Coming in 4.2 - Compression, Key Rotation and Configuration

Dj Walker-Morgan
July 11, 2019 | Updated: April 4, 2022
#MongoDB 4.2

MongoDB 4.2 isn't just about new features for developers. Some of the changes are designed specifically with MongoDB operators and administrators in mind. In this Coming In 4.2 article, we take a look at some of those changes including new compression options, ways to reduce maintenance time and new ways to configure your MongoDB server.

Zstd compression arrives

Zstd compression is coming to MongoDB 4.2. To put this in context, this is the third compression option supported by MongoDB. MongoDB already has support for snappy and zlib compression of data. Snappy is the current default compression, used by the Wired Tiger storage engine for block and journal compression and by the MongoDB server for client communications.

The thing with compression is that it is a tradeoff between how much CPU is used to perform the compression and how much that CPU work results in more compressed data. Snappy is very much the baseline for modern compression. The older alternative zlib compressor uses more CPU but can more effectively compress data. It has been available for MongoDB users who were prepared to accept that trade-off.

Zstandard, referred to as zstd, is a more modern compressor which offers higher compression rates while using less CPU compared to other compression algorithms. MongoDB 4.2 will continue to use snappy compression by default. Where a driver already supports zstd compression, for example the MongoDB 3.11 Java driver, its use can be enabled by the URI or programmatically.

Rotatable Keys

If you have configured a cluster to use keys to authenticate the nodes of a cluster or a sharded cluster, you'll also know that changing those keys has been a chore. MongoDB nodes, such as mongod and mongos previously only knew about one key, so to change the key, all the nodes would need to go down so a new key could be put in place and everything restarted.

That's no longer the case in MongoDB 4.2. Database nodes can now understand config files with multiple keys in them and use those multiple keys. This means that you can now update the database nodes so they have both the old and the new keys in their configuration files. Restarting each of the nodes will make them use both keys. Once done, it's a matter of updating nodes to so they only use the new key and restarting them. The cluster will stay up throughout this entire process.

There's more details on how to do this in the documentation, for replica sets and for sharded clusters.

Configuration Expansion

Keeping secrets in configuration files is always a tricky balancing act between ensuring the files are secure and ensuring the secrets are up to date. It's a balancing act that is going to be easier to manage in MongoDB 4.2 with the addition of Externally Sourced Configuration File Values. When activated, this feature allows config files to contain directives which can retrieve configuration values or entire configuration files from REST endpoints or executable processes.

It's easiest to show by example. Let's start with this configuration file:

storage:
  dbPath: "/var/lib/mongod/"
systemLog:
  destination: file
  path: "/var/log/mongod/mongod.log"
net:
  bindIp: 192.168.123.50,127.0.0.1
  tls:
    mode: requireTLS
    certificateKeyFile: "/etc/tls/mongod.pem"
    certificateKeyFilePassword: "MySecretPassword"

That password for the certificate file is there in plain sight. Ideally, you'd like to move that data to somewhere more centralized and secure. Let's use the __rest directive to move that password somewhere else.

net:
  bindIp: 192.168.123.50,127.0.0.1
  tls:
    mode: requireTLS
    certificateKeyFile: "/etc/tls/mongod.pem"
    certificateKeyFilePassword:
        __rest: "https://configserver.example.net/api/passwords/currentKeyPassword"
        type: "string"

Now, if we started up the server as normal, it would error out given this file. These new options only work if we include --configExpand "rest" in the command line when launching mongod or mongos. When we add that, when the server encounters that __rest directive it will do a GET on the given URL (which has to be https). It will then decode the result as a string as specified by the type option below it.

This all, of course, assumes that you have a REST API server at that URL that will respond appropriately; that is left as an exercise for the system integrator.

The type option can also be yaml allowing a whole set of settings and values to be returned. This opens the way to retrieving the entire configuration file from a REST endpoint.

__rest: "https://configserver.example.net/api/config/fullConfig"
type: "yaml"

There's also the __exec directive which takes a command rather than a URL. The command will be executed locally to obtain the required value or values.

There's another new command line option, --outputConfig which when added to the command line for a mongod or mongos which already has a --configExpand in it, will run through all the directive expansions and then exit, after outputting the config file the server would start working. This allows you the chance to verify those expansions directives are working as expected.

The ability to expand configuration directives with REST retrieved and process generated values opens the way for a whole range of different integrations and we're looking forward to see how users put this to work.

← Previous

Introducing the MongoDB Enterprise Operator for Kubernetes

Today more DevOps teams are leveraging the power of containerization and technologies like Kubernetes to manage containerized database clusters. To support teams building cloud-native apps with Kubernetes, MongoDB has made the MongoDB Enterprise Operator for Kubernetes generally available.

July 10, 2019
Next →

Accelerating to T+1 - Have You Got the Speed and Agility Required to Meet the Deadline?

On May 28, 2024, the Securities and Exchange Commission (SEC) will implement a move to a T+1 settlement for standard securities trades , shortening the settlement period from 2 business days after the trade date to one business day. The change aims to address market volatility and reduce credit and settlement risk. The shortened T+1 settlement cycle can potentially decrease market risks, but most firms' current back-office operations cannot handle this change. This is due to several challenges with existing systems, including: Manual processes will be under pressure due to the shortened settlement cycle Batch data processing will not be feasible To prepare for T+1, firms should take urgent action to address these challenges: Automate manual processes to streamline them and improve operational efficiency Event-based real-time processing should replace batch processing for faster settlement In this blog, we will explore how MongoDB can be leveraged to accelerate manual process automation and replace batch processes to enable faster settlement. What is a T+1 and T+2 settlement? T+1 settlement refers to the practice of settling transactions executed before 4:30pm on the following trading day. For example, if a transaction is executed on Monday before 4:30 pm, the settlement will occur on Tuesday. This settlement process involves the transfer of securities and/or funds from the seller's account to the buyer's account. This contrasts with the T+2 settlement, where trades are settled two trading days after the trade date. According to SEC Chair Gary Gensler , “T+1 is designed to benefit investors and reduce the credit, market, and liquidity risks in securities transactions faced by market participants.” Overcoming T+1 transition challenges with MongoDB: Two unique solutions 1. The multi-cloud developer data platform accelerates manual process automation Legacy settlement systems may involve manual intervention for various tasks, including manual matching of trades, manual input of settlement instructions, allocation emails to brokers, reconciliation of trade and settlement details, and manual processing of paper-based documents. These manual processes can be time-consuming and prone to errors. MongoDB (Figure 1 below) can help accelerate developer productivity in several ways: Easy to use: MongoDB is designed to be easy to use, which can reduce the learning curve for developers who are new to the database. Flexible data model: Allows developers to store data in a way that makes sense for their application. This can help accelerate development by reducing the need for complex data transformations or ORM mapping. Scalability: MongoDB is highly scalable , which means it can handle large volumes of trade data and support high levels of concurrency. Rich query language: Allows developers to perform complex queries without writing much code. MongoDB's Apache Lucene-based search can also help screen large volumes of data against sanctions and watch lists in real-time. Figure 1: MongoDB's developer data platform Discover the developer productivity calculator . Developers spend 42% of their work week on maintenance and technical debt. How much does this cost your organization? Calculate how much you can save by working with MongoDB. 2. An operational trade store to replace slow batch processing Back-office technology teams face numerous challenges when consolidating transaction data due to the complexity of legacy batch ETL and integration jobs. Legacy databases have long been the industry standard but are not optimal for post-trade management due to limitations such as rigid schema, difficulty in horizontal scaling, and slow performance. For T+1 settlement, it is crucial to have real-time availability of consolidated positions across assets, geographies, and business lines. It is important to note that the end of the batch cycle will not meet this requirement. As a solution, MongoDB customers use an operational trade data store (ODS) to overcome these challenges for real-time data sharing. By using an ODS, financial firms can improve their operational efficiency by consolidating transaction data in real-time. This allows them to streamline their back-office operations, reduce the complexity of ETL and integration processes, and avoid the limitations of relational databases. As a result, firms can make faster, more informed decisions and gain a competitive edge in the market. Using MongoDB (Figure 2 below), trade desk data is copied into an ODS in real-time through change data capture (CDC), creating a centralized trade store that acts as a live source for downstream trade settlement and compliance systems. This enables faster settlement times, improves data quality and accuracy, and supports full transactionality. As the ODS evolves, it becomes a "system of record/golden source" for many back office and middle office applications, and powers AI/ML-based real-time fraud prevention applications and settlement risk failure systems. Figure 2: Centralized Trade Data Store (ODS) Managing trade settlement risk failure is critical in driving efficiency across the entire securities market ecosystem. Luckily, MongoDB integration capabilities (Figure 3 below) with modern AI and ML platforms enable banks to develop AI/ML models that make managing potential trade settlement fails much more efficient from a cost, time, and quality perspective. Additionally, predictive analytics allow firms to project availability and demand and optimize inventories for lending and borrowing. Figure 3: Event-driven application for real time monitoring Summary Financial institutions face significant challenges in reducing settlement duration from two business days (T+2) to one (T+1), particularly when it comes to addressing the existing back-office issues. However, it's crucial for them to achieve this goal within a year as required by the SEC. This blog highlights how MongoDB's developer data platform can help financial institutions automate manual processes and adopt a best practice approach to replace batch processes with a real-time data store repository (ODS). With the help of MongoDB's developer data platform and best practices, financial institutions can achieve operational excellence and meet the SEC's T+1 settlement deadline on May 28, 2024. In the event of T+0 settlement cycles becoming a reality, institutions with the most flexible data platform will be better equipped to adjust. Top banks in the industry are already adopting MongoDB's developer data platform to modernize their infrastructure, leading to reduced time-to-market, lower total cost of ownership, and improved developer productivity. Looking to learn more about how you can modernize or what MongoDB can do for you? Zero downtime migrations using MongoDB’s flexible schema Accelerate your digital transformation with these 5 Phases of Banking Modernization Reduce time-to-market for your customer lifecycle management applications MongoDB’s financial services hub

May 25, 2023