Many IoT applications will see very large numbers of clients connecting to Solace message routers via insecure public networks. For example, vehicles in a fleet may communicate with the company’s Solace routers over the Internet using MQTT. In such a scenario the company’s system administrators may want to implement Access Control Lists (ACLs) so each vehicle can only publish to topics containing their own MQTT client-username. This would prevent, for example, one vehicle from impersonating another.
But client connection counts can be quite large in IoT applications, making it impractical to create a unique ACL profile for each client. In the recent 8.3.0 release of the Solace Virtual Message Router, we added substitution variables for client-usernames in topic strings to ACL profiles, which means you can now apply a single ACL profile to many client connections. When the MQTT client-username substitution variable appears in an ACL rule being applied to a client, the router replaces that variable with the corresponding client-username for the client connection when performing an ACL check.… Read the rest