Securing MQTT Traffic with Cloud Internet Services

Basic Architecture
Architecture with CIS
CIS Structure

CIS Configuration

Recommendation: Mirror the name of the CIS instance with the domain.

Caution: Any typos in this section may produce a “silent” failure. If the domain is in the pending state for more than 30 minutes, there might be an error.

Origin pools
Origin pool details
Origin pool with health check
Health check
Global Load Balancers
MQTT GLB
NodeRED GLB
Message Gateway UI GLB

OpenShift Configuration

Updated routes
Expanded Route

CIS Security

Enabling GLB proxies
CIS WAF Rulesets
OSWASP Ruleset

And — to evaluate conditions using and logic

Or — to evaluate conditions or groups of previously and’ed conditions using or logic

Pick an action from the Response list menu.

Firewall configuration
Edge Functions
Edge Function Trigger

Testing

Load generated direct to message gateway

Test overview
Message Gateway WebUI

Load generated using web app in protected domain

Application Load Test
Message Gateway Load

Load generated using web app outside protected domain

Direct connection load test
Direct connection load

Conclusions

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store