Event Broker Services

The software event brokers provide the data path functionality to allow applications to communicate in real time. An event broker service in PubSub+ Cloud is made up of either a standalone software event broker (Developer service class) or a High-Availability group of three software event brokers (Enterprise service class).

The following diagram shows an event broker service. Each software event broker has a Datadog agent that collects statistics and logs from it. The Broker Manager is used to connect to the event broker service. For information about the data exchanged, see Information Exchanged Between the Event Broker Services and the Centralized Monitoring Service.

Event Broker Services Designed for Reliability

Standalone (or Developer) are lightweight while Enterprise (or High-Availability clusters) services are architecturally designed to be fault tolerate with its built-in redundancy. A High-Availability service consists of three software event brokers where two operate in an active/standby broker configuration and the third broker provides monitoring. It's important to note that each event broker service is deployed on customer-dedicated software event brokers with a single Message VPN. This means your messaging services are separated from other event broker services and therefore isolated and secure.

In the unlikely situation that the active broker fails, the standby broker takes over automatically; this permits for faster recovery in the event of a failure. The next level of redundancy available is Disaster Recovery (DR), which uses an optional Replication feature. DR allows an alternate event broker service from a different geography to act as a Standby Data Center for an event broker service (Active Data Center).  All messages and configuration are replicated to the standby site, so that it can quickly take over if there's a complete failure of the Active Data Center. For more information, see Replication Overview.

Event broker services are centrally managed by a customer from the PubSub+ Mission Control in the PubSub+ Cloud Console and is actively monitored by Solace.  For Enterprise services, the event broker service's status, High-Availability readiness, Config-Sync status, and Disaster Recover readiness are all monitored by Solace using metrics and log data. This permits for alerts to Solace and helps to enable rapid response. These readiness alerts are also available to you if you subscribe to the PubSub+ Insights.

Event broker services operate independently from PubSub+ Cloud and the PubSub+ Cloud Console. This means that event broker services are able to continue to operate unhindered in the unlikely situation where the PubSub+ Cloud Console is unavailable. 

Information Exchanged Between the Event Broker Services and the Centralized Monitoring Service

Solace uses the Datadog cloud application for its central monitoring service component. The Datadog agent is the monitoring component that resides in a deployment. There is one Datadog agent per event broker service. The Datadog agents collect and send monitoring information from the event broker services to the central monitoring service (Datadog). For more details about the centralized monitoring service, see Centralized Monitoring Service and Datadog Agents.

Connectivity Between Event Broker Services and Client Applications

Client applications can publish and subscribe to messages when connected to an event broker service. Client applications connect to an event broker service using:

  • the event broker service's generated hostname or a custom hostname
  • Client Messaging APIs that communicate using specific protocols and over ports.

In cases when a custom hostname is required, custom hostnames can be assigned to each event broker service to make deployment and integration with client applications easier. These hostnames can be reassigned to another event broker services to migrate the service. For more information about using custom hostnames to access event broker services, see Configuring Hostnames for Event Broker Services.

Client applications can only connect to ports that you configure when you create an event broker service. By default, when you create an event broker service, all secure ports and protocols are enabled. Plain-text ports are available for compatibility for legacy applications but are disabled by default.

After client applications connect to an event broker service using the available protocol and port, they must authenticate and be authorized to use the event broker service. For more information, see Client Applications for Messaging.

The following table lists the protocol ports, whether the port is enabled by default when a event broker service is created, the protocol, and the type of traffic passed with the protocol.

Port for Each Protocol

Enabled by Default for an Event Broker Service

Protocol and Description

Type of Traffic

8080 Yes/No (See note)

SEMP (plain-text)

This port is disabled by default on event broker services created after December 2020.

Management
22 Yes Secured Shell Management

443

Yes

Secured Web Transport TLS/SSL

Data

943

Yes

SEMP over TLS

Management

5671

Yes

Secured AMQP

Data

8443

Yes

WebSocket Secured MQTT

Data

8883

Yes

Secured MQTT TLS/SSL

Data

9443

Yes

Secured REST TLS / SSL

Data

55443

Yes

Secured SMF TLS/ SSL (without compression)

Data

80

No

Web Transport

Data

1883

No

MQTT (plain-text)

Data

5672

No

AMQP (plain-text)

Data

8000

No

MQTT / WebSockets (plain-text)

Data

9000

No

REST (plain-text)

Data

55003

No

SMF-compressed

Data

55555

No

Solace Message Format (SMF) - plaintext

Data

Considerations About Event Broker Services

By default, event broker services are created to be secure. To balance ease of development with security, the defaults are as follows:

  • all secure protocol and ports are configured with default port numbers
  • a client profile named default is created that uses basic authentication
  • plain-text ports are disabled but can be enabled for developer testing and characterizing traffic. Solace recommends that plain-text ports are not enabled in production.

These defaults are secure by default and recommended for use in production. You can further harden security by disabling protocols that you don't use or changing the default client profile to use a different authentication scheme rather than basic authentication. For additional recommendations to further harden access to your event broker services, see Hardening Access to Event Broker Services.

 

 

 

 

 

 

I