Versions Compared

Old Version 1

changes.mady.by.user Dominic Lunanuova

Saved on

compared with

New Version Current

changes.mady.by.user Dominic Lunanuova

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Some considerations for choosing between Message Router and Data Router:

AttributeMessage RouterData RouterComments
Payload descriptionfrequent, small (~KBs) messagesperiodic, large sets of records (files)
Max payload size1 MBx GB
Authentication ModelAAF Credentials via Basic AuthorizationLocal credentials via Basic Authentication
PersistenceYes (kafka data store on PV)Yes (Linux file on PV)
High AvailabilityUsing ZK ensembleUsing horizontal scaling
Data orderingPossibleNot guaranteed
Subscriber implementationHTTP ClientHTTP ServerNOTE: the HTTP Server implementation implies the installation of a server SSL certificate.


Some ways MR and DR are the same:

AttributeMessage RouterData RouterComments
Bus ArchitectureYesYesBoth use "publisher" and "subscriber" terminology for end points
HTTP/HTTPS protocolYesYes
Data ExpirationYesYesNOTE: different default values. MR: 7 days. DR: 24 hours.
Publisher implementationHTTP ClientHTTP Client


DMaaP Provisioning

Provisioning for Message Router Clients

The provisioning of Authenticated Topics and the subsequent publish/subscribe actions on that Authenticated Topic rely on the proper AAF Permissions to be granted to various Identities.

The following Identities are referenced:

  • IdentityMR - the AAF Identity used by Message Router to access AAF and perform authorization checks.
  • IdentityTopicMgr - the AAF Identity used by Bus Controller to access AAF and create Permissions and Roles, and grant those Permissions to Roles and Identities.
  • IdentityPub - the AAF Identity used by the publisher of the Topic when accessing the MR API.  The fully qualified Identity typically belongs to a namespace related to the application.  i.e. IdentityPub@NamespacePub
  • IdentitySub - the AAF Identity used by the subscriber of the Topic when accessing the MR API.  The fully qualified Identity typically belongs to a namespace related to the application.  i.e. IdentitySub@NamespaceSub

Pre-requisites:

  • Identities created in AAF
  • Credentials for Identities available in kubernetes values  (probably as Secrets)
  • IdentityTopicMgr has access permission granted for all Application Namespaces


Gliffy
namedgl2
pagePin3

Provisioning for Data Router Clients

...