# RabbitMQ - Features

## Topologies <a href="#rabbitmqarchitecture-topologies" id="rabbitmqarchitecture-topologies"></a>

### Single instance <a href="#rabbitmqarchitecture-singleinstance" id="rabbitmqarchitecture-singleinstance"></a>

RabbitMQ can be provisioned as a single instance on self-service using ITCare.

<figure><img src="https://835168969-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F2FXoHyOBZPpJv3UALn4V%2Fuploads%2Fgit-blob-ab4cbf5a047b7e28370680278f97044a1403eaff%2FAZA.png?alt=media" alt="" width="137"><figcaption><p>Single instance</p></figcaption></figure>

**Properties**

A single instance will have the following properties :

<table><thead><tr><th width="249">Component</th><th>Value</th></tr></thead><tbody><tr><td>AMQP listening port</td><td><ul><li>5672 if TLS is disabled</li><li>5671 if TLS is enabled</li></ul></td></tr><tr><td>Prometheus endpoint</td><td>http://my-instance.hosting.cegedim.cloud:15692/metrics</td></tr><tr><td>Administration URL</td><td>http://my-instance.hosting.cegedim.cloud:15672/</td></tr><tr><td>REST API endpoint</td><td>http://my-instance.hosting.cegedim.cloud:15672/api</td></tr></tbody></table>

### Cluster <a href="#rabbitmqarchitecture-cluster" id="rabbitmqarchitecture-cluster"></a>

RabbitMQ can be provisioned as a cluster on self-service using ITCare.

A RabbitMQ cluster can be deployed in 3 nodes or 5 nodes topology tailored for quorum queues use.

Nodes will be spread on **all** availability zones available in the targeted area.

<figure><img src="https://835168969-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F2FXoHyOBZPpJv3UALn4V%2Fuploads%2Fgit-blob-0a55060127921aa2c11c60485042350cbd3b0fc8%2Fdark_eng%20(1).png?alt=media" alt="" width="484"><figcaption><p>Cluster</p></figcaption></figure>

**Properties**

Once deployed the cluster will have the following properties :

<table><thead><tr><th width="249">Component</th><th>Value</th></tr></thead><tbody><tr><td>AMQP listening port</td><td><ul><li>5672 if TLS is disabled</li><li>5671 if TLS is enabled</li></ul></td></tr><tr><td>Prometheus endpoint</td><td>http://nodex.hosting.cegedim.cloud:15692/metrics</td></tr><tr><td>Administration URL</td><td>https://cluster-name.rmq.hosting.cegedim.cloud/</td></tr><tr><td>REST API endpoint</td><td>https://cluster-name.rmq.hosting.cegedim.cloud/api</td></tr></tbody></table>

### Quorum queues <a href="#rabbitmqarchitecture-quorumqueues" id="rabbitmqarchitecture-quorumqueues"></a>

Quorum queues are highly recommended with RabbitMQ clusters issued from the cegedim.cloud PaaS for maximum resiliency !

A quorum queue will natively be replicated to all nodes participating in the cluster.

{% embed url="<https://www.rabbitmq.com/quorum-queues.html>" %}

{% hint style="danger" %}
Classic mirroring is not advised on a RabbitMQ cluster since quorum queue is its natural enhancement.
{% endhint %}

## Features <a href="#rabbitmqarchitecture-features" id="rabbitmqarchitecture-features"></a>

This section is to list which feature / capabilities are available to customer, and how to request / perform them :

<table data-header-hidden><thead><tr><th width="184"></th><th></th></tr></thead><tbody><tr><td><strong>Self Service</strong></td><td>Customer can perform action autonomously.</td></tr><tr><td><strong>On Request</strong></td><td>Customer can request for the action to be done to cegedim.cloud support team.</td></tr></tbody></table>

<table data-full-width="true"><thead><tr><th width="357">Feature</th><th width="133" data-type="checkbox">Self Service</th><th width="136.5" data-type="checkbox">On Request</th><th>Comments</th></tr></thead><tbody><tr><td>SSH access</td><td>false</td><td>false</td><td>SSH access is disabled and reserved to cegedim.cloud administrators.</td></tr><tr><td>Settings management</td><td>false</td><td>true</td><td>Modification of rabbitmq.conf and other internal settings are performed by cegedim.cloud on request.</td></tr><tr><td>RabbitMQ Admin access</td><td>true</td><td>true</td><td><p>Customer can log in with an administrator account to the RabbitMQ Management UI (password defined by customer in the provisioning wizard).</p><p>Some objects are required and reserved to cegedim.cloud operations. Enforcements can be applied.</p></td></tr><tr><td>Export, Import RabbitMQ definitions</td><td>true</td><td>false</td><td>Available in Self Service using the Management UI or the API.</td></tr><tr><td>Manage RabbitMQ plugins</td><td>false</td><td>true</td><td>RabbitMQ plugins are managed by cegedim.cloud and can be installed on request by our support team.</td></tr></tbody></table>

## Security <a href="#rabbitmqarchitecture-security" id="rabbitmqarchitecture-security"></a>

### Authentication <a href="#rabbitmqarchitecture-authentication" id="rabbitmqarchitecture-authentication"></a>

Authentication uses RabbitMQ internal database.

### Authorization and passwords <a href="#rabbitmqarchitecture-authorizationandpasswords" id="rabbitmqarchitecture-authorizationandpasswords"></a>

This section list the password management for the PaaS RabbitMQ :

<table data-full-width="true"><thead><tr><th width="285">Account</th><th data-type="checkbox">Stored by cegedim.cloud</th><th width="198.2" data-type="checkbox">Stored by customer</th><th width="125" data-type="checkbox">Enforced</th><th>Hashing algorithm</th></tr></thead><tbody><tr><td><strong>admin</strong> account password</td><td>false</td><td>true</td><td>false</td><td>sha256</td></tr><tr><td><strong>ANY</strong> other account password</td><td>false</td><td>true</td><td>false</td><td>sha256</td></tr><tr><td><strong>cgdm_admin</strong> account password</td><td>true</td><td>false</td><td>true</td><td>sha256</td></tr><tr><td><strong>monitoring</strong> account password</td><td>true</td><td>false</td><td>true</td><td>sha256</td></tr></tbody></table>

### Secured Transport <a href="#rabbitmqarchitecture-securedtransport" id="rabbitmqarchitecture-securedtransport"></a>

TLS/SSL can be activated for AMQP protocol at provisioning or afterwards.

By default, it is disabled to avoid unnecessary overhead.

### Policies <a href="#rabbitmqarchitecture-policies" id="rabbitmqarchitecture-policies"></a>

This section list the policies management for the PaaS RabbitMQ :

<table><thead><tr><th width="121">Policies</th><th width="100" data-type="checkbox">Default</th><th width="109" data-type="checkbox">Enforced</th><th>Comments</th></tr></thead><tbody><tr><td><strong>TTL</strong></td><td>true</td><td>false</td><td>Messages older than 28 days will expire automatically</td></tr><tr><td><strong>HA</strong></td><td>true</td><td>true</td><td>ha-mode configured to ALL (RabbitMQ 3.x only)</td></tr></tbody></table>

{% hint style="info" %}
**RabbitMQ 4.x - Important change:**

Starting from RabbitMQ 4.0, the HA policy is no longer applied as Quorum Queues natively provide data replication. Feature Flags are automatically enabled during provisioning.

For RabbitMQ 3.x versions, the HA policy remains active with ha-mode: ALL.
{% endhint %}

{% hint style="warning" %}
Please open a request ticket if you need these policies modified.
{% endhint %}

### Data location <a href="#rabbitmqarchitecture-datalocation" id="rabbitmqarchitecture-datalocation"></a>

Datas for cegedim.cloud's RabbitMQ PaaS are stored on the dedicated virtual machines created upon requesting a PaaS.

These virtual machines and the storage associated are hosted and managed in cegedim.cloud's own data centers.