Azure - Network Architecture question - Event Hub - Network Virtual Appliance
Anyone would know how to expose an Event Hub (possibly public) but also makes the traffic goes through an NVA (Network Virtual Applyance), aka a firewall checking the content.
The reason for the public Event Hub is that we need to receive massive notifications from third part vendor.
We cannot have a simple IP check since we're expective few hundred if not few thousand different origins.
As part of the dev etam i'm trying to keep it simple:
* either
* one MI/SAS pk per vendor
* exposing the publishing part only publicly, for vendor
* read only possible from internal private vnet/subnet
Sec team is trying to be sure it's properly secured, but we're not sure if possible, and if so ... how
leads:
someone suggested to put an AppGateway and redirect the traffic internally, which sounds like a horrible API as it would likely force the AppGateway to scale up (cost being 250 per instance, per month and we could end up with like 4 or 8 instance just for that
The reason for the public Event Hub is that we need to receive massive notifications from third part vendor.
We cannot have a simple IP check since we're expective few hundred if not few thousand different origins.
As part of the dev etam i'm trying to keep it simple:
* either
Managed IdentitySAS Token* one MI/SAS pk per vendor
* exposing the publishing part only publicly, for vendor
* read only possible from internal private vnet/subnet
Sec team is trying to be sure it's properly secured, but we're not sure if possible, and if so ... how
leads:
someone suggested to put an AppGateway and redirect the traffic internally, which sounds like a horrible API as it would likely force the AppGateway to scale up (cost being 250 per instance, per month and we could end up with like 4 or 8 instance just for that
