krishagel/gist:343ec36cfe8845ce1673

## gistfile1.txt
Dev Jumpstart: Build Your First App with MongoDB

docs.mongodb.com
mongodb university

----

Social Network created by Mongo

https://github.com/10gen-labs/socialite
Videos from MongoWorld with three sessions all about this topic
instead of putting followers and following into a user document, create a followers document with the relationships there.
even better, have a followers collection and a following collection, eases sharding in the future.

----

Sharding - David Murphy @dmurphy_data @objectrocket

sh.status()
db.collection.stats()
db.chunks.count({ns:"database.collection"});
Check his twitter account, lots of information there.
ChunkHunter.py

----

Securing your MongoDB Deployment - Andreas Nilsson

Securing a Database
  Should always happen in the design phase if possible
Access Control
  Authentication (Who are you)
  Authorization (What can you do)
  Built-in authentication: password or x.509 certs
  Can integrate with LDAP/Kerberos/AD
  Builtin and User Defined Roles available
  Server-server authentication use shared keyfile or x.509
  All users reside in the admin db and replicated after v2.6
  Users in a sharded servers are on the config server
  Field level redaction is interesting, can limit what fields specific users can see.
Data Protection
  * Encrypting data in transit and data at rest
  Always use SSL for data in transit
  Data at rest needs to be done through third parties like vormetric for file or os level encryption
Auditing
  2.6 has new auditing features
  Logs to console, syslog, or file in JSON or BSON
  By default, all security events are written to audit log when enabled
  HIPAA Compliance info is available for MongoDB through this guy probably
  Audit guarantees (writes will not be complete before it is audited)

Final Tips:
  Do not directly expose database servers to the internet
  Design and configure access control
  Enable SSL
  Provide SSL CA files to the client and server as trust base
  Disable any unnecessary interfaces
  Lock down database files and minimize account privileges

----

Splunk Hunk - Mark Groves, Sr. Director, Product Management, Splunk Developer Platform

Splunk is a powerful product, just expensive...
Can write applications right inside their custom frameworks

——

4 Hidden Gems of MongoDB 2.6 - Dan Pasette - VP of Core Engineering

Power of 2 as Default Allocation Strategy
Server-side timeouts
Query Engine Introspection
Background Indexing on Secondaries
	Dev Jumpstart: Build Your First App with MongoDB

	docs.mongodb.com
	mongodb university

	----

	Social Network created by Mongo

	https://github.com/10gen-labs/socialite
	Videos from MongoWorld with three sessions all about this topic
	instead of putting followers and following into a user document, create a followers document with the relationships there.
	even better, have a followers collection and a following collection, eases sharding in the future.

	----

	Sharding - David Murphy @dmurphy_data @objectrocket

	sh.status()
	db.collection.stats()
	db.chunks.count({ns:"database.collection"});
	Check his twitter account, lots of information there.
	ChunkHunter.py

	----

	Securing your MongoDB Deployment - Andreas Nilsson

	Securing a Database
	Should always happen in the design phase if possible
	Access Control
	Authentication (Who are you)
	Authorization (What can you do)
	Built-in authentication: password or x.509 certs
	Can integrate with LDAP/Kerberos/AD
	Builtin and User Defined Roles available
	Server-server authentication use shared keyfile or x.509
	All users reside in the admin db and replicated after v2.6
	Users in a sharded servers are on the config server
	Field level redaction is interesting, can limit what fields specific users can see.
	Data Protection
	* Encrypting data in transit and data at rest
	Always use SSL for data in transit
	Data at rest needs to be done through third parties like vormetric for file or os level encryption
	Auditing
	2.6 has new auditing features
	Logs to console, syslog, or file in JSON or BSON
	By default, all security events are written to audit log when enabled
	HIPAA Compliance info is available for MongoDB through this guy probably
	Audit guarantees (writes will not be complete before it is audited)

	Final Tips:
	Do not directly expose database servers to the internet
	Design and configure access control
	Enable SSL
	Provide SSL CA files to the client and server as trust base
	Disable any unnecessary interfaces
	Lock down database files and minimize account privileges

	----

	Splunk Hunk - Mark Groves, Sr. Director, Product Management, Splunk Developer Platform

	Splunk is a powerful product, just expensive...
	Can write applications right inside their custom frameworks

	——

	4 Hidden Gems of MongoDB 2.6 - Dan Pasette - VP of Core Engineering

	Power of 2 as Default Allocation Strategy
	Server-side timeouts
	Query Engine Introspection
	Background Indexing on Secondaries