A Solace Message VPN (Virtual Private Network) is a core feature within the Solace PubSub+ event broker platform. It provides a way to create isolated messaging domains within a single Solace broker or a network of brokers.
According to the Solace documentation, Message VPNs are designed for segregation and grouping:
- Segregation: Message VPNs allow for the segregation of topic space and messaging space by creating fully separate messaging domains. This means that messages published or consumed within one Message VPN are completely isolated from those in another.
- Grouping: Message VPNs also group clients connecting to a network of Solace PubSub+ event brokers so that messages published within a particular group are only visible to clients that belong to that group.
Essentially, a Message VPN acts as a virtual broker, defining the boundaries for messaging activities for a specific set of clients.
Why Use Solace Message VPNs?
Message VPNs are fundamental for structuring messaging architectures, offering several key benefits:
- Isolation: Prevents clients in one application or business unit from interfering with messaging in another. This is crucial for multi-tenant environments or segregating different departments.
- Security: Enhances security by isolating data flows. Authentication, authorization, and access control can be configured per Message VPN.
- Organization: Provides a logical way to group related applications and clients, simplifying management and monitoring.
- Resource Management: Resources like queues, topics, and client connections can be managed and limited on a per-Message VPN basis.
How Solace Message VPNs Work
Think of a Solace event broker as a building. Message VPNs are like separate floors or secure wings within that building.
| Feature | Description | Benefit |
|---|---|---|
| Segregation | Creates fully separate messaging domains for topic and messaging space. | Isolates traffic, enhances security. |
| Client Grouping | Groups clients connecting to the broker network. | Ensures messages are only visible within the group. |
| Virtual Broker | Each VPN behaves like an independent messaging environment within the broker. | Simplifies management and multi-tenancy. |
Clients connect to a specific Message VPN using a unique VPN name. Once connected, they can only interact with destinations (topics, queues) and other clients within that same VPN. Messages published within VPN 'A' are invisible to clients connected to VPN 'B', and vice-versa.
Examples
- Multi-tenant SaaS platform: Each customer could be assigned their own Message VPN to ensure complete data isolation.
- Enterprise Application Integration: Different business units (e.g., Finance, Sales, Logistics) could use separate Message VPNs to keep their messaging traffic distinct and secure.
- Development, Staging, Production: Separate VPNs can be created on the same broker infrastructure for different environments, preventing accidental message flows between them.
In summary, a Solace Message VPN is not a network VPN in the traditional sense of encrypting connections between locations, but rather a logical partitioning mechanism within the Solace PubSub+ platform used to create isolated messaging domains and group related clients and traffic.
