管理 IoT 中心的公用网络访问Managing public network access for your IoT hub

若要仅允许专用终结点访问 VNet 中的 IoT 中心,请禁用公用网络访问。To restrict access to only private endpoint for your IoT hub in your VNet, disable public network access. 为此,请使用 Azure 门户或 publicNetworkAccess API。To do so, use Azure portal or the publicNetworkAccess API.

使用 Azure 门户禁用公用网络访问Turn off public network access using Azure portal

  1. 访问 Azure 门户Visit Azure portal
  2. 导航到 IoT 中心。Navigate to your IoT hub.
  3. 从左侧菜单中选择“网络”。Select Networking from the left-side menu.
  4. 在“允许公用网络访问”下,选择“已禁用”Under “Allow public network access to”, select Disabled
  5. 选择“保存” 。Select Save.

显示在 Azure 门户中的何处禁用公用网络访问的图像

若要启用公用网络访问,请选择“所有网络”,然后选择“保存” 。To turn on public network access, selected All networks, then Save.

禁用公共网络访问后的 IoT 中心终结点、IP 地址和端口IoT Hub endpoint, IP address, and ports after disabling public network access

IoT 中心是一种多租户平台即服务 (PaaS),因此不同的客户共用相同的计算、网络和存储硬件资源池。IoT Hub is a multi-tenant Platform-as-a-Service (PaaS), so different customers share the same pool of compute, networking, and storage hardware resources. IoT 中心的主机名会映射到一个公共终结点,该终结点具有可通过 Internet 以公开方式路由的 IP 地址。IoT Hub's hostnames map to a public endpoint with a publicly routable IP address over the internet. 不同的客户将共享此 IoT 中心公共终结点,广域网和本地网络中的 IoT 设备均可对其进行访问。Different customers share this IoT Hub public endpoint, and IoT devices in over wide-area networks and on-premises networks can all access it.

强制禁用对特定 IoT 中心资源的公共网络访问,以确保隔离。Disabling public network access is enforced on a specific IoT hub resource, ensuring isolation. 为了使服务对其他使用公共路径的客户资源保持活动状态,其公共终结点需保持可解析状态,IP 地址需保持可发现状态,端口需保持打开状态。To keep the service active for other customer resources using the public path, its public endpoint remains resolvable, IP addresses discoverable, and ports remain open. 不必为此担忧,因为 Microsoft 集成了多层安全保护,可确保租户间完全隔离。This is not a cause for concern as Microsoft integrates multiple layers of security to ensure complete isolation between tenants. 若要了解详细信息,请参阅 Azure 公有云中的隔离To learn more, see Isolation in the Azure Public Cloud.

筛选器IP Filter

如果禁用了公用网络访问,则会忽略所有 IP 筛选器规则。If public network access is disabled, all IP Filter rules are ignored. 这是因为系统会阻止公共 Internet 中的所有 IP。This is because all IPs from the public internet are blocked. 若要使用 IP 筛选器,请使用“所选 IP 范围”选项。To use IP Filter, use the Selected IP ranges option.

与事件中心兼容的内置终结点的 bug 修复Bug fix with built-in Event Hub compatible endpoint

IoT 中心有一个 bug,即,禁用对 IoT 中心的公用网络访问后,仍可通过公共 Internet 访问与事件中心兼容的内置终结点There is a bug with IoT Hub where the built-in Event Hub compatible endpoint continues to be accessible via public internet when public network access to the IoT Hub is disabled. 若要了解有关此 bug 的详细信息,并与我们联系以解决此 bug,请参阅如果禁用 IoT 中心的公用网络访问,将禁止访问内置事件中心终结点To learn more and contact us about this bug, see Disabling public network access for IoT Hub disables access to built-in Event Hub endpoint.