AMQP, the Advanced Message Queuing Protocol, is an open standard for message queuing that supports flexible messaging for enterprise systems. vCloud Director uses the RabbitMQ AMQP broker to provide the message bus used by extension services, object extensions, and blocking task notifications.

Messages published to RabbitMQ include sensitive information. Exposing AMQP traffic between vCloud Director cells can be a security threat to the system and its tenants. AMQP endpoints should be configured to use SSL. AMQP ports should be blocked at the system firewall. Third party clients that consume AMQP messages must be allowed to operate in the DMZ. Any code that consumes vCloud Director messages should be subject to audit by the service provider's security team.

For more information about RabbitMQ and how it works with vCloud Director, see the vCat-SP blog entry at https://blogs.vmware.com/vcat/2015/08/vcloud-director-for-service-providers-vcd-sp-and-rabbitmq-security.html

Protect the AMQP Service with SSL

To use SSL with the vCloud Director AMQP service, select Use SSL on the AMQP Broker Settings section of the Extensibility page of the vCloud Director Web console, and provide either of the following:
  • an SSL certificate pathname
  • a JCEKS trust store pathname, user name, and password
See Configure an AMQP Broker in the vCloud Director Administrator's Guide for the complete procedure.
Important:

Although an Accept all certificates option is available, we do not recommend selecting it when security is a concern. Accepting all certificates without checking them opens the way to man in the middle attacks.

Block AMQP Ports at the System Firewall

As noted in Network Security Requirements, several AMQP ports must be accessible on the management network. No AMQP endpoints should be accessible from public or enterprise networks.