How to Set Up SSL With Automation

MongoDB
July 14, 2015
#Cloud

Cloud Manager supports advanced security configuration options such as SSL, Kerberos, LDAP or X.509. SSL can be used by all Cloud Manager users, while Kerberos, LDAP, and X.509 authentication are for MongoDB Enterprise builds only. In this blog post, we will explain how to setup SSL with Automation. Here’s how to get started:

  1. Login to Cloud Manager and browse to the Deployment tab.
  2. In the “…” button, next to the green Add button, choose “Authentication & SSL Settings” ... Menu
  3. Click Next to configure SSL
  4. Click the Enable SSL button Enable SSL
  5. Enter the path on your server for the CA File. This CA file should contain the Certificates, in PEM format, for Issuer of the Certificates being used by MongoDB (the sslPEMKeyFile).
      • (NOTE: the file should be manually placed on the server before proceeding).
  6. Choose client certificate mode “optional” or “required”
      • Optional: mongod and mongos process are started with both the net.ssl.CAFile and net.ssl.allowConnectionsWithoutCertificates options. As such, the mongo shell and drivers need not possess client certificates.
      • Required: mongod and mongos processes are started with the net.ssl.CAFile setting. Each mongo shell and driver process must possess a client certificate.
  7. Next, specify PEM Key File for your Automation, Backup, and/or Monitoring Agent.
      • (NOTE: If the PEM Key File is encrypted, the password must also be specified.) Configure Agents
  8. If the PEM Key File is encrypted, the password must also be applied.
  9. The SSL options then need to be set on each server.
  10. Next, the SSL options need to be set on each server. Go to the Deployments tab and in the Processes view.
  11. Select the process that you would like to edit and click the Wrench icon to Edit the Configuration
  12. Expand the Advanced Options at the bottom.
  13. Set the following options:
      • sslmode: requireSSL, allowSSL, or preferSSL
      • sslPemKeyFile: Input the path to the server certificate. (Note: the file should be manually placed on the server before proceeding)
      • sslPemKeyPassword: If you are using an encrypted PEM key file, use sslPemKeyPassword to specify the password. Advanced Settings
  14. Click Apply.
  15. Finally, click Save and Review & Deploy.

Note:

  • Enabling SSL will apply to all managed items in your deployment.
  • The CA File provided will also be used by managed Monitoring and Backup Agents for connections to the entire deployment.
  • For MongoDB 2.6 and below, enabling SSL requires the using of MongoDB Enterprise Edition.
← Previous

Now Accepting Nominations for the 2015 William Zola Award for Community Excellence

Community is core to the success of MongoDB and the people that use it. We created the William Zola Award for Community Excellence last year to honor those whose support contributions make a significant difference to people around the globe. One of our strongest Community Support advocates was William Zola, who passed away unexpectedly. William, Lead Technical Services engineer, had a passion for creating user success, and helped thousands of users with support problems, much of it on his own time. William was so effective at meeting users in their time of distress that people often asked for him by name on the MongoDB User Forum. Most engineers at MongoDB went through his customer skills training to learn how to create an ideal user experience while maintaining technical integrity. William taught us: How the user feels is every bit as important as solving their technical problem We should work to solve the problem and not just close a case or ticket Every user interaction should drive the case one step closer to resolution It’s all about the user Over time, William’s advice and philosophy towards user success came to permeate MongoDB’s entire organization and community. The Award Last year Nuri Halperin , a 2015 MongoDB Master was nominated and won the first ever Zola. This year at MongoDB Silicon Valley we will announce the second winner of “The Zola.” We will award to user who has offered exceptional support to our community in line with William’s philosophy. The winner of the Zola will receive a complimentary hotel stay while at MongoDB Silicon Valley to receive the award at the event along with a $1,000 Amazon Gift Card. Today we open nominations and begin the search for this year's winner of the Zola. MongoDB users who support others on StackOverflow, at a MongoDB User Group and in person through ad-hoc or structured mentoring are all qualified to receive the award. Nominations will be accepted until November 1st, 2015 through this form , so please send in names of people who have positively impacted your experience with MongoDB. Individuals will be judged on the impact of their work and their demonstration of William’s values. William’s extraordinary contributions are remembered in users like you who pass along your knowledge of MongoDB and do it with gusto. Even if you do not qualify for the Zola now, there is always an opportunity for you to contribute to the MongoDB ecosystem by sharing your ideas and experience on StackOverflow , the MongoDB User Forum and in your local communities . Tell us who you think should receive this year's “Zola”. Submit your nominations today Prizes $1,000 Amazon Gift Certificate Ticket to MongoDB SV Hotel stay during MongoDB SV How Winners Will Be Selected MongoDB will pick the winning applicant by November 8th, and will notify the winner via email. The winners will be chosen based on a combination of user votes and contributions made to the community. For more information see the Zola Award Terms and Service . About the Author - Meghan Gill Meghan Gill is Director of Community and Demand Generation at MongoDB. She was the 8th employee and first non-engineering hire at MongoDB, helping to build the developer community behind the fastest-growing big data ecosystem. In 2014 she was recognized by AlleyWatch as a Rising Star in Enterprise Technology.

July 10, 2015
Next →

Accelerating to T+1 - Have You Got the Speed and Agility Required to Meet the Deadline?

On May 28, 2024, the Securities and Exchange Commission (SEC) will implement a move to a T+1 settlement for standard securities trades , shortening the settlement period from 2 business days after the trade date to one business day. The change aims to address market volatility and reduce credit and settlement risk. The shortened T+1 settlement cycle can potentially decrease market risks, but most firms' current back-office operations cannot handle this change. This is due to several challenges with existing systems, including: Manual processes will be under pressure due to the shortened settlement cycle Batch data processing will not be feasible To prepare for T+1, firms should take urgent action to address these challenges: Automate manual processes to streamline them and improve operational efficiency Event-based real-time processing should replace batch processing for faster settlement In this blog, we will explore how MongoDB can be leveraged to accelerate manual process automation and replace batch processes to enable faster settlement. What is a T+1 and T+2 settlement? T+1 settlement refers to the practice of settling transactions executed before 4:30pm on the following trading day. For example, if a transaction is executed on Monday before 4:30 pm, the settlement will occur on Tuesday. This settlement process involves the transfer of securities and/or funds from the seller's account to the buyer's account. This contrasts with the T+2 settlement, where trades are settled two trading days after the trade date. According to SEC Chair Gary Gensler , “T+1 is designed to benefit investors and reduce the credit, market, and liquidity risks in securities transactions faced by market participants.” Overcoming T+1 transition challenges with MongoDB: Two unique solutions 1. The multi-cloud developer data platform accelerates manual process automation Legacy settlement systems may involve manual intervention for various tasks, including manual matching of trades, manual input of settlement instructions, allocation emails to brokers, reconciliation of trade and settlement details, and manual processing of paper-based documents. These manual processes can be time-consuming and prone to errors. MongoDB (Figure 1 below) can help accelerate developer productivity in several ways: Easy to use: MongoDB is designed to be easy to use, which can reduce the learning curve for developers who are new to the database. Flexible data model: Allows developers to store data in a way that makes sense for their application. This can help accelerate development by reducing the need for complex data transformations or ORM mapping. Scalability: MongoDB is highly scalable , which means it can handle large volumes of trade data and support high levels of concurrency. Rich query language: Allows developers to perform complex queries without writing much code. MongoDB's Apache Lucene-based search can also help screen large volumes of data against sanctions and watch lists in real-time. Figure 1: MongoDB's developer data platform Discover the developer productivity calculator . Developers spend 42% of their work week on maintenance and technical debt. How much does this cost your organization? Calculate how much you can save by working with MongoDB. 2. An operational trade store to replace slow batch processing Back-office technology teams face numerous challenges when consolidating transaction data due to the complexity of legacy batch ETL and integration jobs. Legacy databases have long been the industry standard but are not optimal for post-trade management due to limitations such as rigid schema, difficulty in horizontal scaling, and slow performance. For T+1 settlement, it is crucial to have real-time availability of consolidated positions across assets, geographies, and business lines. It is important to note that the end of the batch cycle will not meet this requirement. As a solution, MongoDB customers use an operational trade data store (ODS) to overcome these challenges for real-time data sharing. By using an ODS, financial firms can improve their operational efficiency by consolidating transaction data in real-time. This allows them to streamline their back-office operations, reduce the complexity of ETL and integration processes, and avoid the limitations of relational databases. As a result, firms can make faster, more informed decisions and gain a competitive edge in the market. Using MongoDB (Figure 2 below), trade desk data is copied into an ODS in real-time through change data capture (CDC), creating a centralized trade store that acts as a live source for downstream trade settlement and compliance systems. This enables faster settlement times, improves data quality and accuracy, and supports full transactionality. As the ODS evolves, it becomes a "system of record/golden source" for many back office and middle office applications, and powers AI/ML-based real-time fraud prevention applications and settlement risk failure systems. Figure 2: Centralized Trade Data Store (ODS) Managing trade settlement risk failure is critical in driving efficiency across the entire securities market ecosystem. Luckily, MongoDB integration capabilities (Figure 3 below) with modern AI and ML platforms enable banks to develop AI/ML models that make managing potential trade settlement fails much more efficient from a cost, time, and quality perspective. Additionally, predictive analytics allow firms to project availability and demand and optimize inventories for lending and borrowing. Figure 3: Event-driven application for real time monitoring Summary Financial institutions face significant challenges in reducing settlement duration from two business days (T+2) to one (T+1), particularly when it comes to addressing the existing back-office issues. However, it's crucial for them to achieve this goal within a year as required by the SEC. This blog highlights how MongoDB's developer data platform can help financial institutions automate manual processes and adopt a best practice approach to replace batch processes with a real-time data store repository (ODS). With the help of MongoDB's developer data platform and best practices, financial institutions can achieve operational excellence and meet the SEC's T+1 settlement deadline on May 28, 2024. In the event of T+0 settlement cycles becoming a reality, institutions with the most flexible data platform will be better equipped to adjust. Top banks in the industry are already adopting MongoDB's developer data platform to modernize their infrastructure, leading to reduced time-to-market, lower total cost of ownership, and improved developer productivity. Looking to learn more about how you can modernize or what MongoDB can do for you? Zero downtime migrations using MongoDB’s flexible schema Accelerate your digital transformation with these 5 Phases of Banking Modernization Reduce time-to-market for your customer lifecycle management applications MongoDB’s financial services hub

May 25, 2023