AdminAndrew Davidson
(VP, Cloud Products, MongoDB)
My feedback
184 results found
-
16 votes
An error occurred while saving the comment -
2 votes
An error occurred while saving the comment Hi Katherine,
MongoDB Atlas offers the ability to federate identity to your identity provider today for control plane access, please see https://docs.atlas.mongodb.com/security/federated-authentication/
Cheers
-Andrew -
7 votes
An error occurred while saving the comment Hi Kyle,
Conceptually this is something we would like to introduce in future.
-Andrew
An error occurred while saving the comment Hi Dan,
It's important to emphasize that the only portion of logs that can contain query contents is the slow query logs: MongoDB Atlas provides a lot of high-value capability on top of these slow query logs, ranging from the Performance Advisor which provides index suggestions to the Query Profiler.
Importantly, access to database process logs is limited to Project Data Access Read Only users and above, and accesses of logs are audited events in the Project-level activity feed. You can lock down environments by managing your infrastructure in code, and give Project Read Only (as distinct from Product Data Access Read Only) to most users (this will mean they will have metadata access view only, including monitoring, without access to log files).
Longer-term we plan to move to model that can provide finer grained authorization for users to be granted the right to perform privileged actions on specific resources. We also aspire to provide richer, more configurable views into logs and other diagnostics data.
Also I should point out that MongoDB also offers Client-Side Field Level Encryption which allows you to encrypt data of the highest classification level before it ever leaves your network, with the tradeoff that you give up some queryability on those fields (point queries continue to work, but range queries do not). See more here: https://docs.mongodb.com/drivers/use-cases/client-side-field-level-encryption-guide
-Andrew
-
1 vote
An error occurred while saving the comment Hi John,
One thing to consider is to build an API call into the app-tier failover orchestration layer which changes the preferred region of the Atlas cluster upon failover.
I definitely think the idea of automatically deducing is cool: but there are situations where ti might nevertheless not be intended so getting the exact mechanics right is nontrivial.
-Andrew
-
3 votes
An error occurred while saving the comment Hi Mert, Luke,
I'm sorry I missed this when it was first opened:
It's important to know that Atlas offers configurable workload isolation using *tags*: you can learn more here https://docs.atlas.mongodb.com/reference/replica-set-tags/index.html#node-types
For example you can create Analytics nodes which in turn allow you to isolate analytics (or any other kind of) workloads from operational workloads: you specify the tag in the connection string.
We don't use "hidden" replicas from an implementation perspective since those actually don't work in a sharded setting, and tagging achieves similar objectives.
-Andrew
-
1 vote
An error occurred while saving the comment Hi James,
I'm sorry about this limitation as it currently stands: to explain, we show currentOp information within the RTPP that can show query predicates that in turn can contain sensitive information.
We hope to have a more flexible authorization model in the future because there's definitely a middle ground to be found.
-Andrew
-
2 votes
An error occurred while saving the comment Hi Anthony,
As much as we'd love to be everywhere, it's unfortunately a monumental lift to build out on top of a new provider.
Out of curiosity, are you using a DO region adjacent to any of our supported cloud provider regions? if so I wonder how the latency would be? It'd be great if we could get the magic of DO for the app tier coupled with Atlas for the data tier using existing building blocks.
-Andrew
-
4 votes
An error occurred while saving the comment Hi David,
Unfortunately at the TCP layer we will only see the source IP address of the request and not your domain.
However, please note that MongoDB Atlas requires security in depth including database level authentication on top of the IP Access List (we have already changed the name of this capability in the UI btw).
Selective IP Access List management is a best practice but many customers do open up to 0.0.0.0/0 and take care to ensure their database cluster passwords are securely managed.
Another option is to procure a static IP address or leverage VPC peering.
-Andrew
-
3 votes
An error occurred while saving the comment Hi Chai, Atlas supports webhook alerting, see https://docs.atlas.mongodb.com/tutorial/third-party-service-integrations/index.html#configure-the-third-party-integrations-you-want-to-enable
-
3 votes
An error occurred while saving the comment Good news: Atlas does this today when you restore into a cluster in the same Atlas Project with the exact same storage volume size as the snapshot!
-
8 votes
An error occurred while saving the comment Hi Christian,
Thanks for flagging this issue: We have a longer-term plan to revamp the expressiveness of our authorization system to better serve your use case.
Over the near term, one option to consider is to leverage cross-org billing (https://docs.atlas.mongodb.com/billing/index.html#cross-organization-billing) and give different teams or lines of business their own Atlas organizations: in this model your main org becomes the "Paying Org" and the others become "Linked Orgs". This offers you an org-level authorization boundary with consolidated billing. Note as well that you can actually move Projects between organizations if you're an Org Owner of both orgs.
Cheers
-Andrew -
1 vote
An error occurred while saving the comment Also worth noting that Atlas clusters (by default) auto-scale storage once the volume is 90% full
-
1 vote
An error occurred while saving the comment Hi Medicloq,
I'm sorry but this request is not clearly worded: Can you please try to clarify what you're asking for here?
Thank you
-Andrew -
2 votes
An error occurred while saving the comment Hi Cameron,
One "odd" thing about a collection in MongoDB is that the collection doesn't really exist when there's no data in it.
Out of curiosity, what's the overall challenge here; in other words why can't you just start inserting data back into the collection namespace and be on your way?
I have a feeling the issue may boil own to the index configuration on that collection: if so that does make some sense. Appreciate any more color you can provide.
Thanks
-Andrew -
36 votes
An error occurred while saving the comment The use of asymmetrical indexes across replicas in a cluster is not a supported configuration in modern versions of MongoDB.
Nevertheless it's certainly worth thinking about a future architecture that could support use cases with different workload and indexing requirements concurrently.
-
100 votes
An error occurred while saving the comment Hi Anton,
Can you elaborate on what you're asking here?
Thanks
-Andrew -
1 vote
An error occurred while saving the comment Hi Glenn,
As communicated to others in https://feedback.mongodb.com/forums/924145-atlas/suggestions/41578642-allow-customer-encryption-key-validation-time-inte
Please accept our apologies for the availability consequences of the Azure outage you mentioned: You have my commitment that we are making changes on our side so that the Azure outage you mentioned does *not* in future lead to Atlas cluster shutdown--we will instead treat transient errors like this differently.
-Andrew (VP Cloud Products)
-
5 votes
An error occurred while saving the comment Hi Jeyaraj,
Can you add some color on what use case you have in mind for tags: it's really valuable for us to understand use cases and goals to inform a path forward, whether that's by introducing new tagging options in the future or alternative ways of delivering to those same use cases.
Thanks a lot
-Andrew -
7 votes
An error occurred while saving the comment Guido, Victor,
Please accept our apologies for the availability consequences of the Azure outage you mentioned: You have my commitment that we are making changes on our side so that the Azure outage you mentioned does *not* in future lead to Atlas cluster shutdown--we will instead treat transient errors like this differently.
-Andrew (VP Cloud Products)
-
1 vote
An error occurred while saving the comment Hi Josh,
We're actively working on a path to this concept and will be excited to share details soon!
-Andrew and team
Hi Greg, I realize it's not what you're asking for but I do want to share that many users achieve this objective by managing programmatically via the Atlas API.
We'd love to introduce a more full featured experience for this in future.
-Andrew