It’s been a couple of weeks now since our co-founder and CTO announced MongoDB 3.0. The reaction from the community has blown us away as architects, developers and ops teams look to bring MongoDB’s flexibility and ease-of-use to a whole new set of projects.
In the lead-up to it’s General Availability, we’re going to provide more detail on specific areas of MongoDB 3.0. Of course we’ll cover the new pluggable storage architecture and what WiredTiger brings to MongoDB in terms of performance and storage efficiency. We’ll cover enhancements to the query framework, new multi-threaded tools and support for large scale, globally distributed replica sets.
But in this post we will start out with the operational platform we have built around MongoDB 3.0 and the enhanced security controls with authentication and auditing.
If you want to get the detail now on everything MongoDB 3.0 offers, download the What’s New white paper.
The Best Way to Run MongoDB: Ops Manager
MongoDB Ops Manager is the best way to run MongoDB within your own data center or public cloud, making it fast and easy for operations teams to deploy, monitor, backup and scale MongoDB. Ops Manager reduces the overhead of operating large scale MongoDB deployments by as much as 95% for many activities. Ops Manager is available with MongoDB Enterprise Advanced.
“Technology waits for no one, and consumers don’t wait either. MongoDB exceeds my expectations with MongoDB 3.0. The addition of Ops Manager to scale our operations and compression to reduce our storage costs are significant. These new features will allow us to continue creating exactly what we desire with speed and efficiency.”~ Eric Singleton, Chico’s FAS, Inc. CIO.
Ops Manager incorporates best practices to help keep managed databases healthy and optimized. It ensures operational continuity by converting complex manual tasks into reliable, automated procedures executed with the click of a button or an API call. Ops Manager takes care of the low-level details for common tasks without taking the database offline.
- Deploy. Any topology, at any scale.
- Manage. Create new or manage, monitor and backup existing clusters
- Upgrade. In minutes, with no downtime
- Scale. Add capacity, without taking the application offline
- Point-in-time, Scheduled Backups. Restore to any point in time, because disasters aren't predictable
- Performance Alerts. 100+ system metrics and get custom alerts before the system degrades
For those operations teams who do not want to maintain their own management and backup infrastructure in-house, the benefits of Ops Manager are also available through the MongoDB Management Service MMS, a cloud service hosted by MongoDB.
Deployments and Upgrades
Ops Manager coordinates critical operational tasks across the nodes in a MongoDB system. It communicates with the infrastructure through agents installed on each server. The servers can reside in the public cloud or a private data center. Ops Manager reliably orchestrates the tasks that administrators have traditionally performed manually – deploying a new cluster, upgrades, point in time recovery, and many other operational tasks.
Figure 1: Ops Manager: simple, intuitive and powerful. Deploy and upgrade entire clusters with a single click.
In addition to initial deployment, Ops Manager makes it possible to dynamically resize capacity by adding shards and replica set members. Other maintenance tasks such as upgrading MongoDB or resizing the oplog can be reduced from dozens or hundreds of manual steps to the click of a button, all with zero downtime.
Administrators can use the Ops Manager interface directly, or invoke the Ops Manager RESTful API from existing enterprise tools, including popular monitoring and orchestration frameworks.
Monitoring
Featuring charts, custom dashboards, and automated alerting, Ops Manager tracks 100+ key database and systems health metrics including operations counters, memory and CPU utilization, replication status, open connections, queues and any node status.
The metrics are securely reported to Ops Manager where they are processed, aggregated, alerted and visualized in a browser, letting administrators easily determine the health of MongoDB in real-time. Views can be based on explicit permissions, so project team visibility can be restricted to their own applications, while systems administrators can monitor all the MongoDB deployments in the organization.
Historic performance can be reviewed in order to create operational baselines and to support capacity planning. Integration with existing monitoring tools is also straightforward via the Ops Manager RESTful API, making the deep insights from Ops Manager part of a consolidated view across your operations.
Ops Manager allows administrators to set custom alerts when key metrics are out of range. Alerts can be configured for a range of parameters affecting individual hosts, replica sets, agents and backup. Alerts can be sent via SMS and email or integrated into existing incident management systems such as PagerDuty and HipChat to proactively warn of potential issues, before they escalate to costly outages.
Disaster Recovery: Backups & Point-in-Time Recovery
A backup and recovery strategy is necessary to protect your mission-critical data against catastrophic failure, such as a fire or flood in a datacenter, or human error such as bad code. It is part of multi-faceted strategy which includes replication to withstand failures of critical infrastructure. With a backup and recovery strategy in place, administrators can restore business operations without data loss, and the organization can meet regulatory and compliance requirements. Taking regular backups offers other advantages, as well. The backups can be used to seed new environments for development, staging, or QA without impacting production systems.
Ops Manager continuously maintains backups, therefore if MongoDB experiences a failure, the most recent backup is only moments behind, minimizing exposure to data loss. Ops Manager is the only MongoDB solution that offers point-in-time backups of replica sets and cluster-wide snapshots of sharded clusters. You can restore to precisely the moment you need, quickly and safely. In addition, the on-going performance impact to the production system is minimal – similar to that of adding an additional member to a replica set.
Customers can deploy Ops Manager to control backups in their local data center, or use MMS which offers a fully managed backup solution with a pay-as-you-go model. Using MMS, dedicated MongoDB engineers monitor customer backups on a 24x365 basis, alerting operations teams if problems arise.
Learning More About Ops Manager
Ops Manager is a sophisticated and highly functional platform, but designed with ease-of-use as a priority. Join the Introducing Ops Manager webinar to learn more.
Security Enhancements: Auditing and Authentication
Auditing is an essential element of regulatory compliance initiatives, especially those applications managing user data in healthcare, finance, retail and government systems. Auditing captures the activities of users, administrative staff and applications in accessing and processing data, providing a log for security analysis. Coupled with it’s authorization, authentication and encryption controls, auditing functionality enables MongoDB to be used for projects that are subject to regulatory compliance.
The original auditing framework introduced in MongoDB 2.6 now extends beyond capturing administrative actions (i.e. schema operations, authentication and authorization activities) to include the logging of read and write (DML) operations to the database. Administrators can construct and filter audit trails for any operation against MongoDB, whether DML, DCL or DDL without having to rely on third party tools. For example, it is possible to log and audit the identities of users who retrieved specific documents, and any changes made to the database during their session.
Administrators can configure MongoDB to log all actions or apply filters to capture only specific events, users or roles. The audit log can be written to multiple destinations in a variety of formats including to the console and syslog (in JSON format), and to a file (JSON or BSON), which can then be loaded to MongoDB and analyzed to identify relevant events.
A further enhancement in MongoDB 3.0 is support for role-based auditing. Now it is possible to log and report activities by specific role, such as userAdmin or dbAdmin – coupled with any inherited roles each user has – rather than having to extract activity for each individual administrator.
Auditing adds performance overhead to a MongoDB system. The amount is dependent on several factors including which events are logged, the log format and where the audit log is maintained, such as on an external storage device. Users should consider the specific needs of their application for auditing and their performance goals in order to determine their optimal configuration.
You can learn more from the MongoDB auditing documentation. Auditing is available with MongoDB Enterprise Advanced.
Authentication
MongoDB 3.0 also features a new password authentication mechanism called Salted Challenge Response Authentication Mechanism or SCRAM. MongoDB 3.0 uses SCRAM as the default authentication mechanism, replacing MONGODB-CR.
Our security engineers have written a detailed blog on MongoDB’s SCRAM-based authentication, providing an overview of the motivations behind SCRAM's design, a basic analysis of its security properties, and a tutorial on how to use it in MongoDB
Next Steps
That wraps up the first in our 3-part MongoDB 3.0 blog series. If you want to learn more about Ops Manager sign up for the Introducing Ops Manager webinar.
If you can’t wait for the next two installments, and want to get the detail now on everything MongoDB 3.0 offers, download the What’s New white paper: