster and Azure IoT Operations deployment up to date with the latest patches and minor releases to get all available security and bug fixes.
46
47
47
48
### Networking
48
49
@@ -79,7 +80,7 @@ In the Azure portal deployment wizard, the broker resource is set up in the **Co
79
80
80
81
In the Azure portal deployment wizard, the schema registry and its required storage account are set up in the **Dependency management** tab.
81
82
82
-
* The storage account must have public network access enabled.
83
+
* The storage account is only supported with public network access enabled.
83
84
* The storage account must have hierarchical namespace enabled.
84
85
* The schema registry's managed identity must have contributor permissions for the storage account.
85
86
@@ -101,7 +102,7 @@ After deployment, you can [edit BrokerListener resources](../manage-mqtt-broker/
101
102
102
103
*[Configure TLS with automatic certificate management](../manage-mqtt-broker/howto-configure-brokerlistener.md#configure-tls-with-automatic-certificate-management) for listeners.
103
104
104
-
You can also [edit BrokerAuthentication resources]
105
+
You can also [edit BrokerAuthentication resources](../manage-mqtt-broker/howto-configure-authentication.md).
105
106
106
107
* Use [X.509 certificates or Kubernetes service account tokens for authentication](../manage-mqtt-broker/howto-configure-authentication.md#configure-authentication-method).
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments