Cluster ACLs
You use cluster ACLs to control which Brokers can join a cluster. When a cluster has an ACL attached, the SSL identity or the basic authentication identity of any Broker attempting to join must be listed on the cluster ACL. If not, the Broker will be denied permission.
Brokers within a cluster that belong to the same Broker Server share the same basic authentication identity or SSL identity as that of their Broker Server. This is because a Broker Server's identity is copied to all of its Brokers in the cluster.
A cluster ACL is shared among all the Brokers in the same cluster. When you change the cluster ACL on a particular Broker, that ACL is automatically propagated to the rest of the cluster.
If you plan on opening the membership of the cluster to additional Brokers, specifying their identities on a cluster ACL is necessary if the enlisting Brokers have identities different than those specified by the ACL. If that is the case:
Make sure that the
Broker Servers of the enlisting
Brokers have basic authentication identities or SSL identities.
Make sure that either basic authentication or SSL is enabled for those
Broker Servers.
Add the basic authentication identities or SSL identities of the
Brokers you want to add to the cluster ACL.
For information about configuring cluster ACLs, see
About Controlling Which
Brokers Can Join a Cluster.