[rabbitmq-discuss] RabbitMQ configuration for Scaleout RPC setup
Dharshan Rangegowda
dharshanr at scalegrid.net
Mon Aug 20 19:08:07 BST 2012
Thanks Emile. This is great feedback. I will spend some more time on the
Access control rules to determine if they are sufficient for our scenario.
regards,
Dharshan
www.scalegrid.net
(Services for the private cloud)
On Mon, Aug 20, 2012 at 2:23 AM, Emile Joubert <emile at rabbitmq.com> wrote:
> Hi,
>
> On 19/08/12 22:31, dharshanr wrote:
> > 1. A virtual host and user for every client. This way each client
> > connects to its virtual host using its own username password. Also if
> > one clients username/password gets compromised it wont affect the other
> > clients.
> > 2. One queue per virtual host called the "Client messaging queue". The
> > client waits for messages on this queue after connecting to the virtual
> host
> > 3. When the server wants to message a client it creates an unnamed queue
> > in the virtual host of the client (as the reply queue) and then posts
> > messages to the "Client messaging queue". The client processes the
> > message and replies back on the tagged reply queue.
>
> Your suggested solution will work, but it suffers from the weakness that
> the server will need to maintain a separate connection to the broker for
> each vhost. Using separate vhost provides good isolation, but you may be
> able to get away with less by careful use of access control rules:
>
> www.rabbitmq.com/access-control.html
>
> From your description clients never need to declare any resources. Being
> able to subscribe to a queue that is named is such a way that it
> contains their client id, and being able to publish to a
> server-generated queue is sufficient. You can set up access control
> rules that allow this.
>
> Bear in mind that clients have no way of learning the names of
> server-generated queues that were generated for other clients, and they
> are named in a cryptographically strong way. Therefore the vhost
> isolation is not strictly required to protect against inadvertent access.
>
>
> -Emile
>
>
>
--
regards,
Dharshan.
www.scalegrid.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20120820/329624c1/attachment.htm>
More information about the rabbitmq-discuss
mailing list