Sit back, relax, switch on Atlas for Enterprise, and let us make your business more secure. Learn how to enable security features such as LDAP in minutes. Quickly analyze your data with popular analytics tools using the BI Connector. That's right folks, we can speak SQL too!
3. So… I got this letter today
To Whom It May Concern,
Our analytics team needs a database to run some numbers and do analysis stuff.
Highly Available, 3 Node, MongoDB Replica Set
TLS for all connections
LDAP authentication and authorization for 30,000 users
Database Auditing - ONLY authentication attempts must be logged
Encryption at Rest using our AWS KMS credentials
MySQL Shell Connectivity
Please configure the following before 11:15 AM on March 14th (or else):
8. Checklist:
Highly Available, 3 Node, MongoDB Replica Set
TLS for all connections
LDAP authentication and authorization for 30,000 users
Database Auditing - ONLY authentication attempts must be logged
Encryption at Rest using our AWS KMS credentials
MySQL Shell Connectivity
10. Checklist:
Highly Available, 3 Node, MongoDB Replica Set
TLS for all connections
LDAP authentication and authorization for 30,000 users
Database Auditing - ONLY authentication attempts must be logged
Encryption at Rest using our AWS KMS credentials
MySQL Shell Connectivity
11. LDAP Auth - Requirements
Authentication
1. Server Hostname
2. Server Port
3. Bind User Credentials
4. (Optional) CA Certificate for LDAP Server
5. (Optional) LDAP Query for Mapping
Authorization
1. An attribute to match to MongoDB Roles
2. An LDAP query to find these attributes
16. Checklist:
Highly Available, 3 Node, MongoDB Replica Set
TLS for all connections
LDAP authentication and authorization for 30,000 users
Database Auditing - ONLY authentication attempts must be logged
Encryption at Rest using our AWS KMS credentials
MySQL Shell Connectivity
20. Fort MongoDB Features
● TLS
● Database Auditing
● SSO via LDAP
● Wooden Palisades
Security assessment, so far
21. Checklist:
Highly Available, 3 Node, MongoDB Replica Set
TLS for all connections
LDAP authentication and authorization for 30,000 users
Database Auditing - ONLY authentication attempts must be logged
Encryption at Rest using our AWS KMS credentials
MySQL Shell Connectivity
22. Encryption at Rest - Requirements
Amazon KMS
1. IAM User
a. DescribeKey
b. Encrypt
c. Decrypt
2. Access Key
3. Access Secret
4. Region key will reside
5. AWS Customer Master Key (CMK)
Azure Key Vault
1. The Tenant ID (or Directory ID) for an Active Directory tenant.
2. The Client ID (or Application ID) w/ non-expired application
Password
3. The Resource Group name
a. Must have Owner Role in Resource Group
4. The Subscription ID and Key Vault Name of an Azure Key Vault.
5. The Key Vault must have the following Access Policies:
a. Key Management Operations
i. GET
ii. LIST
b. Cryptographic Operations
i. ENCRYPT
ii. DECRYPT
6. The Key Identifier for a key in the specified Azure Key Vault.
23. Checklist:
Highly Available, 3 Node, MongoDB Replica Set
TLS for all connections
LDAP authentication and authorization for 30,000 users
Database Auditing - ONLY authentication attempts must be logged
Encryption at Rest using our AWS KMS credentials
MySQL Shell Connectivity
25. Checklist:
Highly Available, 3 Node, MongoDB Replica Set
TLS for all connections
LDAP authentication and authorization for 30,000 users
Database Auditing - ONLY authentication attempts must be logged
Encryption at Rest using our AWS KMS credentials
MySQL Shell Connectivity
26. One More Message
To Whom It May Concern,
Thank you for setting up our MongoDB cluster on Atlas! We didn’t
think it was possible but here we are.
We’ll get you next time.
Regards,
- Management