Multi-tenancy design using Virtual Host

[jae seung yang]

There are multi-tenants, each user has multiple terminals that need to receive message.

I can classify tenancy by virtual host, or choose to use only one virtual host.

1. Design Guidelines for Virtual Host

In Link, mentions that a single virtual host is used because of concerns about the number of connections.

However, I think that if the number of connections increases, I should configure a distributed system by adding instances regardless of the virtual host.

Kafka and ActiveMQ, similar to RabbitMQ, separates multi-tenancy by routing of messages.
Are there design guidelines for using virtual hosts?

2. There seems to be no pool management in the Javascript library (amqplib). Do I have to implement it myself?

This is our first project using RabbitMQ, and we are looking for advice.
Thanks,

[Wes Peng]

Hello,

Unless you have a very large pool of virtual hosts, the VH's amount isn't that a problem.For instance, we once had the total VH to 10K, which did work.

Kafka separates messages by topic, which is a similar concert to Rabbitmq's exchange. But Kafka can distribute messages in the same topic to many physical nodes by partitions, and clients have the capability to implement server topology discovery and routing. Rabbitmq client doesn't have this capability. From my experience (I use both), in spite of the streaming, Kafka's producer policy is not as flexible as RMQ, but Kafka has a stronger storage system.

For your second question, pool for what? The connection pool, VH pool, or queues pool? Maybe you would clarify  more exactly. :)

regards.

--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-user...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/rabbitmq-users/19b50e9e-dbcd-423d-9df0-b60a6135205dn%40googlegroups.com.

[jae seung yang]

Thanks for your answer.

My second question is, I use single connection for single VH, and maybe I have to manage a pool of 'channels'. 

(Am I correct in my understanding of RabbitMQ?)

However, the AMQP client library doesn't seem to have pool management for channels.
So, it looks like I'll have to implement it myself.

2021년 12월 23일 목요일 오후 4시 28분 9초 UTC+9에 pen...@gmail.com님이 작성:

[Wes Peng]

In RMQ a connection not means a channel.

Yes you must maintain your own connection pool.

Regards 

To view this discussion on the web, visit https://groups.google.com/d/msgid/rabbitmq-users/715ca756-c499-4e37-a082-7faf37c483c7n%40googlegroups.com.

[Manoj Chaudhary]

So are you saying using VirtualHosts to build a multi-tenant system on RMQ is the better way than having one virtual host and then using queues to logically separate tenants since then we can easily use a connection or channel pool? 

[Wes Peng]

I don’t think you should design the architecture by so called connection pool. The pool is maybe not working as the way you think. What’s the main point you consider for an architecture? The performance, or the security? You can make benefits from RMQ perftest anyway.

Regards 

The contents of this message are confidential. If you are not the intended recipient of this communication, kindly contact the sender immediately and permanently delete this message.

--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-user...@googlegroups.com.

To view this discussion on the web, visit https://groups.google.com/d/msgid/rabbitmq-users/de5da11b-e15e-4802-ab8a-67dedbdeecc7n%40googlegroups.com.

[Manoj Chaudhary]

Here is what I am trying to build 

1. We are building the system that is multi-tenant messaging systems 

2. The queue needs to be segmented by the tenant means each tenant will have their own queues which they can use to do #3.  

3. The user of a tenant can consume, publish or get the message 

4. performance and security is essential for the system to work

Hope this helps. The question is now should we have vhost for each tenant so they are logically separate or should we have all queues in this single host and then have logically separated by unique queue s Performance and security both is key. 
Tenant will be created in the system dynamically we need to create vhost dynamically not statically.  

Which approach you think is good have each tenant in their vhost or have single vhost and then logically separate them using unique queue names.

Thanks for your help in advance.

Manoj

[Terry Rinck]

As an admin for a large multi-tenant system I can attest to the one-vhost-per use case method. A single vhost will quickly become unmanageable, especially once you need to scale and maintain multiple brokers. This design also lends itself to more quickly finding 'bad neighborhoods' - those users doing things with their vhost that might adversely affect the rest - and allowing admins to disable or isolate that vhost. More granular monitoring metrics per vhost, applying custom policies per user requirements, etc, etc.
There are many advantages and I very much recommend the multi-vhost approach. 

To view this discussion on the web, visit https://groups.google.com/d/msgid/rabbitmq-users/c37ad91a-f7df-464e-8167-6e7dc47ef963n%40googlegroups.com.

[Manoj Chaudhary]

Terry,

Thanks for your input really appreciate it and very helpful. 

Do you know how many max vhost are ideal per cluster with the node of 5 to 9 nodes? I am just picking the 5 to 9 nodes but I am curious at what is max number of vhost after which the cluster might have performance or maintenance issues?

Thanks

Manoj 

Thanks

Manoj

You received this message because you are subscribed to a topic in the Google Groups "rabbitmq-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/rabbitmq-users/A2WGREb09no/unsubscribe.
To unsubscribe from this group and all its topics, send an email to rabbitmq-user...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/rabbitmq-users/CANaJoR8wCt%2BLFn_q%2BJhhyoQ1WpUw3sSstPwFwxtGb8DC4P2tog%40mail.gmail.com.

[Terry Rinck]

Glad to pass along some hard learned lessons.

In my experience it's more a matter of load than a "best/ideal" number of vhosts. I have clusters with 12 vhosts with resources maxed out and others with 130 vhosts barely using any. The art of load balancing and finding that right fit plagues us all. 
Seeing that you're planning on 5-9 node clusters I can only assume you'll be running 3.8.+ with quorum queues, which we're not currently doing in production so my first hand knowledge is limited here. But I have to assume the principle is the same. 

To view this discussion on the web, visit https://groups.google.com/d/msgid/rabbitmq-users/CAFYocwSbq4agQYmnb9P4tpLE8rxoqMVrKeVBSMoT5CXZgvJL3g%40mail.gmail.com.

[Wes Peng]

Hello

We are also in a multi-tenant environment. Once we had thousands of vhost. For that RMQ did run well.

Here is the ruby program to create vhost by dynamatic. You can run it to give a test in your environment.

require "rabbitmq/http/client"
require 'securerandom'

class MQManage

    def initialize(admin_host,mq_host,mq_port,mq_user,mq_pass)
        @mq_host = mq_host
        @mq_port = mq_port
        endpoint = "http://#{admin_host}:15672"
        @client = RabbitMQ::HTTP::Client.new(endpoint, :username => mq_user, :password => mq_pass)
    end

    def create_mq_dsn
        vhost = "/" + SecureRandom.hex(6)
        user = SecureRandom.hex(6)
        pass = SecureRandom.hex(8)
        @client.create_vhost(vhost)
        @client.update_user(user, :tags => "autodeploy", :password => pass)
        @client.update_permissions_of(vhost, user, :write => ".*", :read => ".*", :configure => ".*")

        dsn = {:host => @mq_host, :port => @mq_port, :vhost => vhost, :user => user, :pass => pass}
        return dsn
    end

    def drop_mq_dsn(vhost)
        vs = @client.list_vhosts
        names = []
        vs.each do |s| names << s.name end

        if vhost == "/"
            return -1
        end

        if not names.include? vhost
            return -2
        end

        ps = @client.list_permissions(vhost)
        ps.each do |s|
           @client.delete_user(s.user)
        end

        @client.delete_vhost(vhost)
    end
end

HTH.

To view this discussion on the web, visit https://groups.google.com/d/msgid/rabbitmq-users/CAFYocwSbq4agQYmnb9P4tpLE8rxoqMVrKeVBSMoT5CXZgvJL3g%40mail.gmail.com.

[Manoj Chaudhary]

Thanks Wes. I will give it a try. 

One more question around Connection or Channel pool for this multi-tenant env. Did you use any kind of connection or channel pool to get, consume or publish messages?

Thanks

Manoj

[Manoj Chaudhary]

JFYI I am using the RMQ Java Client library.  So as it stands I used Channel Pool to get, consume or publish messages. 

I create a single Connection and but use the channel pool.

Thanks

Manoj