Deployment Options for PubSub+ Event Broker: Cloud

Choosing the right deployment option is a critical part of building a well-design event-driven application. Operational cost, location, resource provisioning, configuration management, security and other concerns are important factors to consider when selecting a deployment solution.

There are several choices for deploying PubSub+ Cloud enterprise services that suit various requirements for location, connectivity, security, time to market, and price. These options are explained in more detail in the sections that follow.

  • Solace-Owned Public Cloud: Dedicated event broker services are deployed in a Solace-owned shared VPC on public cloud providers such as AWS, Azure, or GCP.
  • Solace-Owned Dedicated Virtual Network: Dedicated event broker services are deployed in a Solace-owned Virtual Network or VPC dedicated to the customer on public cloud providers such as AWS, Azure, or GCP.
  • Customer-Owned Virtual Network: Dedicated event broker services are deployed in a customer-owned Virtual Network or VPC in the customer's account in public clouds such as AWS, Azure,or GCP.
  • Kubernetes On Premises Or in the Cloud: Dedicated event broker services are deployed in a customer's on-premises or cloud-based Kubernetes cluster.

To see a detailed comparison for each deployment option, refer to the Deployment Options Comparison.

Solace-Owned Public Cloud

For the simplest deployment, event broker services are deployed within the customer's PubSub+ Cloud account, using the customer's choice of cloud provider and region. In this scenario, the software event brokers are dedicated to the customer and not shared. Because Solace maintains control over this deployment, there isn't any additional customer overhead when adding services or regions. This is the standard deployment option, and is described in Getting Started with PubSub+ Cloud.

Solace-Owned Dedicated Virtual Network

In this deployment configuration, event broker services are deployed in a virtual network or VPC owned by Solace and dedicated to the customer. In this dedicated virtual network, Solace deploys a Mission Control Agent to orchestrate event broker services. The agent creates a secure connection back to the Solace Home Cloud and relays user commands from the console to the software event brokers. Solace maintains control of the address space and network security groups.

With PubSub+ Cloud in a Solace-owned virtual network, Solace installs all the components with the sizing required by the customer. In this scenario, Solace maintains the infrastructure, but the customer may provide the virtual network and subnet CIDR blocks. Depending on the connectivity model, the customer may be required to provide sufficient information to establish network peering between the Solace and customer virtual networks.

Creating Event Broker Services

On the PubSub+ Cloud Console, you create event broker services as normal using Cluster Manager.

The virtual network appears in the on the Create Service page of the console. In the Select Cloud step, the dedicated virtual network appears as Private Cloud:

Customer-Owned Virtual Network

In this type of deployment, event broker services are deployed in a customer's account with a third-party cloud provider [Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP)]

Operating in a customer-owned Virtual Network allows the customer to apply any specific security polices to the infrastructure. In this model, the customer pays the IaaS costs directly, allowing them to take advantage of any potential corporate discounts from the cloud provider.

The customer must either work with Solace to perform the initial installation or provide Solace access to the Virtual Network or VPC to do so.

Supported Platforms

For details about deploying PubSub+ Cloud in a customer-owned virtual network, see Deploying PubSub+ Cloud with Azure and Deploying PubSub+ Cloud with AWS.

Kubernetes On Premises Or in the Cloud

For this scenario, event broker services are installed in a customer's on-premises or cloud-based Kubernetes cluster. PubSub+ Cloud uses Kubernetes StatefulSets to manage the deployment of event broker services.

Supported Platforms

For details about the architecture of PubSub+ Cloud in a Kubernetes cluster, see Deploying PubSub+ Cloud with Kubernetes.

Supplying certain information to the PubSub+ Cloud Production Engineering helps to make your deployment easier. The questions listed in the Planning Your Kubernetes Deployment guide you through the things you should consider before you deploy PubSub+ Cloud.

Deployment Options Decision Chart

For a quick reference, the flow chart below provides a easy way to help you determine the right deployment option for your use case.

Deployment Options Comparison

The following table compares various aspects of the four deployment options for PubSub+ Event Broker: Cloud enterprise services.

PubSub+ Event Broker: Cloud Enterprise Deployment Options

 

Solace-Owned

Public Cloud

Solace-Owned

Dedicated Virtual Network

Customer-Owned

Virtual Network

Kubernetes

Cluster

Use cases / requirements
  • Applications/clients connect over public internet.
  • Cost sensitive workloads
  • Fastest time to market
  • Development and POC
  • Single tenant VPC/VNet ( i.e., network traffic isolation) is important
  • Connectivity to on-premise applications and network is required
  • Customer prefers VPC/VNet management and security concerns to be included in the SaaS offering
  • Having complete control on the VPC/VNet is key
  • Applications and event broker services must be on the same VPC/VNet
  • Connectivity to on-premise applications and network is required
  • The customer prefers to pay for IaaS and bandwidth because of their existing contract with an existing cloud provider
  • Hybrid (cloud and on-premises) event mesh use cases
  • Data movement between legacy and Kubernetes-based applications
  • Highly sensitive data that cannot be on the cloud
  • On premises is a requirement for other reasons (e.g., all applications are on premises)
Connectivity Options Public Internet (secured)

Choice of:

  • Public Internet (secured)
  • Private Regional messaging through VPC/Vnet Peering (secured)
  • Private on-premises messaging to Cloud through cloud native service (e.g., AWS Direct Connect)

Choice of:

  • Public Internet (secured)
  • Private regional messaging or on-premises to cloud (set up by the Customer Cloud Ops team)
  • Customer can up VPC/VNet peering, Direct Connect or other solution

  • Customer-controlled connectivity for applications
  • Kubernetes Cluster must be able to connect from cluster to PubSub+ Cloud for central management
  • Shared responsibility for hybrid mesh deployments (the customer is responsible for on-premises HTTP proxy configurations, firewalls, and so on. PubSub+ Cloud Production Engineering team will assist with processes such as terminating AWS Direct Connect in Solace-dedicated VPC)

IaaS Cost Included in service price Included in service price Customer responsibility Customer responsibility
Bandwidth Cost Managed by Solace and customer is billed Managed by Solace and customer is billed Customer responsibility N/A
Security
  • Encryption at rest and in transit
  • Hardened images
  • Vulnerability scan and fixes
  • Authentication and authorization
  • Encryption at rest and in transit
  • Hardened images
  • Vulnerability scans and fixes
  • Authentication and authorization
  • Network traffic isolation

Shared ownership model as the solution is deployed on customer's VPC. Options vary depending on the customer's environment.

Shared ownership model, but mainly the customer's responsibility since the cluster is on premises.

Options vary depending on the customer's environment.

Operational Responsibilities PubSub+ Cloud Production Engineering (PE) team PubSub+ Cloud PE team PubSub+ Cloud PE team. Involvement from the customer's production engineering team may be required. Shared responsibility. The customer owns the health of Kubernetes clusters and the PubSub+ Cloud PE team is responsible for the health of the PubSub+ Cloud platform.