With the rise of the number of tenants and traffic in the cluster, we are always striving for a system that is both multi-tenant and secure enough to onboard applications having different use cases and those applications can access pulsar from different cloud providers or even from cross-organization for enterprise integration.
Large organizations use TLS proxy servers which act as a gateway between a local network and a large-scale network, such as the internet. Aside from traffic forwarding, proxy servers provide security by hiding the actual IP address of a server. Organizational policies often require systems to stay behind enterprise proxy/gateway servers such as HAProxy, ATS, Nginx and follow standard security regulations to protect systems against known vulnerabilities. Apache Pulsar provides various solutions for TLS proxy and Pulsar is the only messaging system that supports SNI proxy to leverage various enterprise proxy solutions.
In this talk, we will discuss security and proxy solutions for Apache Pulsar which enables users in multi-tenant environments to access Pulsar instances securely from the on-prem, public cloud, and cross-enterprise. We will also talk about different multi-tenancy dimensions of Apache Pulsar which we use in Verizon Media to serve different use cases and applications on a shared pulsar cluster.