You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/iot-operations/deploy-iot-ops/concept-production-guidelines.md
+8-11Lines changed: 8 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -18,15 +18,15 @@ Decide whether you're deploying Azure IoT Operations to a single-node or multi-n
18
18
19
19
## Platform
20
20
21
-
Currently, K3s on Ubuntu 24.04 is the only generally available platform for deploying Azure IoT Operations in production.
21
+
Use a [supported environment](../overview-support.md#supported-environments) for deploying Azure IoT Operations in production.
22
22
23
23
## Cluster setup
24
24
25
25
Ensure that your hardware setup is sufficient for your scenario and that you begin with a secure environment.
26
26
27
27
### System configuration
28
28
29
-
Create an Arc-enabled K3s cluster that meets the system requirements.
29
+
Create an Arc-enabled cluster that meets the system requirements.
30
30
31
31
* Use a [supported environment for Azure IoT Operations](../overview-support.md#supported-environments).
32
32
*[Configure the cluster](./howto-prepare-cluster.md) according to documentation.
@@ -88,15 +88,12 @@ In the Azure portal deployment wizard, the schema registry and its required stor
88
88
89
89
* The storage account must have hierarchical namespace enabled.
90
90
* The schema registry's managed identity must have contributor permissions for the storage account.
91
-
* The storage account is only supported with public network access enabled.
92
-
93
-
For production deployments, scope the storage account's public network access to allow traffic only from trusted Azure services. For example:
94
-
95
-
1. In the [Azure portal](https://portal.azure.com), navigate to the storage account that your schema registry uses.
96
-
1. Select **Security + networking > Networking** from the navigation menu.
97
-
1. For the public network access setting, select **Enabled from selected virtual networks and IP addresses**.
98
-
1. In the **Exceptions** section of the networking page, ensure that the **Allow trusted Microsoft services to access this resource** option is selected.
99
-
1. Select **Save** to apply the changes.
91
+
* For production deployments, scope the storage account's public network access to allow traffic only from trusted Azure services. For example:
92
+
1. In the [Azure portal](https://portal.azure.com), navigate to the storage account that your schema registry uses.
93
+
1. Select **Security + networking > Networking** from the navigation menu.
94
+
1. For the public network access setting, select **Enabled from selected virtual networks and IP addresses**.
95
+
1. In the **Exceptions** section of the networking page, ensure that the **Allow trusted Microsoft services to access this resource** option is selected.
96
+
1. Select **Save** to apply the changes.
100
97
101
98
For more information, see [Configure Azure Storage firewalls and virtual networks > Grant access to trusted Azure services](../../storage/common/storage-network-security.md#grant-access-to-trusted-azure-services).
0 commit comments