# Connecting to ABB Ability™ Platform using NAT Gateway
Reaching the ABB Ability™ Platform is possible only from a public IP that is allowlisted.
Internally
Allow-listing is done on the Azure API Management in the Network Security Group (NSG) and, on a regional level, in APIM Policy as the Platform Region, APIM has both public (reached from Akamai WAF) and internal endpoints (reached by the allowed clients).
# NAT Gateway
If, due to architectural decisions, the public IP is exposed in the solution, the communication can be pass through the NAT Gateway, which provides outbound public IP that can be allowlisted in APIM. To understand the current approach, see the diagram which presents the change in the implementation:
# Limitations
NAT Gateway needs to be in the same subscription as the associated VNet of clients VM.
NAT Gateway needs to be in the same location as the associated VNet of clients VM.
# The estimated cost of the NAT Gateway
The calculation is based on two specific parameters:
1. VNet Gateway Cost, which consists of:
- resource cost, fixed per hour rate at $0.05/hr,
- data transfer cost, the data processed by the VNet Gateway charged flat $0.05/hr/GB.
2. VNet Peering Cost, which is the fixed cost per GB of data processed, $0.01 GB/Hr for each side, inbound and outbound data.
# Cost simulation
Having this in mind, see below the simulation of costs for a typical month of usage with an average of 1 GB/hr data processing request:
| Component | Cost | Description |
|---|---|---|
| NAT Gateway Costing | $72,00 | $0.05/Hr - Resource Cost $0.05/Hr/GB - Data Transfer in GB/Hr |
| VNet Peering | $14,40 | $0.01 GB/Hr - Same Region. $0.02 GB/Hr - Inbound and Outbound traffic |
| Total Cost for NAT Gateway | $86,40 |
Summary:
Duration of Usage (Days): 30
Avg. Data Rate Per Hour (GB): 1
Total Cost for NAT Gateway: $86.40