Security Value
The security of RocketMQ is crucial for users.
1. Data security protection: The security mechanism of RocketMQ protects the confidentiality and integrity of messages and prevents leaking of or tampering with sensitive data. This is crucial for applications processing sensitive data such as personal information and trade secrets.
2. Prevention against unauthorized access: The access control feature of RocketMQ restricts access to message queues and only allows users with proper permissions to send and consume messages. This prevents unauthorized users from accessing and manipulating message queues, ensuring system security.
3. Compliance requirements: For scenarios with demanding industry and regulatory requirements, such as finance and healthcare, the security feature of RocketMQ helps users meet compliance and security requirements.
4. Security audit: The security audit feature of RocketMQ records and traces operations on message queues, including delivery, consumption, and subscription. This helps you monitor and detect potential security risks, and discover and handle security issues promptly.
5. Enhanced user trust: The security feature of RocketMQ enhances your trust in the system. You can use RocketMQ to handle important message transmission and processing tasks without worrying about data security.
To sum up, the security feature of RocketMQ is of significant value to users as it protects data security, prevents unauthorized access, meets compliance requirements, supports security audit, and enhances user trust.
Authentication
Identity and Access Management (CTIAM) is a basic service that provides users with permission management capabilities, which can help you securely control the access and operation permissions of your eSurfing Cloud services and resources, including user authentication, permission granting, and access control. For detailed information, see Identity and Access Management - Product Introduction.
You can create an IAM user and grant the user permissions on DMS RocketMQ instances. Then, the user can access the authorized instance resources by using the username and password. For details, see Identity and Access Management - Quick Start - Creating an IAM User.
Access Control
Permission Control
After you purchase a DMS RocketMQ instance, you can use CTIAM to set different access permissions for employees in an enterprise to isolate permissions between different employees and perform fine-grained permission management with CTIAM.
VPCs and Subnets
A virtual private cloud (VPC) builds an isolated and private network environment for DMS RocketMQ, improving database security and streamlining your network deployment. You have full control over your VPCs. VPC's ample features allow you to flexibly manage your cloud networks, including creating subnets, configuring security groups and network ACLs, managing route tables, and applying for elastic IP addresses (EIPs) and bandwidth. It provides dedicated network resources that are isolated from other networks through subnets to promote network security. For detailed information, see Virtual Private Cloud (VPC) - User Guide - Creating a VPC and a Subnet.
Security Group
A security group is a logical group that provides the same access policy for RocketMQ instances that have the same security requirements and trust each other in the same VPC. You can configure security groups for database instances and specify the IP address and port to access the RocketMQ instances to ensure the security and stability of the running environment. For details, see Modifying an Instance Security Group.
Data Protection Technologies
RocketMQ takes different measures to keep data confidential and intact during storage and transmission.
1. Cross-AZ disaster recovery: Depending on the reliability needs of your data and services, you have a variety of options. You can deploy RocketMQ instances in one AZ (a single server room) or across multiple AZs (intra-city disaster recovery AZs).
2. Replica redundancy: Through replica redundancy, RocketMQ supports HA and fault tolerance and ensures reliable transmission and persistent storage of messages. When a network exception or node fault occurs, RocketMQ still ensures the availability and consistency of messages, and provides stable and reliable message transmission services.
3. Data persistence: With the data persistence mechanism, RocketMQ reliably stores messages on disks and reads and restores data when necessary. This ensures message persistence, reliability, and consistency during message transmission and storage.
Service Resilience
The resilience of the RocketMQ service refers to its ability to stay available and reliable in case of faults and accidents. The following are the key aspects to ensure the resilience of the RocketMQ service:
1. Intra-AZ instance disaster recovery: You can deploy multiple RocketMQ instances in an AZ for HA and disaster recovery. When an instance fails or becomes unavailable, other instances can take over the services to continue the work.
2. Data disaster recovery: In RocketMQ, data disaster recovery refers to the ability to protect message data from loss. You can configure multiple replicas to copy message data to different nodes. This way, if a node fails, other replicas will provide data services continuously, which ensures the availability of message data.
TLS Transmission Encryption
You can set up TLS or non-TLS connections on the client.
ACL
Access control (ACL) provides advanced access control functions at the topic resource level for RocketMQ. When using RocketMQ access control, users can inject user name and password parameters into the client to achieve signature, and the server can implement permission management and verification of various resources through access control parameters.
Access Control of Topics
The access control for RocketMQ topics is defined in the following table, which includes the following four categories:
Permission | Description |
DENY | Reject |
ANY | PUB or SUB permission |
PUB | Send permission |
SUB | Subscribe permission |