MongoDB introduces new capabilities that change the way micro-services interact with the database, capabilities that are either absent or exist only partially in high-end commercial databases such as Oracle. In this session I will share from my experiences building a cloud-based, multi-tenant SaaS application with extreme security requirements. We will cover topics including considerations for storing multi-tenant data in the database, best practices for authentication and authorization, and performance considerations specific to security in MongoDB.
Distributed denial of service (DDoS) can have an impact on the availability, security and resources consumption for your web application. AWS Web Application Firewall and AWS Shield allow to protect web applications from these attacks.
For customers with hundreds or thousands of secrets, like database credentials and API keys, manually rotating and managing access to those secrets can be complex and cause application disruptions. AWS Secrets Manager protects access to your IT resources by enabling you to easily and centrally rotate and manage access to secrets. In this session, we explore the benefits and key features of Secrets Manager. We demonstrate how to safely rotate secrets, manage access to secrets with fine-grained access policies, and centrally secure and audit your secrets.
Distributed denial of service (DDoS) can have an impact on the availability, security and resources consumption for your web application. AWS Web Application Firewall and AWS Shield allow to protect web applications from these attacks.
For customers with hundreds or thousands of secrets, like database credentials and API keys, manually rotating and managing access to those secrets can be complex and cause application disruptions. AWS Secrets Manager protects access to your IT resources by enabling you to easily and centrally rotate and manage access to secrets. In this session, we explore the benefits and key features of Secrets Manager. We demonstrate how to safely rotate secrets, manage access to secrets with fine-grained access policies, and centrally secure and audit your secrets.
Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity in the Amazon Web Services (AWS) cloud
Can use Amazon EC2 to launch as many or as few virtual servers as you need, configure security and networking, and manage storage
Amazon EC2 enables you to scale up or down to handle changes in requirements or spikes in popularity, reducing your need to forecast traffic
AWS WAF is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. AWS WAF gives you control over which traffic to allow or block to your web applications by defining customizable web security rules. You can use AWS WAF to create custom rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that are designed for your specific application. New rules can be deployed within minutes, letting you respond quickly to changing traffic patterns. Also, AWS WAF includes a full-featured API that you can use to automate the creation, deployment, and maintenance of web security rules.
Presented by: Alessandro Esposito, Cloudfront Account Manager, Amazon Web Services
AWS IAM Tutorial | Identity And Access Management (IAM) | AWS Training Videos...Edureka!
In this edureka tutorial, we will show you how to use the AWS IAM service to secure your AWS account and the application that you will be connecting to it.
Below are the topics we will cover in this tutorial:
1. Why do we need Access Management?
2. What is AWS IAM?
3. Components of IAM
4. Multi-Factor Authentication
5. Hands-on
Identity and Access Management: The First Step in AWS SecurityAmazon Web Services
Identity and Access Management (IAM) is first step towards AWS cloud adoption because in the cloud, first you grant access and only then can you provision infrastructure (the opposite approach of on-premises). In this session, you will learn how to define fine-grained access to AWS resources via users, roles, and groups; design privileged user and multi-factor authentication mechanisms; and operate IAM at scale.
Level: 100
Speaker: Don Edwards - Sr. Technical Delivery Manager, AWS
Best Practices for Amazon S3 and Amazon Glacier (STG203-R2) - AWS re:Invent 2018Amazon Web Services
Learn best practices for Amazon S3 performance optimization, security, data protection, storage management, and much more. In this session, we look at common Amazon S3 use cases and ways to manage large volumes of data within Amazon S3. We discuss the latest performance improvements and how they impact previous guidance. We also talk about the Amazon S3 data resilience model and how architecture for the AWS Regions and Availability Zones impact architecture for fault tolerance.
An overview of one of the worlds largest content delivery networks, how it is used for accerlation of websites and applications for dynamic and static content. We will cover recent feature additions including integration of the new AWS WAF and other security features.
Do you want to run your code without the cost and effort of provisioning and managing servers? Find out how in this deep dive session on AWS Lambda, which allows you to run code for virtually any type of application or back end service – all with zero administration. During the session, we’ll look at a number of key AWS Lambda features and benefits, including automated application scaling with high availability; pay-as-you-consume billing; and the ability to automatically trigger your code from other AWS services or from any web or mobile app.
AWS offers a variety of data migration services and tools to help you easily and rapidly move everything from gigabytes to petabytes of data. We can provide guidance and methodologies to help you find the right service or tool to fit your requirements, and we share examples of customers who have used these options in their cloud journey.
Come learn about new and existing Amazon S3 features that can help you better protect your data, save on cost, and improve usability, security, and performance. We will cover a wide variety of Amazon S3 features and go into depth on several newer features with configuration and code snippets, so you can apply the learnings on your object storage workloads.
Learn about AWS Managed Services and SaaS Partner Programs that provide partners with business and technical enablement on AWS. As more customers move mission-critical workloads to the cloud, there is increasing demand for Managed Service Providers to help customers migrate and operate those customer environments on an ongoing basis. Software-as-a-Service (SaaS) is quickly becoming the prevalent model for deploying software to business customers. The AWS SaaS Partner Program provides APN Partners with support as they build, launch, and grow SaaS solutions on AWS. This session will provide you all the information you need to know to get started in the MSP and SaaS Partner Programs.
Dive into the details of AWS CloudWatch & AWS CloudTrail features, Usage of AWS CloudWatch for AWS Services Monitoring and Custom Application monitoring, Usage of AWS CloudTrail for AWS Account Monitoring and the role of these services in centralized logging
Securing Your Enterprise Web Apps with MongoDB Enterprise MongoDB
Speaker: Jay Runkel, Principal Solution Architect, MongoDB
Level: 200 (Intermediate)
Track: Operations
When architecting a MongoDB application, one of the most difficult questions to answer is how much hardware (number of shards, number of replicas, and server specifications) am I going to need for an application. Similarly, when deploying in the cloud, how do you estimate your monthly AWS, Azure, or GCP costs given a description of a new application? While there isn’t a precise formula for mapping application features (e.g., document structure, schema, query volumes) into servers, there are various strategies you can use to estimate the MongoDB cluster sizing. This presentation will cover the questions you need to ask and describe how to use this information to estimate the required cluster size or cloud deployment cost.
What You Will Learn:
- How to architect a sharded cluster that provides the required computing resources while minimizing hardware or cloud computing costs
- How to use this information to estimate the overall cluster requirements for IOPS, RAM, cores, disk space, etc.
- What you need to know about the application to estimate a cluster size
Percona Live 2021 - MongoDB Security FeaturesJean Da Silva
When we speak about security, the actual reality is that companies need to comply with multiples frameworks and regulations, and assessing which rules apply to each organization is no easy feat.
Over the talk, we will revisit the security feature we can implement in the #MongoDB environment. The aim is to provide further information on what you can use to help your company with future security implementations.
The topics presented will be:
* Authentication
* Authorization
* TLS/SSL
* External Authentication
* Auditing
* Log Redaction
* Encryption – Data at Rest and Client Field Encryption.
Speaker: Jean da Silva – Percona
Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity in the Amazon Web Services (AWS) cloud
Can use Amazon EC2 to launch as many or as few virtual servers as you need, configure security and networking, and manage storage
Amazon EC2 enables you to scale up or down to handle changes in requirements or spikes in popularity, reducing your need to forecast traffic
AWS WAF is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. AWS WAF gives you control over which traffic to allow or block to your web applications by defining customizable web security rules. You can use AWS WAF to create custom rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that are designed for your specific application. New rules can be deployed within minutes, letting you respond quickly to changing traffic patterns. Also, AWS WAF includes a full-featured API that you can use to automate the creation, deployment, and maintenance of web security rules.
Presented by: Alessandro Esposito, Cloudfront Account Manager, Amazon Web Services
AWS IAM Tutorial | Identity And Access Management (IAM) | AWS Training Videos...Edureka!
In this edureka tutorial, we will show you how to use the AWS IAM service to secure your AWS account and the application that you will be connecting to it.
Below are the topics we will cover in this tutorial:
1. Why do we need Access Management?
2. What is AWS IAM?
3. Components of IAM
4. Multi-Factor Authentication
5. Hands-on
Identity and Access Management: The First Step in AWS SecurityAmazon Web Services
Identity and Access Management (IAM) is first step towards AWS cloud adoption because in the cloud, first you grant access and only then can you provision infrastructure (the opposite approach of on-premises). In this session, you will learn how to define fine-grained access to AWS resources via users, roles, and groups; design privileged user and multi-factor authentication mechanisms; and operate IAM at scale.
Level: 100
Speaker: Don Edwards - Sr. Technical Delivery Manager, AWS
Best Practices for Amazon S3 and Amazon Glacier (STG203-R2) - AWS re:Invent 2018Amazon Web Services
Learn best practices for Amazon S3 performance optimization, security, data protection, storage management, and much more. In this session, we look at common Amazon S3 use cases and ways to manage large volumes of data within Amazon S3. We discuss the latest performance improvements and how they impact previous guidance. We also talk about the Amazon S3 data resilience model and how architecture for the AWS Regions and Availability Zones impact architecture for fault tolerance.
An overview of one of the worlds largest content delivery networks, how it is used for accerlation of websites and applications for dynamic and static content. We will cover recent feature additions including integration of the new AWS WAF and other security features.
Do you want to run your code without the cost and effort of provisioning and managing servers? Find out how in this deep dive session on AWS Lambda, which allows you to run code for virtually any type of application or back end service – all with zero administration. During the session, we’ll look at a number of key AWS Lambda features and benefits, including automated application scaling with high availability; pay-as-you-consume billing; and the ability to automatically trigger your code from other AWS services or from any web or mobile app.
AWS offers a variety of data migration services and tools to help you easily and rapidly move everything from gigabytes to petabytes of data. We can provide guidance and methodologies to help you find the right service or tool to fit your requirements, and we share examples of customers who have used these options in their cloud journey.
Come learn about new and existing Amazon S3 features that can help you better protect your data, save on cost, and improve usability, security, and performance. We will cover a wide variety of Amazon S3 features and go into depth on several newer features with configuration and code snippets, so you can apply the learnings on your object storage workloads.
Learn about AWS Managed Services and SaaS Partner Programs that provide partners with business and technical enablement on AWS. As more customers move mission-critical workloads to the cloud, there is increasing demand for Managed Service Providers to help customers migrate and operate those customer environments on an ongoing basis. Software-as-a-Service (SaaS) is quickly becoming the prevalent model for deploying software to business customers. The AWS SaaS Partner Program provides APN Partners with support as they build, launch, and grow SaaS solutions on AWS. This session will provide you all the information you need to know to get started in the MSP and SaaS Partner Programs.
Dive into the details of AWS CloudWatch & AWS CloudTrail features, Usage of AWS CloudWatch for AWS Services Monitoring and Custom Application monitoring, Usage of AWS CloudTrail for AWS Account Monitoring and the role of these services in centralized logging
Securing Your Enterprise Web Apps with MongoDB Enterprise MongoDB
Speaker: Jay Runkel, Principal Solution Architect, MongoDB
Level: 200 (Intermediate)
Track: Operations
When architecting a MongoDB application, one of the most difficult questions to answer is how much hardware (number of shards, number of replicas, and server specifications) am I going to need for an application. Similarly, when deploying in the cloud, how do you estimate your monthly AWS, Azure, or GCP costs given a description of a new application? While there isn’t a precise formula for mapping application features (e.g., document structure, schema, query volumes) into servers, there are various strategies you can use to estimate the MongoDB cluster sizing. This presentation will cover the questions you need to ask and describe how to use this information to estimate the required cluster size or cloud deployment cost.
What You Will Learn:
- How to architect a sharded cluster that provides the required computing resources while minimizing hardware or cloud computing costs
- How to use this information to estimate the overall cluster requirements for IOPS, RAM, cores, disk space, etc.
- What you need to know about the application to estimate a cluster size
Percona Live 2021 - MongoDB Security FeaturesJean Da Silva
When we speak about security, the actual reality is that companies need to comply with multiples frameworks and regulations, and assessing which rules apply to each organization is no easy feat.
Over the talk, we will revisit the security feature we can implement in the #MongoDB environment. The aim is to provide further information on what you can use to help your company with future security implementations.
The topics presented will be:
* Authentication
* Authorization
* TLS/SSL
* External Authentication
* Auditing
* Log Redaction
* Encryption – Data at Rest and Client Field Encryption.
Speaker: Jean da Silva – Percona
Low Hanging Fruit, Making Your Basic MongoDB Installation More SecureMongoDB
Your MongoDB Community Edition database can probably be a lot more secure than it is today, since Community Edition provides a wide range of capabilities for securing your system, and you are probably not using them all. If you are worried about cyber-threats, take action reduce your anxiety!
Cloud computing transforms the way we can store, process and share our data. New applications and workloads are growing rapidly, which brings every day more sensitive data into the conversation about risk and what constitutes natural targets for bad actors. This presentation reflects on current best practices to address the most significant security concerns for sensitive data in the cloud, and offers participants a list of steps to achieve enterprise-grade safety with MongoDB deployments among the expanding service provider options.
Learn from the dozens of large-scale deployments how to get the most out of your Kubernetes environment:
- Container images optimization
- Organizing namespaces
- Readiness and Liveness probes
- Resource requests and limits
- Failing with grace
- Mapping external services
- Upgrading clusters with zero downtime
Security is more critical than ever with new computing environments in the cloud and expanding access to the Internet. There are a number of security protection mechanisms available for MongoDB to ensure you have a stable and secure architecture for your deployment. We'll walk through general security threats to databases and specifically how they can be mitigated for MongoDB deployments.
AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configur...Amazon Web Services
In this series of 15-minute technical flash talks you will learn directly from Amazon CloudFront engineers and their best practices on debugging caching issues, measuring performance using Real User Monitoring (RUM), and stopping malicious viewers using CloudFront and AWS WAF.
We're building a storage engine for MongoDB that provides encryption at rest. When we first set out to do this, the questions were many: how do you protect database encryption keys in a distributed environment, where all the code is open source? Can you optimize performance despite the extra steps of encryption and decryption? And most importantly, how do you make the protection mechanisms easy-to-use yet secure? This talk covers the requirements we gathered, the issues we faced, and the design decisions we made. It is aimed at those interested in security, storage engines, and the engineering process.
Speaker: Tom Spitzer, Vice President, Engineering, EC Wise, Inc.
Session Type: 40 minute main track session
Level: 200 (Intermediate)
Track: Security
MongoDB Community Server provides a wide range of capabilities for securing your MongoDB installation. In this session, we will focus on access control features, including authentication and authorization mechanisms, that enable you to enforce a least privilege model on user accounts. We will also discuss strategies for enabling and maintaining service and application accounts. Next we will present the encryption capabilities that are available in the community edition and discuss their benefits and possible shortcomings. Finally, we will talk about application level protections your developers can implement to keep risky code from getting to your MongoDB instance.
What You Will Learn:
- The workings of the MongoDB User Management Interface, the Authentication Database, basic Authentication mechanisms (SCRAM-SHA-1 and certificates), Roles, and Role Based Access controls – plus best practices for using these features to improve the security of your database.
- How to use TLS/SSL for transport encryption, application encryption options, and field level redaction.
- How injection attacks work and how to minimize the risk of injection attacks.
Securing Big Data at rest with encryption for Hadoop, Cassandra and MongoDB o...Big Data Spain
This session shows how to secure different Big Data sensitive data items such as log files, metastore databases, control files, config files, data directories or data files for different Big Data technologies.
As Hadoop, MongoDB, Cassandra and other massively distributed Big Data stores grow in popularity, so too does the volume of sensitive regulatory data that gets captured for analysis. Cloudera Navigator Encrypt gives peace of mind, knowing the sensitive information used to run massive-scale queries and analytics is secure. Navigator Encrypt works as a last line of defense for protecting data, by providing a transparent layer between the application and file system and securing information as it gets written to disk, ensuring minimal performance lag in the encryption or decryption process. The solution also includes robust key management and process-based access controls, while simultaneously preventing admins or super users like root from accessing data that they don’t need to see allowing users to store their cryptographic keys separate from the encrypted data.
Session presented at Big Data Spain 2015 Conference
15th Oct 2015
Kinépolis Madrid
http://www.bigdataspain.org
Event promoted by: http://www.paradigmatecnologico.com
Abstract: http://www.bigdataspain.org/program/thu/slot-13.html
A presentation on how applying Cloud Architecture Patterns using Docker Swarm as orchestrator is possible to create reliable, resilient and scalable FIWARE platforms.
Monitoring in Motion: Monitoring Containers and Amazon ECSAmazon Web Services
Containers and other forms of dynamic infrastructure can prove challenging to monitor. How do you define normal, when your infrastructure is intentionally in motion and change from minute to minute? Join us as we discuss proven strategies for monitoring your containerized infrastructure on AWS and ECS.
FIWARE Wednesday Webinars - How to Debug IoT AgentsFIWARE
How to Debug IoT Agents Webinar - 17th April 2019
Corresponding webinar recording: https://youtu.be/FRqJsywi9e8
Chapter: IoT Agents
Difficulty: 3
Audience: Any Technical
Presenter: Jason Fox (Senior Technical Evangelist, FIWARE Foundation)
How to debug IoT Agents - investigating what goes wrong and how to fix it.
MongoDB SoCal 2020: Migrate Anything* to MongoDB AtlasMongoDB
During this talk we'll navigate through a customer's journey as they migrate an existing MongoDB deployment to MongoDB Atlas. While the migration itself can be as simple as a few clicks, the prep/post effort requires due diligence to ensure a smooth transfer. We'll cover these steps in detail and provide best practices. In addition, we’ll provide an overview of what to consider when migrating other cloud data stores, traditional databases and MongoDB imitations to MongoDB Atlas.
MongoDB SoCal 2020: Go on a Data Safari with MongoDB Charts!MongoDB
These days, everyone is expected to be a data analyst. But with so much data available, how can you make sense of it and be sure you're making the best decisions? One great approach is to use data visualizations. In this session, we take a complex dataset and show how the breadth of capabilities in MongoDB Charts can help you turn bits and bytes into insights.
MongoDB SoCal 2020: Using MongoDB Services in Kubernetes: Any Platform, Devel...MongoDB
MongoDB Kubernetes operator and MongoDB Open Service Broker are ready for production operations. Learn about how MongoDB can be used with the most popular container orchestration platform, Kubernetes, and bring self-service, persistent storage to your containerized applications. A demo will show you how easy it is to enable MongoDB clusters as an External Service using the Open Service Broker API for MongoDB
MongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDBMongoDB
Are you new to schema design for MongoDB, or are you looking for a more complete or agile process than what you are following currently? In this talk, we will guide you through the phases of a flexible methodology that you can apply to projects ranging from small to large with very demanding requirements.
MongoDB SoCal 2020: From Pharmacist to Analyst: Leveraging MongoDB for Real-T...MongoDB
Humana, like many companies, is tackling the challenge of creating real-time insights from data that is diverse and rapidly changing. This is our journey of how we used MongoDB to combined traditional batch approaches with streaming technologies to provide continues alerting capabilities from real-time data streams.
MongoDB SoCal 2020: Best Practices for Working with IoT and Time-series DataMongoDB
Time series data is increasingly at the heart of modern applications - think IoT, stock trading, clickstreams, social media, and more. With the move from batch to real time systems, the efficient capture and analysis of time series data can enable organizations to better detect and respond to events ahead of their competitors or to improve operational efficiency to reduce cost and risk. Working with time series data is often different from regular application data, and there are best practices you should observe.
This talk covers:
Common components of an IoT solution
The challenges involved with managing time-series data in IoT applications
Different schema designs, and how these affect memory and disk utilization – two critical factors in application performance.
How to query, analyze and present IoT time-series data using MongoDB Compass and MongoDB Charts
At the end of the session, you will have a better understanding of key best practices in managing IoT time-series data with MongoDB.
Join this talk and test session with a MongoDB Developer Advocate where you'll go over the setup, configuration, and deployment of an Atlas environment. Create a service that you can take back in a production-ready state and prepare to unleash your inner genius.
MongoDB .local San Francisco 2020: Powering the new age data demands [Infosys]MongoDB
Our clients have unique use cases and data patterns that mandate the choice of a particular strategy. To implement these strategies, it is mandatory that we unlearn a lot of relational concepts while designing and rapidly developing efficient applications on NoSQL. In this session, we will talk about some of our client use cases, the strategies we have adopted, and the features of MongoDB that assisted in implementing these strategies.
MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2MongoDB
Encryption is not a new concept to MongoDB. Encryption may occur in-transit (with TLS) and at-rest (with the encrypted storage engine). But MongoDB 4.2 introduces support for Client Side Encryption, ensuring the most sensitive data is encrypted before ever leaving the client application. Even full access to your MongoDB servers is not enough to decrypt this data. And better yet, Client Side Encryption can be enabled at the "flick of a switch".
This session covers using Client Side Encryption in your applications. This includes the necessary setup, how to encrypt data without sacrificing queryability, and what trade-offs to expect.
MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...MongoDB
MongoDB Kubernetes operator is ready for prime-time. Learn about how MongoDB can be used with most popular orchestration platform, Kubernetes, and bring self-service, persistent storage to your containerized applications.
MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!MongoDB
These days, everyone is expected to be a data analyst. But with so much data available, how can you make sense of it and be sure you're making the best decisions? One great approach is to use data visualizations. In this session, we take a complex dataset and show how the breadth of capabilities in MongoDB Charts can help you turn bits and bytes into insights.
MongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your MindsetMongoDB
When you need to model data, is your first instinct to start breaking it down into rows and columns? Mine used to be too. When you want to develop apps in a modern, agile way, NoSQL databases can be the best option. Come to this talk to learn how to take advantage of all that NoSQL databases have to offer and discover the benefits of changing your mindset from the legacy, tabular way of modeling data. We’ll compare and contrast the terms and concepts in SQL databases and MongoDB, explain the benefits of using MongoDB compared to SQL databases, and walk through data modeling basics so you feel confident as you begin using MongoDB.
MongoDB .local San Francisco 2020: MongoDB Atlas JumpstartMongoDB
Join this talk and test session with a MongoDB Developer Advocate where you'll go over the setup, configuration, and deployment of an Atlas environment. Create a service that you can take back in a production-ready state and prepare to unleash your inner genius.
MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...MongoDB
Query performance should be the unsung hero of an application, but without proper configuration, can become a constant headache. When used properly, MongoDB provides extremely powerful querying capabilities. In this session, we'll discuss concepts like equality, sort, range, managing query predicates versus sequential predicates, and best practices to building multikey indexes.
MongoDB .local San Francisco 2020: Aggregation Pipeline Power++MongoDB
Aggregation pipeline has been able to power your analysis of data since version 2.2. In 4.2 we added more power and now you can use it for more powerful queries, updates, and outputting your data to existing collections. Come hear how you can do everything with the pipeline, including single-view, ETL, data roll-ups and materialized views.
MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...MongoDB
Are you new to schema design for MongoDB, or are you looking for a more complete or agile process than what you are following currently? In this talk, we will guide you through the phases of a flexible methodology that you can apply to projects ranging from small to large with very demanding requirements.
MongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep DiveMongoDB
MongoDB Atlas Data Lake is a new service offered by MongoDB Atlas. Many organizations store long term, archival data in cost-effective storage like S3, GCP, and Azure Blobs. However, many of them do not have robust systems or tools to effectively utilize large amounts of data to inform decision making. MongoDB Atlas Data Lake is a service allowing organizations to analyze their long-term data to discover a wealth of information about their business.
This session will take a deep dive into the features that are currently available in MongoDB Atlas Data Lake and how they are implemented. In addition, we'll discuss future plans and opportunities and offer ample Q&A time with the engineers on the project.
MongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & GolangMongoDB
Virtual assistants are becoming the new norm when it comes to daily life, with Amazon’s Alexa being the leader in the space. As a developer, not only do you need to make web and mobile compliant applications, but you need to be able to support virtual assistants like Alexa. However, the process isn’t quite the same between the platforms.
How do you handle requests? Where do you store your data and work with it to create meaningful responses with little delay? How much of your code needs to change between platforms?
In this session we’ll see how to design and develop applications known as Skills for Amazon Alexa powered devices using the Go programming language and MongoDB.
MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...MongoDB
aux Core Data, appréciée par des centaines de milliers de développeurs. Apprenez ce qui rend Realm spécial et comment il peut être utilisé pour créer de meilleures applications plus rapidement.
MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...MongoDB
Il n’a jamais été aussi facile de commander en ligne et de se faire livrer en moins de 48h très souvent gratuitement. Cette simplicité d’usage cache un marché complexe de plus de 8000 milliards de $.
La data est bien connu du monde de la Supply Chain (itinéraires, informations sur les marchandises, douanes,…), mais la valeur de ces données opérationnelles reste peu exploitée. En alliant expertise métier et Data Science, Upply redéfinit les fondamentaux de la Supply Chain en proposant à chacun des acteurs de surmonter la volatilité et l’inefficacité du marché.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
First a little bit about myself, some numbers and data about me, they all true and tell something, after all I’ve been with data and databases my entire life…….
Data velocity is moderate not high...
Agile – there is no other way!
I’m not a guy that is afraid of complex databases but
Application enable optimistic locking, no need for database (pessimistic) locks
No updates, always inserts with versions
Incidents... We used to be all about resiliency, stability - but so many things have happened, so many incidents – security is a must...
Threats are there. Things will go wrong. These are mere examples…
Analyze the perpetual trade off between performance and security
One leaked password would compromise data of one tenant and not the entire data set, as data is really isolated.
One impersonation will expose 1 tenant
One bug of a developer, will cause damage to one tenant
Hardeninig?
We are a multi tenant application, there is an opportunity to enjoy good economics and share resources, but we need to maintain security, which is better with isolation
The x.509 client authentication allows clients to authenticate to servers with certificates rather than with a username and password.
Rest: If I, Cisco, was reckless and lost the drive, the thief will have to work very hard to decrypt one tenant’s data! Others are completely isolated and protected
A database is a file in the filesystem by default
From mongo docs:
Use this option in conjunction with your file system and device configuration so that MongoDB will store data on a number of distinct disk devices to increase write throughput or disk capacity.
Flight: new in 2.6
So this means I need to connect with a diff cert for every user…..
sslMode = <disabled|allowSSL|preferSSL|requireSSL>
In other words, this put the sole security responsibility on application server, and made the database completely blind.
That way, it was possible to create a pool of connections authenticated by a generic "appserver" but now this generic user has no data access privileges! Only privileges it had is to other users such as ”Foo" or ”Bar" which had their own RBAC permissions and their actions in the database were audited with the user name.
This is a neat feature, I have used it quite a bit when in multi-tenant applications when high security and tenant data isolation was required. More about this feature here:
Creating a new connection between a client and the database is a heavy operation as it involves networking stuff, several roundtrips, driver client-server (+SSL?) handshake, server-side thread management, etc.
Traditional databases such as MySQL, PostgreSQL and Oracle - all require authentication as part of the creation of the connection.
To avoid the expensive price of frequent creating and closing database connections Backend applications, create and maintain a pool of reusable connections to be handed to arbitrary worker threads to access the database
The only alternative to create those generic pooled connections was to authenticate them with some generic credentials (let's call is "appserver" user) that would have full privileges to all data
This would immediately expose the entire data in the database, and eliminate any security such as RBAC or audit in the data and database level
In it's version 9, Oracle introduced a mechanism called "proxy authentication”, allowing generic authentication for all pooled connections, but re-authentication on that same connection in context
I got lucky. Not really, MongoDB helped a lot, being designed from the ground up for this.
I ran a benchmark that created a MongoTemplate with a borrowed connection from the pool
For a comparison, I added a standard read call of a document from the database
(Both require a roundtrip to the database, authentication is hypothesized to be lighter as it does not involve parsing, data access)
The benchmark tested serial random context switches between 5 tenants
I also tested the times of creating and closing a client connection to MongoDB
To make sure the authentication context switching does not really reconnect the DB
As a comparison between connection creation and authentication
I stopped after 1000 repetitions…
Pooled long lived connections are blank
Authenticated just upon use,
There is no way a connection from the appserver can access all data set. Always a single tenant. Other data is just not available, even in case of a bug or an exploit of a vulnerability in the system…
But what about performance‽
Every worker thread must ask a database connection from a common infrastructure
This common infrastructure would:
Examine the security context of this thread and the injected principal
Borrow a connection from the pool, authenticate it with the current tenant
Hand it over to the requesting worker thread
When done, the worker thread discards this authenticated connection
A blank connection is returned to the pool
Sure it’s easy! When I have different users connecting to the DB. When I have the database being aware to whoever is now connected, authorization (and also audit BTW) are a breeze!
MongoDB does not enable authorization by default. You can enable authorization using the --auth or the --keyFile options, or if using a configuration file, with the security.authorization or the security.keyFile settings
These auditing guarantees require that MongoDB run with journaling enabled.