Replication Security
AMPS allows authorization and entitlement to be configured on replication destinations. For the instance that receives connections, you simply configure Authentication
and Entitlement
for the transport definition for the destination, as shown below:
<Transports>
<Transport>
<Name>amps-replication</Name>
<Type>amps-replication</Type>
<InetAddr>10005</InetAddr>
<!-- Specifies the entitlement module to use to check permissions for incoming
connections. The module specified must be defined in the Modules section of the
config file, or be one of the default modules provided by AMPS. This snippet
uses the default module provided by AMPS for example purposes. -->
<Entitlement>
<Module>amps-default-entitlement-module</Module>
</Entitlement>
<!-- Specifies the authentication module to use to verify identity for incoming
connections. The module specified must be defined in the Modules section of the
config file, or be one of the default modules provided by AMPS. This snippet
uses the default module provided by AMPS for example purposes. -->
<Authentication>
<Module>amps-default-authentication-module</Module>
</Authentication>
</Transport>
...
</Transports>
For incoming connections, configuration is the same as for other types of transports.
For connections from AMPS to replication destinations, you can configure an Authenticator
module for the destination transport. Authenticator
modules provide credentials for outgoing connections from AMPS. For authentication protocols that require a challenge and response, the Authenticator
module handles the responses for the instance requesting access.
<Replication>
<Destination>
<Topic>
<MessageType>fix</MessageType>
<Name>topic</Name>
</Topic>
<Name>amps-1</Name>
<SyncType>async</SyncType>
<Transport>
<InetAddr>amps-1-server.example.com:10004</InetAddr>
<Type>amps-replication</Type>
<!-- Specifies the authenticator module to use to provide credentials for the
outgoing connection. The module specified must be defined in the Modules section
of the config file, or be one of the default modules provided by AMPS. This
snippet uses the default module provided by AMPS for example purposes. -->
<Authenticator>
<Module>amps-default-authenticator-module</Module>
</Authenticator>
</Transport>
</Destination>
</Replication>
Last updated