π Considerations for Managing Data Security:
- Compliance and privacy regulations π
- Penalties: Leaders fully aware of costs for storing and managing data π°
- Scalability: Grow in the future, demand requires π
- Legacy Infrastructure: Easily comply with data regulations π¨βπ»
- Flexibility: Meet regulations, grow in breadth and complexity π§
- Cost: Manual processes, noncompliance πΈ
π Zones in Sharded Clusters:
- Sharding to deploy large data sets π
- Create zones of sharded data based on the shard key πΊοΈ
π Network Isolation and Access:
- Virtual private cloud (VPC) π‘οΈ
- Isolating data, systems π
- Highly available within each region βοΈ
- Each shard of data will have multiple nodes π»
- Automatically and transparently failover for zero downtime β οΈ
π Multi-Cloud Clusters:
- AWS, Microsoft Azure, Google Cloud π
- Define a geographic location for each document π
- Keep relevant data close to end users for regulatory compliance π
π IP Whitelists:
- Allow to specify a specific range of IP addresses to access π
- Granular control over data π
π Queryable Encryption:
- Encryption of sensitive data from client side, stored as fully randomized π
- Without sacrificing performance π
π MongoDB Atlas Global Clusters:
- Control data deployment to specific geographical regions for fulfilling data policies and compliance π
π Client-side Field-level Encryption:
- Protect data while being transmitted, at rest and in use π
- Database never sees plaintext, but data remains queryable π
- Privacy regulations (GDPR, CCPA, PII) π
- Make data unreadable, unrecoverable: in memory, at rest, in backups, in logs π
π KMIP: Cryptographic Operations π
- Defines how key management operations and data exchange between client and servers π
- Supports any KMIP-enabled key provider (e.g., AWS, Google Cloud, Azure) π
- Allows the use of custom in-house key management software π»
π Encrypted Data Example: π
- MongoDB driver requests key from KMIP key provider (e.g., AWS) π
- Driver uses the key to encrypt the SSN number π
- Driver submits the query to the database with the encrypted SSN number as ciphertext π
- Database returns the encrypted query results to the driver π
- Driver decrypts the query results using the keys π
π Encrypted Data Advantages: π
- Reduces the risk of unauthorized access π«
- Reduces the risk of sensitive data disclosure π«
- Data is encrypted before leaving the application π
- Protects data over the network, in database memory, at rest in storage and backups, and in system logs π
π MongoDB Segmenting Data by Location with Sharded Clusters: π
Challenges:
- CPU and/or memory becomes overloaded π₯
- Cannot respond to request traffic π¦
- Increase in database response time π°οΈ
- Out of storage π½
- Network interface is overloaded π
Solution: Sharding π§
- Horizontal scaling π
- Additional database nodes (replicas) to share request traffic π»
- Distributed across nodes in different regions for a balanced cluster π
- Create zones of sharded data based on the shard key πΊοΈ
- Associate each zone with one or more shards in the cluster π
Sharding Details:
- If additional database nodes go down, other nodes (replicas) can still serve read & write operations π
- If additional database nodes go down, other nodes (replicas) can only serve read operations π
Reference:
https://www.mongodb.com/library/mainframe-modernization/reference-architecture-mainframe-modernization?lb-mode=overlay
Reference Architecture: Mainframe Modernization
https://www.mongodb.com/solutions/solutions-library
Solutions Library
Editor
Danny Chan, specialty of FSI and Serverless
Kenny Chan, specialty of FSI and Machine Learning
Top comments (0)