DataHub Solves Common MQTT to the Cloud Challenges

This Looks Easy, Until Cybersecurity IT Has It's Say!

Many users think that it's okay to take an MQTT device on a protected plant network and send it to a cloud service. 

The problem is that would require your secure, protected operations network to have direct, unrestricted access to the internet which can present a serious security problem. 

Due rising cybersecurity risks, more and more operations networks have no direct access at all to the Internet, but perhaps there is a DMZ or a proxy that has to be handled? 

So what do you do?  Read on to learn more.

DataHub MQTT Broker and Client in the DMZ

What you can do is put a DataHub into the DMZ acting as a broker and a client

The MQTT device emits data to the DataHub in the DMZ, which can then re-transmit that data to the Cloud service. 

But what if you have an MQTT broker inside your secure operations and you need to move that data to the cloud? 

DataHub can help there also.

Secure Operations MQTT Broker to Cloud Service, but How? 

You may have MQTT devices inside your secure operations network that publish data to an MQTT Broker inside your firewall and now you want to get that data to the cloud. 


  1. The cloud service is not a MQTT client
  2. Even it were you would not want to let that client reach into your network by exposing open ports (Learn why opening ports is worse than you realize!)
  3. Going back to the start, that operations computer should not have direct internet access without going through a DMZ or proxy.

But maybe someone has suggested to just put another MQTT broker in the DMZ as shown next?

MQTT Broker in the DMZ? Not a Solution

Considering this architecture presents a few problems:

  1. The cloud service is still not likely to be a MQTT client
  2. This would also require chaining of MQTT brokers which is unreliable - the MQTT QoS is not preserved, which means you really do NOT know when you transmit the message to the broker in operations that it will make it all the way to the cloud. 

Putting a DataHub in the operations side and DMZ can solve this problem.

DataHub MQTT in the DMZ Solves the Problem 

All you need is to put a DataHub MQTT Client in the DMZ. 

  • DataHub can read from the MQTT broker on the operations side
  • Then the DataHub in the DMZ can publish that data to the Cloud Service

Ready to Learn More?

Access DataHub MQTT Training

Get Started Now

This trial software is fully functioning and can be used to update licensed product provided you are on an active support & maintenance agreement.  Once DataHub is started it will run for 1 hour at a time, you can restart the application to reset this timer. Purchasing a license removes the limitation for licensed features. 

Connect with Us

1-888-665-3678 (US + Canada toll free)
+1-704-849-2773 (Global)