This document summarizes a presentation about Apache Pulsar multi-tenancy and security features at Verizon Media. It discusses how Pulsar implements tenant and namespace isolation through storage quotas, throttling policies, broker and bookie isolation. It also covers authentication, authorization, encryption in transit and at rest, and how Pulsar proxy supports SNI routing for hybrid cloud deployments and cross-organization replication. Future plans include tenant-based broker virtualization and hybrid cloud deployments with geo-replication.
Security and Multi-Tenancy with Apache Pulsar in Yahoo! (Verizon Media) - Pulsar Summit NA 2021
1. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Apache Pulsar
Multi-tenancy and Security
June 17, 2021
Rajan Dhabalia rdhabalia@verizonmedia.com
Ludwig Pummer ludwig@verizonmedia.com
1
3. Agenda
● Pulsar in Yahoo/Verizon Media
● Multi tenancy
● Security
● SNI routing and proxy support
● Future
● QA
3
4. Pulsar journey in Yahoo
● Developed as a hosted pub-sub service within Yahoo/VMG
○ open-sourced in 2016
● Global deployment
○ 6 DC (Asia, Europe, US)
○ full mesh replication
● Mission critical use cases
○ Serving applications
○ Lower latency bus for use by other low latency services
○ Write availability
4
5. ● Pulsar scale and storage evolution talk
https://pulsar-summit.org/en/event/virtual-conference-2020/sessions/pulsar-storage-on-bookkeepe
r-seamless-evolution
● Pulsar growth since 2015
○ 120+ tenants and 15M rps
○ Storage evolution : HDD, SDD, NVMe, PMEM
○ On-prem, public-cloud and cross org integration
● Scale but what about multi-tenancy?
Scale & Multi-Tenancy
5
9. Tenant
● Highest level of provisioning
● Unit of administration
● Managed by Pulsar
administrators
● Usually one team
9
Tenant and Namespace
Namespace
● Middle level of provisioning
● Unit of data policy
● Managed by Pulsar
administrators and/or Tenants
● Usually one application/use
case
persistent://tenant/namespace/topic
10. 1. Portal find User to Team mapping
2. User creates or modifies tenant
○ Tenant name, Admin Authorization Principals
○ Clusters, WPS & RPS Estimates
○ Jira project, Contact Info, Documentation Link
3. Portal reviews capacity & calls Admin API to manage tenant
○ Jira ticket for Pulsar operator if needed
10
Self-Service Tenant Management
21. ● Proxy for hybrid could application
● Gateway in a cloud environment or on
Kubernetes
21
Pulsar Proxy: Public cloud access
Proxy Configuration
brokerServiceURLTls=pulsar+ssl://brokers.example.com:6651
brokerWebServiceURLTls=https://brokers.example.com:8443
22. ● Proxy server creates a TLS tunnel between remote client and server
● The goal is to enable external clients to connect to internal services and do their
own client certificate verification, possibly because distribution of private keys to
the edge Traffic Server instances is too difficult or too risky.
22
Support Layer-4 SNI Routing
25. Future Roadmap
● Tenant based broker virtualization
○ Container based brokers on BookKeeper service
● Hybrid cloud deployment with geo-replication
25