I am trying to work out security best practices for IoT architectures.
In your typical N-Tier it's easy enough to have a vNet with multiple segments and NSG's separating the tiers. Traffic manager over the top for regional balancing etc.
But with the IoT PaaS setup it appears some of those devices cannot be associated to network segments.
Is it therefore better to have vNet - vNet gateways to facilitate the following
DMZ / Front / Back end segments?
It feels a little more complicated and cumbersome but achievable. Is there a better solution?