MongoDB for Developers with Python Transcripts
Chapter: Course conclusion
Lecture: Lightning review: Deployments
0:00 After we had everything we needed for our database up and working,
0:02 our code was working, we said time to put this puppy in the cloud
0:06 and let people access it, so we talked about deployments.
0:09 Now, there's a couple of things we could do,
0:11 if you go to the MongoDB website and you pick the Linux deployment,
0:14 you pick your distribution, it actually has a lot of really clear steps,
0:17 like these are the steps that takes to use your package manager on Linux
0:20 to get MongoDB installed, and I recommend you to use the package manager
0:24 because then you get automatic updates, and things like that, it's really nice.
0:27 However, we also talked about the ways in which MongoDB is
0:31 maybe going to put you at risk,
0:33 let's say if you don't know what you're doing about configuring it,
0:37 so if you configure it to just listen on the open internet without say authentication,
0:40 you are just asking for some sort of punishment,
0:43 so there's a couple of things that we went through,
0:46 a very detailed set of here is how you limit network access on Ubuntu,
0:50 here is how you enable encryption, here's how you enable authentication, and so on,
0:55 so the checklist we went through was,
0:57 first thing to do is limit network exposure.
1:00 That was a couple of things, one we set up the firewall on Ubuntu,
1:04 if you want to use a cloud provider that's fine as well,
1:06 so we set up the firewall, we actually listened on a non default port
1:10 which we blocked by the firewall, and then we let the few servers in the world
1:16 that needed to talk to it back in by explicitly allowing in those ip addresses.
1:19 We enabled access control by creating an account
1:23 and go into the configuration and enforcing authentication, say it's required,
1:26 we added encrypted communication by creating
1:30 a self signed ssl certificates and then adding that in there,
1:34 you may consider adding encryption at rest as well,
1:37 so like the actual stuff on disc is encrypted,
1:41 we didn't go to that it wasn't really necessary for what we were doing.
1:44 You could audit what's happening on your server,
1:49 we didn't talk about that but it's pretty straightforward,
1:51 we also talked about how you can run backups,
1:54 I mentioned that you can do replication and some of these live backups
1:56 but you can also use Mongodump for reasonably small data,
2:00 not terabytes type of data but gigabytes, and that works pretty well as well,
2:05 we saw that we can even do that over our ssh, so back up, back up, back up.
2:09 Here's the whole security checklist that we talked about
2:13 you can go through and read all the ways do it,
2:15 or just go back and look at the various steps in the previous chapter's video.