Identity Broker vs. Federation Gateway - identity

I am trying to understand differences between Identity Broker and Federation Gateway and where and when should you use these two services.
Thanks for all kind of advice.

Related

Azure APIM VNET (Premium) usecases

After evaluating APIM different tiers, Standard tier seems to be the most suitable one for the workload I am dealing with. I prefer to have a VNet (which is only supported in the Premium version) to isolate and create a proper boundary. But the premium tier is very expensive.
In my setup, my APIM will interact with LogicApps, functions, and microservices deployed on docker in Azure. All these services sit in one VNet where external access is blocked. If I am not connecting to any on-prem service, do I need the VNet for my APIM? Most of the articles talk about premium version and VNet are connecting APIM with on-prem services.
Do we only need to have VNet for my APIM when we are connecting to on-prem services? What are the usecases when one must have APIM in a VNet? Any example would be really appreciated.
UPDATED:
there are a couple of objectives, only access APIs through APIM and use the express route to access on-prem APIs.
The only reason to put APIM into VNET is to make it able making a call to a service in that VNET or make it possible for a client to make a call to APIM, in both cases keeping traffic inside VNET. So it's really about why you want to keep your backend service or clients in VNET.
And isolating your backend APIs from everything but APIM is another scenario. Using VNET here is the strongest guarantee, but comes at a price. Another option is to have authorization (client certificates would work) between APIM and backend, but keep backend publicly available.

Orion Context Broker and CKAN professional hosting service?

Is there any Orion Context Broker and CKAN professional hosting service? How can I get them on cloud and access with a good scalability as I'm going to use these applications in my real project?
You have two options:
Host those components in a mainstream cloud platform, AWS, Azure, etc.
Use a FIWARE Cloud platform. You can find existing providers at
http://marketplace.fiware.org/pages/platforms

Configuring Application Gateway with API management Azure

I want to establish an connection between API managment and Application Gateway in Azure.
Please can someone provide step by step solution.
What is your scenario? Generally, people set up API Management in an internal VNET and expose a small set of APIs via Application Gateway with a WAF SKU, which is an extra Web application firewall for Front.
Try this: https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-integrate-internal-vnet-appgateway

How to secure different fiware GE in the same virtual machine?

I'm deploying some Generic Enablers(Orion, Cygnus, Proton-Cep, Wirecloud) in the same VM using dockers.
Reading the fiware documentation it uses has an example a wilma proxy securing an instance of orion and getting the authorization through IdM.
Wilma configurations do not seem to support different redirections
I need to secure all these services that I'm using which need to be accessed from outside the server, my question is if is it possible to use Wilma to secure all Generic Enablers or should I implement one instance of Wilma for each service provided?

FIWARE IoT Agent: can the IoT agent send data to multiple context broker

I am using the MQTT IoT agent to send data to my fiware context broker, I am wondering if I can send data from my IoT agent to multiple context brokers. Is that possible? if yes how to?
Thanks in advance for your help!
The MQTT IoT-Agent is connected to a specific Context Broker instance depending on the Service provision. If the Service Context Broker instance is not configured, then the "ngsi_urls" parameter is used.
Therefore, yes, you can deliver information to multiple ContextBroker instances but only one per defined FIWARE service.
If you want to send the information of one single service to multiple instances of Context Brokers I think you may send it to one and then federate the other instances. To learn about Context Broker instances federations you should check the ContextBroker related documents.
Thanks for using IDAS and sorry for a so delayed response (we have been slower regading support due to an internal migration process).