[openstack-dev] [marconi] Reconsidering the unified API model

Gordon Sim gsim at redhat.com
Tue Jun 10 20:39:56 UTC 2014


On 06/10/2014 06:33 PM, Janczuk, Tomasz wrote:
>  From my perspective the key promise of Marconi is to provide a
> *multi-tenant*,*HTTP*  based queuing system. Think an OpenStack equivalent
> of SQS or Azure Storage Queues.
>
> As far as I know there are no off-the-shelve message brokers out these
> that fit that bill.

Indeed. The brokers I'm familiar with don't have multi-tenancy built 
into them. But rather than have one broker process support multiple 
tenants, wouldn't it be possible to just have separate processes (even 
separate containers) for each tenant?

> Note that when I say ³multi-tenant² I don¹t mean just having multi-tenancy
> concept reflected in the APIs. The key aspect of the multi-tenancy is
> security hardening against a variety of attacks absent in single-tenant
> broker deployments. For example, an authenticated DOS attack.

Understood, ensuring that one tenant is completely isolated from being 
impacted by anything another tenant might try to do.



More information about the OpenStack-dev mailing list