Operator Guide: Azure Service Bus Queue

Overview

Azure Service Bus Queue is a messaging service that provides a reliable way to exchange messages between different components of your applications. Queues ensure that messages are delivered once and only once, making it ideal for scenarios that require guaranteed message delivery.

Use Cases

• Decoupling Components: Use queues to decouple components of your application for improved reliability and scalability.
• Load Leveling: Distribute workloads evenly across multiple consumers by using competing consumers.
• Priority Handling: Implement priority-based processing for messages that require varying levels of attention.
• Dead-Letter Handling: Capture and analyze messages that cannot be processed successfully.
• Delayed Processing: Send messages to queues for later processing using deferred messages.
• Workflow Processing: Implement multi-step workflows using sessions.

Client libraries

Here is a list of fully supported Service Bus client libraries that are available via the Azure SDK:

• .NET
• Java
• Java JMS 2.0
• JavaScript/TypeScript
• Python

Guided Configurations

Development

The development preset configuration sets the Service Bus SKU to Basic.

Production

The production preset configuration sets the Service Bus SKU to Standard.

Design Considerations

We wanted to add support for various use cases for Azure Service Bus Queue. To do this, we created a bundle that allows you to configure the following:

• Capacity
• Zone redundancy
• Batch operations
• Queue sessions
• Duplicate detection
• Express entities
• Partitioning

Security

Access Control

Configure access policies to control who can send, receive, or manage messages in the queue using Azure RBAC. In your application, it’ll look something like this:

app:
  envs: {}
  policies:
    - .connections.service_bus_queue.data.security.iam.sender
    - .connections.service_bus_queue.data.security.iam.receiver
  secrets: {}

The .connections.service_bus_queue.data.security.iam.sender role assigns the Azure Service Bus Data Sender role to the application’s managed identity. The .connections.service_bus_queue.data.security.iam.receiver role assigns the Azure Service Bus Data Receiver role to the application’s managed identity. You can simply use one or both of these roles depending on your application’s needs.

Encrypted Data in Transit

The bundle uses SSL/TLS 1.2 encryption for data transmitted between your application and the queue.

Encrypted Data at Rest

Data is encrypted at rest, including messages stored in the queue.

Observability and Monitoring

Metrics and Monitoring

Utilize metrics to monitor queue performance, throughput, and message counts.

The two metrics that are currently configured to be collected are:

• ServerErrors: The number of server errors that occurred for the Azure Service Bus Namespace
• ServerSendLatency: The latency of sending messages to the Azure Service Bus Namespace

Trade-offs and Limitations

Network Isolation

Public network access is enabled (by default). If you want to restrict access to the queue to only your virtual network, you can do so by forking the bundle, setting the public_network_access_enabled parameter to false and adding a network_rule_set, then publishing the bundle to your Massdriver org. The reason network isolation is not enforced is because isolating a service bus queue within a network limits some functionality.