发表新帖
发表新帖

Spreading MongoDB across EC2 regions

前端 未结
关注
5 1395
孤城傲影
孤城傲影 2021-02-03 13:15

I want to distribute a sharded/replicated MongoDB setup across multiple of Amazon\'s EC2 regions. Is this traffic already encrypted by MongoDB or can I optionally set this up? O

5条回答
  • 傲寒
    傲寒 (楼主)
    2021-02-03 14:01

    I answered a similar question yesterday about Apache Cassandra: Securing Cassandra communication with TLS/SSL.

    My experience has been, specifically with Amazon, if you can, set up a VPN network between your instances to guarantee that everything is secure. An interesting fact we came across when implementing our VPN network on top of EC2 is that it made response times faster ... We opted for Vyatta and have been very happy with it so far. It can be fully virtualized ... and allows us to bridge between zones, regions and data centres (amazon and not amazon)

    Another option is to leverage Amazon Virtual Private Cloud:

    • Create an Amazon Virtual Private Cloud on AWS's scalable infrastructure, and specify its private IP address range from any range you choose.
    • Divide your VPC’s private IP address range into one or more public or private subnets to facilitate running applications and services in your VPC.
    • Control inbound and outbound access to and from individual subnets using network access control lists.
    • Store data in Amazon S3 and set permissions such that the data can only be accessed from within your Amazon VPC.
    • Attach an Amazon Elastic IP address to any instance in your VPC so it can be reached directly from the Internet.
    • Bridge your VPC and your onsite IT infrastructure with an encrypted VPN connection, extending your existing security and management policies to your VPC instances as if they were running within your infrastructure.

    Vyatta has a nice graphic showing how VPC and Vyatta (or any other corporate VPN solution) can bridge together (as per the last point above):

    • hybrid VPN topologies between an Amazon VPC and other VPC instanceshttp://www.vyatta.com/sites/vyatta.com/files/images/Vyatta_Amazon.png

    • http://www.vyatta.com/solutions/amazon

    I don't work for Vyatta ... just like how well we've managed to get everything working without purchasing mega expensive cisco gear

    0 讨论(0)
 看不清?
提交回复
热议问题