Configuring a MongoDB replica set for analytics

MongoDB replica sets make it easy for developers to ensure high availability for their database deployments.

A common replica set configuration is composed of three member nodes: two data-bearing nodes and one arbiter node. With two electable, data-bearing nodes, users are protected from scenarios that cause downtime for single-node deployments, such as maintenance events and hardware failures.

However, it may be tempting to read from the redundant, secondary server to scale reads and/or run queries for the purpose of analytics. We strongly advise against secondary reads when there are only two electable, data-bearing nodes in the replica set.

The main reason for this recommendation is that relying on secondary reads can compromise the high availability replica sets are meant to provide. While occasional use of the secondary for non-critical ad-hoc queries is fine, if your app requires both the primary and the secondary to shoulder the database load of your application, your system is no longer in a position to handle this load if one of the nodes in the cluster goes down or becomes unavailable.

This is discussed in more depth in the following resources:

Run analytics queries against hidden, analytics nodes instead

If you would like to run more than the occasional, ad-hoc or analytics query, we highly recommend that you properly configure your replica set to handle analytics queries.  In particular, we recommend adding a node designated for analytics as a hidden, non-electable member of the replica set.

Hidden members have properties that make them great for analytics. A hidden replica set member:

Maintains a copy of the primary’s data set – Querying on a hidden member will be nearly identical to querying the primary node (minus some replication delay).

Cannot become primary and is invisible to your application – It’s important to isolate analytics traffic from production application traffic. If the analytics node became the replica set primary, it may be unable to handle the combined analytics and production application traffic.

Can be useful for disaster recovery as well if a slaveDelay is configured – See advanced configuration considerations below.

If you’re interested in adding an analytics node to your mLab deployment:

  1. Email us at support@mlab.com to request that the node be added.
  2. mLab will add the node seamlessly into your replica set as a hidden member and provide you with its address.
  3. You will then be able to start to create single-node connections using that address for your analytics queries.

Advanced configuration considerations

Enabling slaveDelay on the analytics node for replica set disaster recovery

MongoDB’s slaveDelay option allows you to configure a replication delay on a hidden replica set member. Configuring a delay is helpful for recovering from disaster scenarios such as accidentally dropping a collection or database.

For example, imagine that you configure a one-hour delay on an analytics node. If a developer accidentally drops/deletes data from the primary node, the changes will be applied to the analytics node an hour later (as opposed to immediately). This allows you to query the analytics node to retrieve the deleted data.

Having multiple analytics nodes for high availability and/or to scale reads

If you would like your analytics queries to be able to withstand one node failure and/or to have more read capacity, it could make sense to have multiple, analytics nodes.

In this case, consider a Read Preference with Tag Sets to ensure that analytics queries are directed at analytics nodes only, and that non-analytics queries are directed at electable nodes only.  If you want to go this route, contact support@mlab.com, and we’ll work with you on all the details.

Reading from secondaries in a Sharded Cluster

If you are running a Sharded deployment and would like to read from the secondary members of your shards, there are important considerations you should be aware of.  We will be publishing a blog post on this advanced topic in the future.

Comments are closed

MongoDB tips & tricks: Collection-level access control

As your database or project grows, you may be tasked with configuring access controls to allow different stakeholders access to the database. Rather than create a new user with full database privileges, it may be more appropriate to create a user that only has access to the data or collections they need. This allows users to query against the collections you define and limits their access to the rest of the database.

Here’s a step-by-step example that demonstrates how to set up collection-level access control. This example will create a user named “finance” on the “acme” database. The “finance” user will only have “find” (read) access to the “billing” collection.

Step 1. Connect to the “acme” database using an existing user

> mongo ds123456.mlab.com:12345/acme -u dba -p password

Note that the “dba” user will need the userAdmin role to create and modify roles and users on the “acme” database. By default, mLab database users created through the UI are granted the dbOwner role, which combines the privileges granted by the readWrite, dbAdmin, and userAdmin roles.

Step 2. Create a new user-defined role for the “billing” collection

> db.createRole({ role: "readBillingOnly", privileges: [ { resource: { db: "acme", collection: "billing" }, actions: [ "find" ] } ], roles: [] })]

You can also add more privilege actions to the “actions” array, such as “insert” or “update”.

Step 3. Create a new user named “finance” with the role you just created

> db.createUser({ user: "finance", pwd: "password", roles: [ { role: "readBillingOnly", db: "acme" } ] })

Alternatively, if the user already exists, you can use the grantRolesToUser() method:

> db.grantRolesToUser("finance", [ { role: "readBillingOnly", db: "acme" } ])

 

And that’s it! You now have a user named “finance” that has read-only access on the “billing” collection in the “acme” database.

Comments are closed

Counting Down the Parse Migration

On January 28, 2017 Parse will be fully retired. To help with the transition, mLab has published a comprehensive guide to migrating Parse data onto an mLab-hosted MongoDB database. This guide aims to help existing Parse customers by highlighting migration best practices and addressing commonly asked questions that we’ve handled migrating over 8600 applications to our platform.

The guide is ideal for Parse users who are working on their migration. It helps them understand how to:

  • Migrate their Parse data onto an mLab hosted MongoDB database
  • Create and test a local Parse Server
  • Deploy a Parse Server onto Heroku
  • Connect their application to the Parse Server
  • Use Parse Server to store files for their application

We are proud that our fully managed Database-as-a-Service has been the chosen platform for 78% of Parse data migrations to date. Parse users still contemplating the move should get started on their migration as soon as possible to ensure all data storage needs are met. In addition, proactive migration off the Parse backend service to a self-hosted Parse Server will provide time for development teams to learn how to maintain and scale the open-source server.

In the meantime, if you have any questions or need migration help we invite you to email us at support@mongolab.com. We look forward to helping you with all your data needs.

Comments are closed

Introducing mLab Private Environments

Today we are excited to announce the private beta of mLab Private Environments. mLab Private Environments are virtual private networks you can provision to house your various database deployments hosted with mLab. These private networks isolate your database from public networks while allowing your application infrastructure secure access to your database deployments.

With Private Environments, you can continue to use the mLab platform for dynamic database provisioning and scaling while leveraging security features that are traditionally only found in private networks.

mLab Private Environments overview

When you provision a Private Environment with mLab (currently only available on AWS) we provision a dedicated AWS VPC for that environment. You can place any number of mLab MongoDB deployments inside of that Private Environment.

You can then peer the VPC underlying your Private Environment to the AWS VPC that houses your application infrastructure. This peering operation will create a single, extended, private network consisting of both your application infrastructure and your database deployments.

mlab-private-environments

From there, you can very conveniently and scalably design network ACLs and routing rules to only allow access to your database deployment from the parts of your application infrastructure that need it.

You can provision and maintain any number of Private Environments.

Benefits of using Private Environments

The move to the public cloud has been a huge win in terms of simplicity, but also a big step backwards from a networking perspective. In order to move to the public cloud, organizations had to abandon the more sophisticated networking techniques they used to employ when working in traditional data centers.

Recently, however, public cloud providers have been reintroducing some of the networking functionality that has been missing. For example, AWS VPC (Virtual Private Clouds) allow you to create virtual private networks with subnets, route tables, and network ACLs, just like you would have in a traditional datacenter, only virtualized.

Upon this infrastructure (AWS VPC) we have implemented a new deployment solution that allows you to:

  • Isolate your database from public networks while allowing secure access to your application infrastructure.
  • Create sophisticated network topologies to ensure least privilege access to your database deployments using CIDR ranges and Security Groups.
  • Easily auto-scale your application tier without having to modify database firewall rules.

How are Private Environments used?

With Private Environments, you can use all of the traditional network security best practices and techniques for designing your application. You can place your front-end load balancers in a public subnet, and place your application servers, microservices, and databases in private subnets protected from the internet, but accessible to each other.

Furthermore, if your application tier has an auto-scaling component that accesses the database, Private Environments are extremely convenient. Before Private Environments, it was impossible to add application servers to your app tier without adding new allow rules to your database firewall. This made autoscaling VMs that required access to your database deployment extremely difficult, requiring either a NAT layer or opening your database to more sources than necessary.

With Private Environments, you simply allow the proper CIDR block for the subnet holding your application VMs, or the AWS Security Group you wish to give access to (Security Groups coming soon). You can then add and remove app infrastructure without needing to touch the definition of your database deployment’s firewall.

Availability

Private Environments is currently in private beta and only available with our Dedicated plans. If you would like to join the waitlist, please email our team at support@mlab.com.

Comments are closed

How to choose a DBaaS? Check out our piece in DZone

DZone recently asked us to contribute an article on choosing a Database-as-a-Service provider. I was excited to write this because it gave us a chance to summarize some of our experience hosting hundreds of thousands of MongoDB deployments over the past five years.

The piece, titled How to Choose a DBaaS, is also part of DZone’s new Guide to Data Persistence. Beyond our piece, there are some other interesting articles in it, like Vadim Tkachenko’s article comparing B-Trees, LSM Trees, and Fractal Trees, which are various data structures used for implementing indexes, and a very interesting and appropriate read for those of us who use MongoDB.

Check it out — hopefully you will find the guide useful, especially if you are interested in databases and learning about tools and techniques that other developers are using.

MongoLab is now mLab

We have some exciting news to share! Below is the email we sent to our users earlier today:


mLab-logo-onlight

I’m very excited to share some important news with you.

Today we are changing our name from MongoLab to mLab in order to better align with our long-term vision.

When we started this business five years ago, our MongoLab database service was the first step of a larger mission. Our ultimate goal was to simplify server-side development.

We envisioned a cloud-based laboratory where developers could build and deploy the entire server side of their application with a completely software-defined interface. Our premise was that a cloud-based server-side application stack built around JSON, microservices, document databases (like MongoDB), and software-defined networking could radically simplify server-side development.

We decided to start at the bottom of the stack and work our way upwards. This meant building a Database-as-a-Service platform upon which we could layer the rest of the stack. Around the same time we discovered MongoDB and recognized it as the operational data store of the future.

And so we set out on Phase 1 and created MongoLab: the game-changing cloud database service developers worldwide have grown to love.

I’m proud to say that mLab has become THE place to run MongoDB in the cloud and now manages over 250,000 deployments on AWS, Azure, and Google. If you are using MongoDB in the cloud, there really is no better experience.

MongoLab was a great name for us when our only product was MongoDB-as-a-Service. But now we feel it is time to change our name to one that can accommodate the larger vision that we have around cloud infrastructure and cloud data services.

Over the coming quarters we will focus on our broader premise that server-side development is largely about securely moving and transforming JSON objects between the client and the database, and that it should be much easier than it is today.

To be clear, we are still fully committed to MongoDB and our cloud MongoDB service, as this is the backbone of our future vision. MongoDB Inc., the stewards of MongoDB, will continue to concentrate on enterprise customers who host the database themselves. Our job at mLab will be to focus on the rest of the world and to continue to provide the best fully managed MongoDB-as-a-Service for developers who want to build great apps without worrying about database operations.

Thank you for helping make us such a success. We truly appreciate that you have chosen our service and look forward to helping you build great software.

Will Shulman
CEO of mLab

Please help us spread the word!

Team@mLab

{ "comments": 17 }

Welcoming the Parse community

Last week, Parse announced that it was winding down its service, and it will be fully retired on January 28, 2017.  

Parse provided a great mobile backend platform for developers who don’t want to wrangle with the complexities of server-side infrastructure. By encapsulating both the database and the app server into a single cloud service, mobile app developers were able to leverage Parse to rapidly build rich mobile applications with much less effort than would be required if they had to build the server component themselves.

The good news is that even though the Parse service is shutting down, it has open sourced its underlying software so that Parse customers can still experience the power of their platform. The missing component is now the hosting, and the Parse team has done a good job of giving its customers alternatives on how to host each of the components of the Parse platform, along with tools to help customers migrate their apps.

To run a Parse app in the cloud using the open-source software there are two components that need hosting:

  1. The Parse Server, written in Node.js
  2. The database that underlies Parse, which is MongoDB

We have been working with the Parse team for some months to help ensure that Parse customers have a great option for where they host the database component of their app following the closure of the Parse service, and we welcome Parse customers to the MongoLab MongoDB-as-a-Service platform.

Using MongoLab to host the database component of your Parse app will free you from having to run and manage MongoDB yourself. We handle all of the automation around database provisioning and scaling, ensure timely backups of your database are taken each day, and provide a suite of great tools to help you manage your data. Our multi-node MongoDB clusters also offer High Availability and failover so that your app stays running even in the face of infrastructure failure, and is available whether you host your Parse app on Amazon, Azure, or Google.

In the past week, we have seen a good number of Parse customers migrating to our service. We feel we are starting have a good handle on the process and the types of speed bumps customers may face while migrating. Over the next few weeks we will be releasing a FAQ that encapsulates these learnings in order to help customers navigate the process smoothly.

In the meantime, if you have any questions or need migration help we invite you to email us at support@mongolab.com. We look forward to helping you build the future.

Help save Robomongo with your donation

We recently learned that the team behind Robomongo, a free and open source MongoDB admin GUI, are in need of funds to keep the project going. The project, which has over 3,622 stargazers on GitHub, is a valuable free tool for the MongoDB community. We know that many of you, our customers, use and love Robomongo, so let’s try and help them!

The Robomongo team is currently fundraising on Indiegogo. To help support them, we’re announcing that MongoLab will match all donations starting now for a total of up to $15,000. Donate now and help save Robomongo!