Replication Security

AMPS allows authorization and entitlement to be configured on replication destinations. For the instance that receives connections, you simply configure Authentication and Entitlement for the transport definition for the destination, as shown below:

<Transports>
    <Transport>
        <Name>amps-replication</Name>
        <Type>amps-replication</Type>
        <InetAddr>10005</InetAddr>

        <!-- Specifies the entitlement module to use to check permissions
             for incoming connections. The module specified must be defined
             in the Modules section of the config file, or be one of the 
             default modules provided by AMPS. 
             This snippet uses the default module provided by AMPS for example 
             purposes. -->
        <Entitlement>
            <Module>amps-default-entitlement-module</Module>
        </Entitlement>

        <!-- Specifies the authentication module to use to verify identity
             for incoming connections. The module specified must be defined 
             in the Modules section of the config file, or be one of the default 
             modules provided by AMPS. 
             This snippet uses the default module provided by AMPS for example
             purposes. -->
        <Authentication>
            <Module>amps-default-authentication-module</Module>
       </Authentication>
    </Transport>
 ...
</Transports>

For incoming connections, configuration is the same as for other types of transports.

For connections from AMPS to replication destinations, you can configure an Authenticator module for the destination transport. Authenticator modules provide credentials for outgoing connections from AMPS. For authentication protocols that require a challenge and response, the Authenticator module handles the responses for the instance requesting access.

<Replication>
    <Destination>
        <Topic>
            <MessageType>fix</MessageType>
            <Name>topic</Name>
        </Topic>
        <Name>amps-1</Name>
        <SyncType>async</SyncType>
        <Transport>
            <InetAddr>amps-1-server.example.com:10004</InetAddr>
            <Type>amps-replication</Type>

            <!-- Specifies the authenticator module to use to provide
                 credentials for the outgoing connection. The module
                 specified must be defined in the Modules section of
                 the config file, or be one of the default modules
                 provided by AMPS.
                 This snippet uses the default module provided by AMPS
                 for example purposes. -->
            <Authenticator>
                <Module>amps-default-authenticator-module</Module>
            </Authenticator>
        </Transport>
    </Destination>
</Replication>

PreviousGuarantees on Ordering NextUnderstanding Replication Message Routing

Last updated 22 days ago