Presentation is loading. Please wait.

Presentation is loading. Please wait.

Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Secure Sharding.

Published byViolet Horton Modified over 9 years ago

Similar presentations

Presentation on theme: "Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Secure Sharding."— Presentation transcript:

1 Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Secure Sharding in MongoDB Presented By: Anam Zahid

2 Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Agenda Scaling MongoDB’s Approach Architecture Mechanism Proposed Architecture

3 Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Scaling Scaling UP (Vertical Scaling) –Addition of more CPUs and Storage Capacity 64 MB

4 Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Scaling Scaling OUT (Horizontal Scaling) –Distribution of data across multiple servers

5 Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab MongoDB’s Approach Sharding (horizontal scalability) –A method to store data across multiple machines/shards –Supports deployments with very large datasets –Maintains high throughput operations

6 Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab MongoDB’s Approach Sharding Advantages –Reduces the number of operations each shard handles –Reduces the Amount of data that each server stores –Make the Cluster invisible for Clients –Ensures Cluster availability for reads and writes –Easy scaling out

7 Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Sharding Architecture

8 Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Sharding with Replica Set

9 Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Mechanism Shards –Master slave,Replica Sets or Mongod instances Configuration Servers –Exactly 3 for production –Contains meta-data Routing Instances –Direct interface with client application –Can be many in number –Also act as a balancer for chunk migration

10 Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Mechanism Sharding on per collection basis Based on shard keys Default chunk size is 64MB

11 Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Mechanism Two basic operations –Chunk Splitting –Chunk Migration

12 Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Proposed Architecture Encryption/Decryption Layer Key Distribution Store

13 Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Authentication Authorization Client Application Key Distribution Store Config. Server Shard A Shard B Shard C Config. Server Encryption/Decryption Engine Query Router 1 2 3 4 5 6 7 8 9 10

14 Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Proposed Architecture 1. Client Application sends Login Request to authentication Module 2. Authentication Module authenticates it on the basis of certificate and sends reply back to client application 3. Client application sends query to authorization server. The Authorization server generates policies and maps user policies with user profile. Then it verifies user query against user policy. 4. In case of successful authorization, authorization server sends the query to Query Router

15 Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Proposed Architecture 5. Query router get meta-data information about shards from the configuration server/s 6. It then looks for appropriate shard/s on the basis of query parameters 7. Query router sends query request to encryption/decryption Engine 8. The encryption/Decryption Engine requests key distribution store for encryption key 9. The Engine requests data from appropriate shards, decrypt it and sends the response back to query router. 10. Query router forwards this data to Client Application

16 Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab

Download ppt "Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Secure Sharding."

Similar presentations

Tableau Software Australia

Tableau Software Australia
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Dr. Kalpakis CMSC 621, Advanced Operating Systems. Fall 2003 URL: Distributed System Architectures.

Dr. Kalpakis CMSC 621, Advanced Operating Systems. Fall 2003 URL: Distributed System Architectures.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Futures – Alpha Cloud Deployment and Application Management.

Futures – Alpha Cloud Deployment and Application Management.
High Performance Computing Course Notes 2007-2008 Grid Computing.

High Performance Computing Course Notes Grid Computing.
GGF Toronto 19.02.02 Spitfire A Relational DB Service for the Grid Peter Z. Kunszt European DataGrid Data Management CERN Database Group.

GGF Toronto Spitfire A Relational DB Service for the Grid Peter Z. Kunszt European DataGrid Data Management CERN Database Group.
Fall 2007cs4251 Distributed Computing Umar Kalim Dept. of Communication Systems Engineering 31/10/2007.

Fall 2007cs4251 Distributed Computing Umar Kalim Dept. of Communication Systems Engineering 31/10/2007.
Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.

Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.
Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.

Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.
MongoDB Sharding and its Threats

MongoDB Sharding and its Threats
H-1 Network Management Network management is the process of controlling a complex data network to maximize its efficiency and productivity The overall.

H-1 Network Management Network management is the process of controlling a complex data network to maximize its efficiency and productivity The overall.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Distributed Data Stores – Facebook Presented by Ben Gooding University of Arkansas – April 21, 2015.

Distributed Data Stores – Facebook Presented by Ben Gooding University of Arkansas – April 21, 2015.
Construction of efficient PDP scheme for Distributed Cloud Storage. By Manognya Reddy Kondam.

Construction of efficient PDP scheme for Distributed Cloud Storage. By Manognya Reddy Kondam.
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.

Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
Software Engineer, #MongoDBDays.

Software Engineer, #MongoDBDays.
CSC 456 Operating Systems Seminar Presentation (11/13/2012) Leon Weingard, Liang Xin The Google File System.

CSC 456 Operating Systems Seminar Presentation (11/13/2012) Leon Weingard, Liang Xin The Google File System.

Similar presentations

Ads by Google