[rabbitmq-discuss] RabbitMQ configuration for Scaleout RPC setup

Dharshan Rangegowda dharshanr at scalegrid.net
Mon Aug 20 19:08:07 BST 2012

Thanks Emile. This is great feedback. I will spend some more time on the
Access control rules to determine if they are sufficient for our scenario.

(Services for the private cloud)

On Mon, Aug 20, 2012 at 2:23 AM, Emile Joubert <emile at rabbitmq.com> wrote:

> Hi,
> On 19/08/12 22:31, dharshanr wrote:
> > 1. A virtual host and user for every client. This way each client
> > connects to its virtual host using its own username password. Also if
> > one clients username/password gets compromised it wont affect the other
> > clients.
> > 2. One queue per virtual host called the "Client messaging queue". The
> > client waits for messages on this queue after connecting to the virtual
> host
> > 3. When the server wants to message a client it creates an unnamed queue
> > in the virtual host of the client (as the reply queue) and then posts
> > messages to the "Client messaging queue". The client processes the
> > message and replies back on the tagged reply queue.
> Your suggested solution will work, but it suffers from the weakness that
> the server will need to maintain a separate connection to the broker for
> each vhost. Using separate vhost provides good isolation, but you may be
> able to get away with less by careful use of access control rules:
> www.rabbitmq.com/access-control.html
> From your description clients never need to declare any resources. Being
> able to subscribe to a queue that is named is such a way that it
> contains their client id, and being able to publish to a
> server-generated queue is sufficient. You can set up access control
> rules that allow this.
> Bear in mind that clients have no way of learning the names of
> server-generated queues that were generated for other clients, and they
> are named in a cryptographically strong way. Therefore the vhost
> isolation is not strictly required to protect against inadvertent access.
> -Emile

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20120820/329624c1/attachment.htm>

More information about the rabbitmq-discuss mailing list