1 / 16

Secure Sharding in MongoDB

Secure Sharding in MongoDB. Presented By: Anam Zahid. Agenda. Scaling MongoDB’s Approach Architecture Mechanism Proposed Architecture. Scaling. 64MB. 64MB. 64MB. 64MB. 64MB. 64MB. Scaling UP (Vertical Scaling) Addition of more CPUs and Storage Capacity. Scaling.

azra
Download Presentation

Secure Sharding in MongoDB

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure Sharding in MongoDB Presented By: Anam Zahid

  2. Agenda Scaling MongoDB’s Approach Architecture Mechanism Proposed Architecture

  3. Scaling 64MB 64MB 64MB 64MB 64MB 64MB • Scaling UP (Vertical Scaling) • Addition of more CPUs and Storage Capacity

  4. Scaling • Scaling OUT (Horizontal Scaling) • Distribution of data across multiple servers

  5. MongoDB’s Approach • Sharding (horizontal scalability) • A method to store data across multiple machines/shards • Supports deployments with very large datasets • Maintains high throughput operations

  6. MongoDB’s Approach • Sharding Advantages • Reduces the number of operations each shard handles • Reduces the Amount of data that each server stores • Make the Cluster invisible for Clients • Ensures Cluster availability for reads and writes • Easy scaling out

  7. Sharding Architecture

  8. Sharding with Replica Set

  9. Mechanism • Shards • Master slave ,Replica Sets or Mongod instances • Configuration Servers • Exactly 3 for production • Contains meta-data • Routing Instances • Direct interface with client application • Can be many in number • Also act as a balancer for chunk migration

  10. Mechanism Sharding on per collection basis Based on shard keys Default chunk size is 64MB

  11. Mechanism • Two basic operations • Chunk Splitting • Chunk Migration

  12. Proposed Architecture Encryption/Decryption Layer Key Distribution Store

  13. Shard C Shard B Shard A 9 Encryption/Decryption Engine 8 7 Config. Server 6 5 Config. Server Key Distribution Store Query Router Config. Server 4 Authorization Authentication 10 2 3 1 Client Application

  14. Proposed Architecture Client Application sends Login Request to authentication Module Authentication Module authenticates it on the basis of certificate and sends reply back to client application Client application sends query to authorization server. The Authorization server generates policies and maps user policies with user profile. Then it verifies user query against user policy. In case of successful authorization, authorization server sends the query to Query Router

  15. Proposed Architecture Query router get meta-data information about shards from the configuration server/s It then looks for appropriate shard/s on the basis of query parameters Query router sends query request to encryption/decryption Engine The encryption/Decryption Engine requests key distribution store for encryption key The Engine requests data from appropriate shards, decrypt it and sends the response back to query router. Query router forwards this data to Client Application

  16. Thank You

More Related