You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/iot-operations/manage-mqtt-broker/howto-encrypt-internal-traffic.md
+3-17Lines changed: 3 additions & 17 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,7 @@ ms.author: patricka
6
6
ms.topic: how-to
7
7
ms.service: azure-iot-operations
8
8
ms.subservice: azure-mqtt-broker
9
-
ms.date: 11/04/2024
9
+
ms.date: 11/12/2024
10
10
11
11
#CustomerIntent: As an operator, I want to configure MQTT broker so that I can encrypt internal communication and data.
12
12
---
@@ -20,26 +20,12 @@ Ensuring the security of internal communications within your infrastructure is i
20
20
> [!IMPORTANT]
21
21
> This setting requires modifying the Broker resource and can only be configured at initial deployment time using the Azure CLI or Azure Portal. A new deployment is required if Broker configuration changes are needed. To learn more, see [Customize default Broker](./overview-broker.md#customize-default-broker).
22
22
23
-
The **encrypt internal traffic** feature is used to encrypt the internal traffic between the MQTT broker frontend and backend pods. It's enabled by default when you deploy Azure IoT Operations.
24
-
25
-
The benefits include:
26
-
27
-
-**Secure internal traffic**: All internal traffic between the frontend and backend pods is encrypted.
28
-
29
-
-**Secure data at rest**: All data at rest is encrypted.
30
-
31
-
-**Secure data in transit**: All data in transit is encrypted.
32
-
33
-
-**Secure data in memory**: All data in memory is encrypted.
34
-
35
-
-**Secure data in the message buffer**: All data in the message buffer is encrypted.
36
-
37
-
-**Secure data in the message buffer on disk**: All data in the [message buffer on disk](./howto-disk-backed-message-buffer.md) is encrypted.
23
+
The **encrypt internal traffic** feature is used to encrypt the internal traffic in transit between the MQTT broker frontend and backend pods. It's enabled by default when you deploy Azure IoT Operations.
38
24
39
25
To disable encryption, modify the `advanced.encryptInternalTraffic` setting in the Broker resource. This can only be done using the `--broker-config-file` flag during the deployment of Azure IoT Operations with the `az iot ops create` command.
40
26
41
27
> [!CAUTION]
42
-
> Disabling encryption can enhance the performance of the MQTT broker, which may be beneficial in high-throughput IoT deployments. However, to safeguard against security threats like man-in-the-middle attacks, we strongly recommended to keep this setting enabled. Only disable encryption in controlled, non-production environments for testing purposes.
28
+
> Disabling encryption can improve MQTT broker performance. However, to protect against security threats like man-in-the-middle attacks, we strongly recommend keeping this setting enabled. Only disable encryption in controlled non-production environments for testing.
0 commit comments