Best Practices

Encrypted communications (HTTPS)

Everyware Cloud Admin Console and API services support HTTP connections. Even tough plain HTTP connection are used during initial setup of the instance or may be easier for some use cases like self evaluation or development, when the services are exposed to the public it is highly recommended to disable HTTP and switch to the HTTPS version which guarantees a much higher level of security. Moving to HTTPS requires creating and configuring proper certificates; please take a look at the Certificate section in the Installation with Helm Charts chapter.

DNS Names

Everyware Cloud front end services, i.e. the Broker Service, the Admin Console, the REST API and the VPN Service are exposed through their own IP addresses. While it is technically possible to access the services through their IP address, it is a recommended practice using meaningful DNS Names like for example mqtt-broker.example...., console.example..., etc.
DNS Names work well especially when used in combination the certificates mentioned in the section Use HTTPS. Moreover, having a DNS Name for your services:

  • simplifies the management of the infrastructure in case when the IP address needs to be changed for any reason
  • solves the issue of updating your (possibly unattended) clients when the IP address is changed
  • solves the issue of changing (and re-issuing) the TLS certificates every time the IP changes

The choice of using DNS Names or not depends on your application domain. If you are sure enough that your IPs are static along the lifetime of your instance you can go with plain IPs. Even in this case, however, opting for DNS Names look much more a clean solution aligned with state of the art practices.