Configure Layered Network Management Preview to use Azure IoT Operations Preview in an isolated network
Important
Azure IoT Operations Preview – enabled by Azure Arc is currently in preview. You shouldn't use this preview software in production environments.
You'll need to deploy a new Azure IoT Operations installation when a generally available release is made available. You won't be able to upgrade a preview installation.
See the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
This walkthrough is an example of deploying Azure IoT Operations Preview to a special environment that's different than the default Azure IoT Operations scenario. By default, Azure IoT Operations is deployed to an Arc-enabled cluster that has direct internet access. In this scenario, you deploy Azure IoT Operations to an isolated network environment. The hardware and cluster must meet the prerequisites of Azure IoT Operations and there are additional configurations for the network, host OS, and cluster. As a result, the Azure IoT Operations components run and connect to Arc through the Azure IoT Layered Network Management Preview service.
Important
This is an advanced scenario for Azure IoT Operations. You should complete the following quickstarts to get familiar with the basic concepts before you start this advanced scenario.
- Deploy Azure IoT Layered Network Management to an AKS cluster
- Deployment overview - Azure IoT Operations Preview
- Prepare your Kubernetes cluster - Azure IoT Operations Preview
- Deploy Azure IoT Operations Preview to an Arc-enabled Kubernetes cluster - Azure IoT Operations Preview
You can't migrate a previously deployed Azure IoT Operations from its original network to an isolated network. For this scenario, follow the steps to begin with creating new clusters.
In this example, you Arc-enable AKS Edge Essentials or K3S clusters in the isolated layer of an ISA-95 network environment using the Layered Network Management service running in one level above. The network and cluster architecture are described as follows:
- A level 4 single-node cluster running on a host machine with direct access to the internet.
- A custom DNS in the local network. See the Configure custom DNS for the options. To set up the environment quickly, you should use the CoreDNS approach instead of a DNS server.
- The level 3 cluster that is blocked from accessing internet. It connects to the Layered Network Management service as a proxy for all the Azure Arc related traffic.
For more information, see Example of logical segmentation with minimum hardware.
Configure level 4 Kubernetes cluster and Layered Network Management Preview
After you configure the network, you need to configure the level 4 Kubernetes cluster. Complete the steps in Configure IoT Layered Network Management level 4 cluster. In the article, you:
- Set up a Windows 11 machine and configure AKS Edge Essentials or set up K3S Kubernetes on an Ubuntu machine.
- Deploy and configure the Layered Network Management service to run on the cluster.
You need to identify the local IP of the host machine. In later steps, you direct traffic from level 3 to this IP address with a custom DNS.
After you complete this section, the Layered Network Management service is ready for forwarding network traffic from level 3 to Azure.
Configure the custom DNS
In the local network, you need to set up the mechanism to redirect all the network traffic to the Layered Network Management service. Use the steps in Configure custom DNS. In the article:
- If you choose the CoreDNS approach (only applicable for K3s cluster in L3), you can skip to Configure and Arc enable level 3 cluster and configure the CoreDNS before your Arc-enable the level 3 cluster.
- If you choose to use a DNS server, follow the steps to set up the DNS server before you move to the next section in this article.
Configure and Arc enable level 3 cluster
The next step is to set up an Arc-enabled cluster in level 3 that's compatible for deploying Azure IoT Operations. You can choose either the AKS Edge Essentials or K3S as the Kubernetes platform.
- Follow the Prepare your Azure Arc-enabled Kubernetes cluster to set up and Arc-enable your K3s cluster.
- You can prepare your K3s cluster with internet access.
- After install the required software components and set up the K3s cluster, you can restrict the internet access for this cluster and rely on the custom DNS that is prepared from earlier steps to direct the network traffic to the Layered Network Management component at level 4.
- If you choose to use CoreDNS instead of DNS server, you need to configure the CoreDNS after setup the K3S cluster.
- Proceed to Arc-enable the cluster.
Verification
Once the Azure Arc enablement of the level 3 cluster is complete, go to your resource group in the Azure portal. You should see a Kubernetes - Azure Arc resource with the name you specified.
- Open the resource overview page.
- Verify status of the cluster is online.
For more information, see Access Kubernetes resources from Azure portal.
Deploy Azure IoT Operations Preview
Once your level 3 cluster is Arc-enabled, you can deploy IoT Operations to the cluster. All IoT Operations components are deployed to the level 3 cluster and connect to Arc through the Layered Network Management service. The data pipeline also routes through the Layered Network Management service.
You can now follow the steps in Deploy Azure IoT Operations Preview to an Arc-enabled Kubernetes cluster to deploy IoT Operations to the level 3 cluster.
Next steps
Once IoT Operations is deployed, you can try the following tutorials. The Azure IoT Operations in your level 3 cluster works as described in the tutorials.