krishagel · August 29, 2015 14:06
diff --git a/gistfile1.txt b/gistfile1.txt
 Dev Jumpstart: Build Your First App with MongoDB

 docs.mongodb.com
 mongodb university

 ----

 Social Network created by Mongo

 https://github.com/10gen-labs/socialite
 Videos from MongoWorld with three sessions all about this topic
 instead of putting followers and following into a user document, create a followers document with the relationships there.
 even better, have a followers collection and a following collection, eases sharding in the future.

 ----

 Sharding - David Murphy @dmurphy_data @objectrocket

 sh.status()
 db.collection.stats()
 db.chunks.count({ns:"database.collection"});
 Check his twitter account, lots of information there.
 ChunkHunter.py

 ----

 Securing your MongoDB Deployment - Andreas Nilsson

 Securing a Database
  Should always happen in the design phase if possible
 Access Control
  Authentication (Who are you)
  Authorization (What can you do)
  Built-in authentication: password or x.509 certs
  Can integrate with LDAP/Kerberos/AD
  Builtin and User Defined Roles available
  Server-server authentication use shared keyfile or x.509
  All users reside in the admin db and replicated after v2.6
  Users in a sharded servers are on the config server
  Field level redaction is interesting, can limit what fields specific users can see.
 Data Protection
  * Encrypting data in transit and data at rest
  Always use SSL for data in transit
  Data at rest needs to be done through third parties like vormetric for file or os level encryption
 Auditing
  2.6 has new auditing features
  Logs to console, syslog, or file in JSON or BSON
  By default, all security events are written to audit log when enabled
  HIPAA Compliance info is available for MongoDB through this guy probably
  Audit guarantees (writes will not be complete before it is audited)

 Final Tips:
  Do not directly expose database servers to the internet
  Design and configure access control
  Enable SSL
  Provide SSL CA files to the client and server as trust base
  Disable any unnecessary interfaces
  Lock down database files and minimize account privileges

 ----

 Splunk Hunk - Mark Groves, Sr. Director, Product Management, Splunk Developer Platform

 Splunk is a powerful product, just expensive...
 Can write applications right inside their custom frameworks

 ——

 4 Hidden Gems of MongoDB 2.6 - Dan Pasette - VP of Core Engineering

 Power of 2 as Default Allocation Strategy
 Server-side timeouts
 Query Engine Introspection
 Background Indexing on Secondaries
	Dev Jumpstart: Build Your First App with MongoDB

	docs.mongodb.com
	mongodb university

	----

	Social Network created by Mongo

	https://github.com/10gen-labs/socialite
	Videos from MongoWorld with three sessions all about this topic
	instead of putting followers and following into a user document, create a followers document with the relationships there.
	even better, have a followers collection and a following collection, eases sharding in the future.

	----

	Sharding - David Murphy @dmurphy_data @objectrocket

	sh.status()
	db.collection.stats()
	db.chunks.count({ns:"database.collection"});
	Check his twitter account, lots of information there.
	ChunkHunter.py

	----

	Securing your MongoDB Deployment - Andreas Nilsson

	Securing a Database
	Should always happen in the design phase if possible
	Access Control
	Authentication (Who are you)
	Authorization (What can you do)
	Built-in authentication: password or x.509 certs
	Can integrate with LDAP/Kerberos/AD
	Builtin and User Defined Roles available
	Server-server authentication use shared keyfile or x.509
	All users reside in the admin db and replicated after v2.6
	Users in a sharded servers are on the config server
	Field level redaction is interesting, can limit what fields specific users can see.
	Data Protection
	* Encrypting data in transit and data at rest
	Always use SSL for data in transit
	Data at rest needs to be done through third parties like vormetric for file or os level encryption
	Auditing
	2.6 has new auditing features
	Logs to console, syslog, or file in JSON or BSON
	By default, all security events are written to audit log when enabled
	HIPAA Compliance info is available for MongoDB through this guy probably
	Audit guarantees (writes will not be complete before it is audited)

	Final Tips:
	Do not directly expose database servers to the internet
	Design and configure access control
	Enable SSL
	Provide SSL CA files to the client and server as trust base
	Disable any unnecessary interfaces
	Lock down database files and minimize account privileges

	----

	Splunk Hunk - Mark Groves, Sr. Director, Product Management, Splunk Developer Platform

	Splunk is a powerful product, just expensive...
	Can write applications right inside their custom frameworks

	——

	4 Hidden Gems of MongoDB 2.6 - Dan Pasette - VP of Core Engineering

	Power of 2 as Default Allocation Strategy
	Server-side timeouts
	Query Engine Introspection
	Background Indexing on Secondaries