SlideShare uma empresa Scribd logo

MongoDB .local Chicago 2019: Keep your Business Safe and Scaling Holistically with MongoDB on LinuxONE

MongoDB
MongoDB

Learn how MongoDB on LinuxONE and IBM Cloud Hyper Protect Services can be used to manage highly sensitive and confidential data – pervasively encrypting and securing your environments, consolidating thousands of database instances while serving hundreds of billions of queries a day. At the end of this session you will better understand how managing and scaling large amounts of critical business data can be achieved easily with automatic pervasive encryption of code and data in-flight and at-rest. If you're a Developer, Architect, DBA or a Business Stakeholder, and your organization is using or planning to use MongoDB on-premise or in the cloud, this session will help you to gain insights into the best way to run MongoDB to keep your business safe and scaling holistically.

Tecnologia
1 de 38
Baixar para ler offline
Keep your Business Safe and Scaling Holistically with MongoDB on LinuxONE Rebecca Gott, Ph.D IBM Distinguished Engineer, IBM LinuxONE gott@us.ibm.com Systems / LinuxONE / Copyright 2019 IBM Corp.
IBM Cloud Z - Hyper Protect Services | © 2019 IBM Corporation trust transitive verb ˈtrəst 1a: to rely on the truthfulness or accuracy of b: to place confidence in c: to hope or expect confidently soon 2a: to commit or place in one's care or keeping b: to permit to stay or go or to do something without fear or misgiving https://www.merriam-webster.com/dictionary/trust In whom or what do you trust? What is most important to you?
Your EnterpriseThird Party Agents in an Cloud Environment: Who do you trust? IBM Cloud Z - Hyper Protect Services | © 2019 IBM Corporation Mr. Malicious Cloud SRE Application Admin Government Agent Network Admin Application User Database Admin Developer Hardware Vendor Software Vendor Storage Admin Доверяй, но проверяй; Doveryai, no proveryai)
The only people you can truly trust… IBM Cloud Z - Hyper Protect Services | © 2019 IBM Corporation …are those who do not have your best interests at heart. People make mistakes, people can be corrupted. Your EnterpriseThird Party Mr. Malicious IBM Cloud SRE Application Admin Government Agent Network Admin Application User Database Admin Developer Hardware Vendor Software Vendor Storage Admin How do you establish trust in an untrusting ecosystem?
5 App C Bins/Libs Bins/Libs Docker Linux Host OS X86 Infrastructure Docker Container AttackerDocker Group Hot Wallet 1 Access the Docker Group to which the user is a member (many Docker Groups have hardcoded credentials for ease of use) Obtain root level system access and, as a superuser, run this command: 2 3 4 Trade funds from the exchange’s hot wallet to attacker’s wallet $ docker run -v /home/${USER}:/h_docs ubuntu bash -c "cp /bin/bash /h_docs/rootshell && chmod 4777 /h_docs/rootshell;" && ~/rootshell -p Obtain a system administrator’s account credentials: • Social Engineering / Credential Reuse • Account Takeover of Cloud Hosting • Application Vulnerability Permission Exploit
Significant breaches… Who is next? IBM LinuxONE / Secure Cloud / © 2019 IBM Corporation Late 2016 57 million driver and rider accounts compromised $100,00 ransom to hackers Paid $148M to settle claims July 2017 Website breach 145.5 million people affected Feb 2018 Kubernetes Container Management console not password protected June 2018 Disgruntled Employee with “higher system privileges than necessary” https://www.equifaxsecurity2017.com/ https://www.eweek.com/cloud/tesla-cloud-account-data-breach-revealed-in-redlock-security-report https://www.securityweek.com/tesla-breach-malicious-insider-revenge-or-whistleblowing https://www.nytimes.com/2017/11/21/technology/uber-hack.htm http://news.marriott.com/2018/11/marriott-announces-starwood-guest-reservation-database-security-incident/ https://www.newsweek.com/amazon-capital-one-hack-data-leak-breach-paige-thompson-cybercrime-1451665 2x 6 NSA 2013 Copied and leaked classified information leveraging SysAdmin privileges Capital One July 2019 140,00 social security numbers 80,000 linked bank account numbers
Data Privacy is no longer optional Organizations are facing unprecedented data privacy fines from GDPR and FTC January 2019 – July 2019 Systems / LinuxONE / © 2019 IBM Corporation July 12 $5 Billion July 22 $575M July 8 $230M July 9 $123M $57M 7
And yet, either we’re still not protecting everything Only what we think will get audited Only what we would get fined for not encrypting today Or we’re encrypting, but not effectively Only at the storage media layer All-or-nothing approach: either you can’t get in the bank at all, or you can not only enter the bank, but can open all the safe deposit boxes There’s just too much data, and it’s too hard to protect it all 8Systems / LinuxONE / © 2019 IBM Corporation
9 While the data we need to protect keeps growing Data sent over internal and external networks Know- your- customer (KYC) forms IoT Database Backups Customer Profile Data Systems / LinuxONE / © Copyright 2019 IBM Corp.
Systems / LinuxONE / © 2019 IBM Corporation Imagine if you had to encrypt all this data… You could do it if you had High-speed on-chip compression On-chip compression + on-chip encryption = storage reduction + security without impacting service levels, making it easier to protect data as it grows 10
IBM LinuxONE III™: Architected for Secure Data Serving Systems / LinuxONE / © 2018 IBM Corporation Do the work of 1000 data-serving cores in a single 19” footprint On-chip crypto co-processor per core for fast encryption security On-chip compression lets you compress then encrypt everything, all on-chip, without impacting response times Grow from single-frame to multi-frame configurations within the same firmware hypervisor manager Up to 24 TB in single-frame, up to 40 TB in quad-frame Most highly rated Hardware Security Module: FIPS 140-2 Level 4 Secure Service Container appliances for hosting Hyper Secure Virtual Servers that protect against misuse of privileged credentials -- up to 85 per system Data Privacy Passports controller Systems / LinuxONE / © Copyright 2019 IBM Corp.
Secure applications in the Secure Service Container 12 IBM Secure Service Container (SSC) Evil Admin REST API MongoDB running in protected memory Isolated Hyper Protect Runtime MongoDB running in protected memory Isolated Hyper Protect Runtime Secure Key FIPS 197 AES-256 encryption Administrators and applications must use white labeled Rest API No command line $ docker run –v… Secure Shell (SSH) Encrypted communications Encrypted IBM Flash Storage Firmware Tamper-proof SSC Secure Boot
Protect your keys with an HSM that instantly destroys the master keys upon tamper detection, guaranteeing against loss to attackers 13 Tamper-evident physical security features (seals) on enclosed card FIPS 140-2 Level 2 FIPS 140-2 Level 3 FIPS 140-2 Level 4 Level 2 + Tamper detection and response for covers and doors* Complete 360 degree envelope of protection and response by destroying keys IBM Crypto Express 6S Unique to IBM:100 Nano second response & error-code correcting (prevents key loss due to CPU processing faults)* Some Level 3 vendors include key destruction, Level 3+
14 IBM Secure Service Container Secure Key FIPS 197 AES-256 encryption Secure Service Container Secure Key 2 HSM Master Key Storage Secure Key 1 Docker Container Secure Key 3 Layers of Encryption Isolated Hyper Protect Runtime IBM Crypto Express 6s HSM Trusted Key Entry 0110101.. True RNG 1. Master Key wrapped AES-256 bit key for storage and backups 2. Master Key wrapped AES-256 bit key for Secure Service Container encryption 3. Master Key wrapped AES-256 bit key for Individual Docker container applications. Encrypted IBM Flash Storage Encrypted Communications Encrypted IBM Cloud Object Store Backup Encrypted Communications MongoDB MongoDB Reporting Protected by LinuxONE Secure Private Cloud Platform Security Policy Wallets No key export. Master keys are simultaneously generated in multiple HSMs Isolated Hyper Protect Runtime
Security at Scale – what makes LinuxONE so unique 15 16 TB Intel Software Guard Extensions (SGX) 0.00012 TB IBM Secure Service Container (SSC)
LinuxONE - Super-Scalable and Elastic System Extreme Virtualization and Scale § Hypervisor partitioning built into firmware • Complete isolation – EAL5+ § 85 hypervisors– z/VM or KVM • 1k Linux guests/hypervisor • +2 million docker containers • 17TB MongoDB • Hypervisor communication is via fast, in-memory sockets – Hipersockets or Shared-OSA – 3x less latency than discrete servers • Massive dedicated I/O – 640 power co-processors • 692 MB L4 cache, 5Ghz core, dual-TLBs, crypto acceleration Super Elastic System § Non-disruptively add/remove resources from Linux guests § Non-disruptively add/remove Linux guests Compose high-performance, secure and scalable applications. Dynamically and seamlessly re-allocate resources. Scale-up data-serving + scale-out app-serving + right-time analytics for powerful engagement LinuxONE Hardware HiperSocket LAN / Shared OSA Linux guest Docker Docker Docker Docker … LPAR1 LPAR2 / KVM Scale-out Scale-up Linux guest LPAR3 / zVM Linux guest © 2019 IBM Corporation
Scaling-up with MongoDB on LinuxONE Single MongoDB node on LinuxONE scales up to 17TBs with sustained throughput and response time <5ms, while supporting +4 Billion documents, 460,000 reads+writes/second, with no sharding required! We are committed to make MongoDB available on all major platforms and are excited to add support for IBM LinuxONE Enterprise Grade Linux and LinuxONE Platform. This announcement is a leap forward for customers who want to deploy modern, mission-critical applications built with MongoDB and take advantage of the performance, scalability and security of IBM s LinuxONE platform hardware products. --- Eliot Horowitz CTO & Founder, MongoDB © 2019 IBM Corporation
MongoDB Scale-Up on LinuxONE III 19 Systems / LinuxONE / © 2019 IBM Corporation • MongoDB scale-up on LinuxONE III vs. scale- out on x86 cluster with replication
MongoDB Scale-up on LinuxONE III vs. Scale-out on x86 Systems / LinuxONE / © 2019 IBM Corporation § Setup on LinuxONE III • 1TB aggregated database size • 3-node replica set • Journaling turned on • Database to memory ratio 4:1 • No sharding on LinuxONE III • 2 OSA cards • 1 primary + 2 secondaries in 3 LinuxONE LPARs • Flashsystem900 storage on LinuxONE III § Benchmark Setup – 3x LinuxONE III LPARs, 4 cores for the primary and 1 or 2 cores per secondary, 128 GB memory per LPAR, FlashSystem 900 storage • 1 shard (1 TB) • 2 replica (each 1 TB) – YCSB Benchmark read-mostly – MongoDB 4.0.6 on SLES 12 SP4, write concern “majority” – 2 driving blades with each 4 YCSB instances each with 64 threads, in total 512 threads LinuxONE III Setup LinuxONE III LPAR MongoDB Shard #0 Primary FlashSystem 900 10 Gbit/s LinuxONE III LPAR LinuxONE III LPAR MongoDB Shard #0 Secondary #0 MongoDB Shard #0 Secondary #1 x86 blade 0 YCSB 1 64 threads YCSB 0 64 threads YCSB 2 64 threads YCSB 3 64 threads x86 blade 1 YCSB 1 64 threads YCSB 0 64 threads YCSB 2 64 threads YCSB 3 64 threads
MongoDB Scale-up on LinuxONE III vs. Scale-out on x86 21 Systems / LinuxONE / © 2019 IBM Corporation 21 § Setup on x86 • 1TB aggregated database size • 3-node replica set • Database to memory ratio 6:1 • Sharding on x86 • 4 shards + 8 secondaries on 4 x86 server • Local SSD storage on x86 § Benchmark Setup – 5 x86 Skylake each with 12 cores, 128 GB memory, local SSDs (~ 1TB) • Each server hosting 1 shard (256 GB) and 2 replica (2x 256 GB) – YCSB Benchmark read-mostly – MongoDB 4.0.6 (or newer) on SLES 12 SP4, write concern “majority” – 2 driving blades with each 4 YCSB instances each with 64 threads, in total 512 threads x86 Cluster Configuration x86 Server #0 (local SSDs) x86 Server #1 (local SSDs) x86 Server #2 (local SSDs) x86 Server #3 (local SSDs) x86 Server # 5 (local SSDs) Router (Mongos) x86 blade 0 YCSB 1 64 threads YCSB 0 64 threads YCSB 2 64 threads YCSB 3 64 threads x86 blade 1 YCSB 1 64 threads YCSB 0 64 threads YCSB 2 64 threads YCSB 3 64 threads Shard #0 Primary Shard #3 Secondar y #0 Shard #1 Primary Shard #0 Secondar y #0 Shard #2 Primary Shard #1 Secondar y #0 Shard #3 Primary Shard #2 Secondar y #0 Shard #0 Secondar y #1 Shard #1 Secondar y #1 Shard #2 Secondar y #1 Shard #3 Secondar y #1
MongoDB Scale-up on LinuxONE III vs. Scale-out on x86 22 Systems / LinuxONE / © 2019 IBM Corporation Disclaimer: Performance results based on IBM internal tests running YCSB 0.10.0 benchmark (read-mostly) on MongoDB Enterprise Release 4.0.6 with 3-node replication. On LinuxONE III MongoDB was setup without sharding. On x86 MongoDB was setup with four shards. Results may vary. x86 config: 5 Intel® Xeon® Gold 6140 CPU @ 2.30GHz with Hyperthreading turned on, 128 GB memory, 2 TB local RAID5 SSD storage, SLES12 SP4 running MongoDB, driven remotely by YCSB using 5 x86 server with total 512 threads LinuxONE III configuration: LPAR with 4 dedicated cores and 2 LPARs with each 1 core, each with SMT and 128 GB memory, 5 TB FlashSystem 900 storage, SLES 12 SP4 (SMT mode) running MongoDB, driven remotely by YCSB using 4 x86 servers with total 512 threads. Run the Yahoo Cloud Serving Benchmark (YCSB) on MongoDB without sharding on IBM LinuxONE III with 6 cores in total and achieve the same throughput as on MongoDB with 4 shards on compared x86 systems with 60 cores in total, which provides a 10:1 core consolidation ratio in favor of LinuxONE III Preliminary results, final results may vary
MongoDB Scale-up on LinuxONE III vs. Scale-out on x86 23 Systems / LinuxONE / © 2019 IBM Corporation Run the Yahoo Cloud Serving Benchmark (YCSB) on MongoDB without sharding on IBM LinuxONE III with up to 3.7x better read latency and 2.4x better write latency than on MongoDB with four shards on compared x86 systems 2.4x 3.7x Preliminary results, final results may vary Disclaimer: Performance results based on IBM internal tests running YCSB 0.10.0 benchmark (read-mostly) on MongoDB Enterprise Release 4.0.6 with 3-node replication. On LinuxONE III MongoDB was setup without sharding. On x86 MongoDB was setup with four shards. Results may vary. x86 config: 5 Intel® Xeon® Gold 6140 CPU @ 2.30GHz with Hyperthreading turned on, 128 GB memory, 2 TB local RAID5 SSD storage, SLES12 SP4 running MongoDB, driven remotely by YCSB using 5 x86 server with total 512 threads LinuxONE III configuration: LPAR with 4 dedicated cores and 2 LPARs with each 1 core, each with SMT and 128 GB memory, 5 TB FlashSystem 900 storage, SLES 12 SP4 (SMT mode) running MongoDB, driven remotely by YCSB using 4 x86 servers with total 512 threads.
MongoDB Backup and Encryption 24 Systems / LinuxONE / © 2019 IBM Corporation • MongoDB backup performance on encrypted btrfs volume on LinuxONE III
MongoDB Dump (Backup) and Restore 25 § Disaster Recovery via remote dump and restore procedure § Database dumps are taken periodically and are usually compressed § Restore process can take a long time if: • Single large collection • Backup is compressed Systems / LinuxONE / © 2019 IBM Corporation DatabaseDatabase Dump (Backup) Restore libz.so zip gzip libz.so unzip gunzip zEDC Compressed DB: J Low storage J Quick transfer L High complexity L Less robust
Compressing Data with Integrated Accelerator for zEDC before Encryption 26 Systems / LinuxONE / © 2019 IBM Corporation MongoDB MongoDB IBM System Storage DS8000 IBM System Storage DS8000 • Benchmark Setup • Ran mongodump • with software compression (pigz -1) on x86 • with gzip exploiting the Integrated Accelerator for z Enterprise Data Compression on LinuxONE III • MongoDB database size 355 GB • System Stack • LinuxONE III • LPAR with 1-8 dedicated cores • s and 1.5 TB memory running RHEL 7.6 with SMT enabled • Database located on IBM DS8000 storage • MongoDB 4.0.6 • gzip based on source code level https://git.savannah.gnu.org/git/gzip.git commit 7a6f9c9c3267185a299ad178607ac5e3716ab4a5 • x86 • 1-8 Intel® Xeon® Gold 6140 CPU @ 2.30GHz w/ Hyperthreading turned on, 1.5 TB of memory running RHEL 7.6 • Database located on IBM DS8000 storage • MongoDB 4.0.6 • pigz pigz -1 Int. Acc. for zEDC x86 Skylake LinuxONE III
Compressing Data with Integrated Accelerator for zEDC before Encryption 27 Systems / LinuxONE / © 2019 IBM Corporation Perform a MongoDB database dump on an encrypted and compressed Btrfs volume on LinuxONE III using the Integrated Accelerator for z Enterprise Data Compression up to 3.2x faster and with up to 3.6x less CPU time versus a compared x86 platform using software compression Disclaimer: Performance results based on IBM internal tests running database dump with compression on MongoDB 4.0.6 on a database of size 355 GB using pigz -1 on x86 and gzip -1 (gzip based on source code level https://git.savannah.gnu.org/git/gzip.git commit 7a6f9c9c3267185a299ad178607ac5e3716ab4a5) on LinuxONE III. The database dump file size on LinuxONE III is 20% bigger than on x86. Results may vary. LinuxONE III configuration: LPAR with 2 dedicated cores, 1.5 TB memory, RHEL 7.6 in SMT mode, database located on IBM DS8000 storage. x86 configuration: 2 Intel® Xeon® Gold 6140 CPU @ 2.30GHz with Hyperthreading turned on, 1.5 TB memory, RHEL 7.6, database located on IBM DS8000 storage. 3.2x 2.2x 1.9x 3.6x 2.8x 3.0x
LinuxONE TCO Studies 28 Systems / LinuxONE / © 2019 IBM Corporation • Use case I • Use case II
§ Consolidation – From: 42 Dell R730, 1,512 cores – To: 2 LinuxONE Emperor II, 135 cores § TCO comparison summary – 11:1 core consolidation ratio from Dell to IBM LinuxONE – 41% lower TCO, saving $12M over 5 years – Savings begin Year 1 – The difference in annual run rate is ~$2.5M Customer case 1: IBM LinuxONE Emperor II 29 Source: IBM IT Economics team Systems / LinuxONE / © 2019 IBM Corporation
§ Consolidation – From: 30 HP ProLiant, 300 cores – To: 1 IBM LinuxONE Rockhopper II, 15 cores § TCO Comparison Summary – 20:1 core consolidation ratio from HP Intel servers to IBM LinuxONE Rockhopper – 55.6% lower TCO, saving $3.28M over 5 years – Savings begin Year 1 Customer case 2: IBM LinuxONE Rockhopper II Source: IBM IT Economics team 30 Systems / LinuxONE / © 2019 IBM Corporation
How LinuxONE can consolidate so many x86 cores Balanced architecture for secure data serving Ø Processor speed, cache size, memory Ø CPU utilization and z/VM hypervisor Ø Spare CPU’s Ø I/O Subsystem Ø Exclusive on-chip compression and per-core crypto for secure data serving Systems / LinuxONE / © Copyright 2019 IBM Corp.
Hyper Protect Virtual Servers In planning z/OS Cloud Broker Beta available GA coming Secure Service Container for IBM Cloud Private Available today IBM Cloud Private on Z Available today Private Cloud IBP on ICP on Z Available today Hyper Protect Services IBM Cloud Z - Hyper Protect Services | © 2019 IBM Corporation IBM Cloud Hyper Protect Virtual Servers Experimental today GA in 2019 IBM Cloud Hyper Protect Containers In planning IBM Cloud Hyper Protect DBaaS Available today IBM Cloud Hyper Protect Crypto Services Available today Public Cloud
IBM Cloud Z - Hyper Protect Services | © 2019 IBM Corporation Data Security in the Cloud and potential Attack Vectors... Manage Access Protect Data Gain Visibility Secure Platform Key Management Data-at-rest Encryption Data-in-use Protection Identity & Access Network Threat Protection Audit/ Activity Logs Certificate Management Security Posture Data-in-transit Protection External Attacker External Threats Insider / 3rd Party Cloud Provider ?
Hyper Protect DBaaS High Availability • 3 replicas by default • Multizone setup in Dallas Frankfurt (08/22) and Sydney planned • Automatic daily backups included Available as Hyper Protect Database for MongoDB (3.6 EE) Hyper Protect Database for PostgreSQL (10) IBM Cloud Z - Hyper Protect Services | © 2019 IBM Corporation Secure Enclave IBM Z/LinuxONE Platform Postgre SQL Customer 1 Secure Enclave Postgre SQL Customer n Secure Enclave Postgre SQL Customer 2 DB APIDB APIDB API Zone 2 LUKS LUKS LUKS Mongo Enterprise license Identical developer experience to IBM Cloud Databases Enable Security by default on high available and resilient hardware Security and Performance avoids risky trade-offs. (Higher per CPU performance compared to AWS RDS PostgreSQL; Hammer DB TPC-C 10GB/50 WH - Benchmark run*) *internal benchmark, do not share.
IBM Cloud Z - Hyper Protect Services | © 2019 IBM Corporation Example opportunity from the automotive industry ... DataRuntime More detailed information about this case can be found at https://w3-03.ibm.com/services/lighthouse/documents/134286 Storage of classified data in the cloud is an important threat for our customers -> HPDBaaS provides the answer to customers needs and unlocks their path to cloud Having a place to store the highly sensitive datasets allows the entire application to move to the cloud, which in turn is going to leverage the rest of the IBM public cloud. Enabling new customers and new classes of workloads to move to our public cloud. Classified data Non-classified data
LinuxONE III + MongoDB Data Serving Data Security Hybrid Multicloud Integration Standardized & Flexible for the Cloud Datacenter Delivering modular, scalable, and proven, cloud-ready infrastructure Systems / LinuxONE / © Copyright 2019 IBM Corp.
IBM Cloud Z - Hyper Protect Services | © 2019 IBM Corporation
Notices and Disclaimers 38 Systems / LinuxONE / © 2019 IBM Corporation © 2019 International Business Machines Corporation. No part of this document may be reproduced or transmitted in any form without written permission from IBM. U.S. Government Users Restricted Rights — use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM. Information in these presentations (including information relating to products that have not yet been announced by IBM) has been reviewed for accuracy as of the date of initial publication and could include unintentional technical or typographical errors. IBM shall have no responsibility to update this information. This document is distributed “as is” without any warranty, either express or implied. In no event, shall IBM be liable for any damage arising from the use of this information, including but not limited to, loss of data, business interruption, loss of profit or loss of opportunity. IBM products and services are warranted per the terms and conditions of the agreements under which they are provided. IBM products are manufactured from new parts or new and used parts. In some cases, a product may not be new and may have been previously installed. Regardless, our warranty terms apply.” Any statements regarding IBM's future direction, intent or product plans are subject to change or withdrawal without notice. Performance data contained herein was generally obtained in a controlled, isolated environments. Customer examples are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary. References in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM operates or does business. Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views of IBM. All materials and discussions are provided for informational purposes only, and are neither intended to, nor shall constitute legal or other guidance or advice to any individual participant or their specific situation. It is the customer’s responsibility to insure its own compliance with legal requirements and to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer follows any law.
Notices and Disclaimers continued 39 Systems / LinuxONE / © 2019 IBM Corporation Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products about this publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. IBM does not warrant the quality of any third-party products, or the ability of any such third-party products to interoperate with IBM’s products. IBM expressly disclaims all warranties, expressed or implied, including but not limited to, the implied warranties of merchantability and fitness for a purpose. The provision of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents, copyrights, trademarks or other intellectual property right. IBM, the IBM logo, ibm.com and [names of other referenced IBM products and services used in the presentation] are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at: www.ibm.com/legal/copytrade.shtml.

Recomendados

MongoDB SoCal 2020: Migrate Anything* to MongoDB Atlas
MongoDB SoCal 2020: Migrate Anything* to MongoDB AtlasMongoDB SoCal 2020: Migrate Anything* to MongoDB Atlas
MongoDB SoCal 2020: Migrate Anything* to MongoDB AtlasMongoDB
 
MongoDB SoCal 2020: Go on a Data Safari with MongoDB Charts!
MongoDB SoCal 2020: Go on a Data Safari with MongoDB Charts!MongoDB SoCal 2020: Go on a Data Safari with MongoDB Charts!
MongoDB SoCal 2020: Go on a Data Safari with MongoDB Charts!MongoDB
 
MongoDB SoCal 2020: Using MongoDB Services in Kubernetes: Any Platform, Devel...
MongoDB SoCal 2020: Using MongoDB Services in Kubernetes: Any Platform, Devel...MongoDB SoCal 2020: Using MongoDB Services in Kubernetes: Any Platform, Devel...
MongoDB SoCal 2020: Using MongoDB Services in Kubernetes: Any Platform, Devel...MongoDB
 
MongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDB
MongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDBMongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDB
MongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDBMongoDB
 
MongoDB SoCal 2020: From Pharmacist to Analyst: Leveraging MongoDB for Real-T...
MongoDB SoCal 2020: From Pharmacist to Analyst: Leveraging MongoDB for Real-T...MongoDB SoCal 2020: From Pharmacist to Analyst: Leveraging MongoDB for Real-T...
MongoDB SoCal 2020: From Pharmacist to Analyst: Leveraging MongoDB for Real-T...MongoDB
 
MongoDB SoCal 2020: Best Practices for Working with IoT and Time-series Data
MongoDB SoCal 2020: Best Practices for Working with IoT and Time-series DataMongoDB SoCal 2020: Best Practices for Working with IoT and Time-series Data
MongoDB SoCal 2020: Best Practices for Working with IoT and Time-series DataMongoDB
 
MongoDB SoCal 2020: MongoDB Atlas Jump Start
MongoDB SoCal 2020: MongoDB Atlas Jump Start MongoDB SoCal 2020: MongoDB Atlas Jump Start
MongoDB SoCal 2020: MongoDB Atlas Jump StartMongoDB
 
MongoDB .local San Francisco 2020: Powering the new age data demands [Infosys]
MongoDB .local San Francisco 2020: Powering the new age data demands [Infosys]MongoDB .local San Francisco 2020: Powering the new age data demands [Infosys]
MongoDB .local San Francisco 2020: Powering the new age data demands [Infosys]MongoDB
 

Recomendados

MongoDB SoCal 2020: Migrate Anything* to MongoDB Atlas
MongoDB SoCal 2020: Migrate Anything* to MongoDB AtlasMongoDB SoCal 2020: Migrate Anything* to MongoDB Atlas
MongoDB SoCal 2020: Migrate Anything* to MongoDB AtlasMongoDB
 
MongoDB SoCal 2020: Go on a Data Safari with MongoDB Charts!
MongoDB SoCal 2020: Go on a Data Safari with MongoDB Charts!MongoDB SoCal 2020: Go on a Data Safari with MongoDB Charts!
MongoDB SoCal 2020: Go on a Data Safari with MongoDB Charts!MongoDB
 
MongoDB SoCal 2020: Using MongoDB Services in Kubernetes: Any Platform, Devel...
MongoDB SoCal 2020: Using MongoDB Services in Kubernetes: Any Platform, Devel...MongoDB SoCal 2020: Using MongoDB Services in Kubernetes: Any Platform, Devel...
MongoDB SoCal 2020: Using MongoDB Services in Kubernetes: Any Platform, Devel...MongoDB
 
MongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDB
MongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDBMongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDB
MongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDBMongoDB
 
MongoDB SoCal 2020: From Pharmacist to Analyst: Leveraging MongoDB for Real-T...
MongoDB SoCal 2020: From Pharmacist to Analyst: Leveraging MongoDB for Real-T...MongoDB SoCal 2020: From Pharmacist to Analyst: Leveraging MongoDB for Real-T...
MongoDB SoCal 2020: From Pharmacist to Analyst: Leveraging MongoDB for Real-T...MongoDB
 
MongoDB SoCal 2020: Best Practices for Working with IoT and Time-series Data
MongoDB SoCal 2020: Best Practices for Working with IoT and Time-series DataMongoDB SoCal 2020: Best Practices for Working with IoT and Time-series Data
MongoDB SoCal 2020: Best Practices for Working with IoT and Time-series DataMongoDB
 
MongoDB SoCal 2020: MongoDB Atlas Jump Start
MongoDB SoCal 2020: MongoDB Atlas Jump Start MongoDB SoCal 2020: MongoDB Atlas Jump Start
MongoDB SoCal 2020: MongoDB Atlas Jump StartMongoDB
 
MongoDB .local San Francisco 2020: Powering the new age data demands [Infosys]
MongoDB .local San Francisco 2020: Powering the new age data demands [Infosys]MongoDB .local San Francisco 2020: Powering the new age data demands [Infosys]
MongoDB .local San Francisco 2020: Powering the new age data demands [Infosys]MongoDB
 
MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2
MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2
MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2MongoDB
 
MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...
MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...
MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...MongoDB
 
MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!
MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!
MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!MongoDB
 
MongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your Mindset
MongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your MindsetMongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your Mindset
MongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your MindsetMongoDB
 
MongoDB .local San Francisco 2020: MongoDB Atlas Jumpstart
MongoDB .local San Francisco 2020: MongoDB Atlas JumpstartMongoDB .local San Francisco 2020: MongoDB Atlas Jumpstart
MongoDB .local San Francisco 2020: MongoDB Atlas JumpstartMongoDB
 
MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...
MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...
MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...MongoDB
 
MongoDB .local San Francisco 2020: Aggregation Pipeline Power++
MongoDB .local San Francisco 2020: Aggregation Pipeline Power++MongoDB .local San Francisco 2020: Aggregation Pipeline Power++
MongoDB .local San Francisco 2020: Aggregation Pipeline Power++MongoDB
 
MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...
MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...
MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...MongoDB
 
MongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep Dive
MongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep DiveMongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep Dive
MongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep DiveMongoDB
 
MongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & Golang
MongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & GolangMongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & Golang
MongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & GolangMongoDB
 
MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...
MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...
MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...MongoDB
 
MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...
MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...
MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...MongoDB
 
MongoDB .local Paris 2020: Les bonnes pratiques pour sécuriser MongoDB
MongoDB .local Paris 2020: Les bonnes pratiques pour sécuriser MongoDBMongoDB .local Paris 2020: Les bonnes pratiques pour sécuriser MongoDB
MongoDB .local Paris 2020: Les bonnes pratiques pour sécuriser MongoDBMongoDB
 
MongoDB .local Paris 2020: Tout savoir sur le moteur de recherche Full Text S...
MongoDB .local Paris 2020: Tout savoir sur le moteur de recherche Full Text S...MongoDB .local Paris 2020: Tout savoir sur le moteur de recherche Full Text S...
MongoDB .local Paris 2020: Tout savoir sur le moteur de recherche Full Text S...MongoDB
 
MongoDB .local Paris 2020: Adéo @MongoDB : MongoDB Atlas & Leroy Merlin : et ...
MongoDB .local Paris 2020: Adéo @MongoDB : MongoDB Atlas & Leroy Merlin : et ...MongoDB .local Paris 2020: Adéo @MongoDB : MongoDB Atlas & Leroy Merlin : et ...
MongoDB .local Paris 2020: Adéo @MongoDB : MongoDB Atlas & Leroy Merlin : et ...MongoDB
 
MongoDB .local Paris 2020: Les bonnes pratiques pour travailler avec les donn...
MongoDB .local Paris 2020: Les bonnes pratiques pour travailler avec les donn...MongoDB .local Paris 2020: Les bonnes pratiques pour travailler avec les donn...
MongoDB .local Paris 2020: Les bonnes pratiques pour travailler avec les donn...MongoDB
 
MongoDB .local Paris 2020: Devenez explorateur de données avec MongoDB Charts
MongoDB .local Paris 2020: Devenez explorateur de données avec MongoDB ChartsMongoDB .local Paris 2020: Devenez explorateur de données avec MongoDB Charts
MongoDB .local Paris 2020: Devenez explorateur de données avec MongoDB ChartsMongoDB
 
MongoDB .local Paris 2020: La puissance du Pipeline d'Agrégation de MongoDB
MongoDB .local Paris 2020: La puissance du Pipeline d'Agrégation de MongoDBMongoDB .local Paris 2020: La puissance du Pipeline d'Agrégation de MongoDB
MongoDB .local Paris 2020: La puissance du Pipeline d'Agrégation de MongoDBMongoDB
 
MongoDB .local Toronto 2019: Keep your Business Safe and Scaling Holistically...
MongoDB .local Toronto 2019: Keep your Business Safe and Scaling Holistically...MongoDB .local Toronto 2019: Keep your Business Safe and Scaling Holistically...
MongoDB .local Toronto 2019: Keep your Business Safe and Scaling Holistically...MongoDB
 
MongoDB .local Toronto 2019: MongoDB – Powering the new age data demands
MongoDB .local Toronto 2019: MongoDB – Powering the new age data demandsMongoDB .local Toronto 2019: MongoDB – Powering the new age data demands
MongoDB .local Toronto 2019: MongoDB – Powering the new age data demandsMongoDB
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 

Mais conteúdo relacionado

Mais de MongoDB

MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2
MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2
MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2MongoDB
 
MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...
MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...
MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...MongoDB
 
MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!
MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!
MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!MongoDB
 
MongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your Mindset
MongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your MindsetMongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your Mindset
MongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your MindsetMongoDB
 
MongoDB .local San Francisco 2020: MongoDB Atlas Jumpstart
MongoDB .local San Francisco 2020: MongoDB Atlas JumpstartMongoDB .local San Francisco 2020: MongoDB Atlas Jumpstart
MongoDB .local San Francisco 2020: MongoDB Atlas JumpstartMongoDB
 
MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...
MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...
MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...MongoDB
 
MongoDB .local San Francisco 2020: Aggregation Pipeline Power++
MongoDB .local San Francisco 2020: Aggregation Pipeline Power++MongoDB .local San Francisco 2020: Aggregation Pipeline Power++
MongoDB .local San Francisco 2020: Aggregation Pipeline Power++MongoDB
 
MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...
MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...
MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...MongoDB
 
MongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep Dive
MongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep DiveMongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep Dive
MongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep DiveMongoDB
 
MongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & Golang
MongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & GolangMongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & Golang
MongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & GolangMongoDB
 
MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...
MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...
MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...MongoDB
 
MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...
MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...
MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...MongoDB
 
MongoDB .local Paris 2020: Les bonnes pratiques pour sécuriser MongoDB
MongoDB .local Paris 2020: Les bonnes pratiques pour sécuriser MongoDBMongoDB .local Paris 2020: Les bonnes pratiques pour sécuriser MongoDB
MongoDB .local Paris 2020: Les bonnes pratiques pour sécuriser MongoDBMongoDB
 
MongoDB .local Paris 2020: Tout savoir sur le moteur de recherche Full Text S...
MongoDB .local Paris 2020: Tout savoir sur le moteur de recherche Full Text S...MongoDB .local Paris 2020: Tout savoir sur le moteur de recherche Full Text S...
MongoDB .local Paris 2020: Tout savoir sur le moteur de recherche Full Text S...MongoDB
 
MongoDB .local Paris 2020: Adéo @MongoDB : MongoDB Atlas & Leroy Merlin : et ...
MongoDB .local Paris 2020: Adéo @MongoDB : MongoDB Atlas & Leroy Merlin : et ...MongoDB .local Paris 2020: Adéo @MongoDB : MongoDB Atlas & Leroy Merlin : et ...
MongoDB .local Paris 2020: Adéo @MongoDB : MongoDB Atlas & Leroy Merlin : et ...MongoDB
 
MongoDB .local Paris 2020: Les bonnes pratiques pour travailler avec les donn...
MongoDB .local Paris 2020: Les bonnes pratiques pour travailler avec les donn...MongoDB .local Paris 2020: Les bonnes pratiques pour travailler avec les donn...
MongoDB .local Paris 2020: Les bonnes pratiques pour travailler avec les donn...MongoDB
 
MongoDB .local Paris 2020: Devenez explorateur de données avec MongoDB Charts
MongoDB .local Paris 2020: Devenez explorateur de données avec MongoDB ChartsMongoDB .local Paris 2020: Devenez explorateur de données avec MongoDB Charts
MongoDB .local Paris 2020: Devenez explorateur de données avec MongoDB ChartsMongoDB
 
MongoDB .local Paris 2020: La puissance du Pipeline d'Agrégation de MongoDB
MongoDB .local Paris 2020: La puissance du Pipeline d'Agrégation de MongoDBMongoDB .local Paris 2020: La puissance du Pipeline d'Agrégation de MongoDB
MongoDB .local Paris 2020: La puissance du Pipeline d'Agrégation de MongoDBMongoDB
 
MongoDB .local Toronto 2019: Keep your Business Safe and Scaling Holistically...
MongoDB .local Toronto 2019: Keep your Business Safe and Scaling Holistically...MongoDB .local Toronto 2019: Keep your Business Safe and Scaling Holistically...
MongoDB .local Toronto 2019: Keep your Business Safe and Scaling Holistically...MongoDB
 
MongoDB .local Toronto 2019: MongoDB – Powering the new age data demands
MongoDB .local Toronto 2019: MongoDB – Powering the new age data demandsMongoDB .local Toronto 2019: MongoDB – Powering the new age data demands
MongoDB .local Toronto 2019: MongoDB – Powering the new age data demandsMongoDB
 

Mais de MongoDB (20)

MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2
MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2
MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2
 
MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...
MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...
MongoDB .local San Francisco 2020: Using MongoDB Services in Kubernetes: any ...
 
MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!
MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!
MongoDB .local San Francisco 2020: Go on a Data Safari with MongoDB Charts!
 
MongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your Mindset
MongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your MindsetMongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your Mindset
MongoDB .local San Francisco 2020: From SQL to NoSQL -- Changing Your Mindset
 
MongoDB .local San Francisco 2020: MongoDB Atlas Jumpstart
MongoDB .local San Francisco 2020: MongoDB Atlas JumpstartMongoDB .local San Francisco 2020: MongoDB Atlas Jumpstart
MongoDB .local San Francisco 2020: MongoDB Atlas Jumpstart
 
MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...
MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...
MongoDB .local San Francisco 2020: Tips and Tricks++ for Querying and Indexin...
 
MongoDB .local San Francisco 2020: Aggregation Pipeline Power++
MongoDB .local San Francisco 2020: Aggregation Pipeline Power++MongoDB .local San Francisco 2020: Aggregation Pipeline Power++
MongoDB .local San Francisco 2020: Aggregation Pipeline Power++
 
MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...
MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...
MongoDB .local San Francisco 2020: A Complete Methodology of Data Modeling fo...
 
MongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep Dive
MongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep DiveMongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep Dive
MongoDB .local San Francisco 2020: MongoDB Atlas Data Lake Technical Deep Dive
 
MongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & Golang
MongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & GolangMongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & Golang
MongoDB .local San Francisco 2020: Developing Alexa Skills with MongoDB & Golang
 
MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...
MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...
MongoDB .local Paris 2020: Realm : l'ingrédient secret pour de meilleures app...
 
MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...
MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...
MongoDB .local Paris 2020: Upply @MongoDB : Upply : Quand le Machine Learning...
 
MongoDB .local Paris 2020: Les bonnes pratiques pour sécuriser MongoDB
MongoDB .local Paris 2020: Les bonnes pratiques pour sécuriser MongoDBMongoDB .local Paris 2020: Les bonnes pratiques pour sécuriser MongoDB
MongoDB .local Paris 2020: Les bonnes pratiques pour sécuriser MongoDB
 
MongoDB .local Paris 2020: Tout savoir sur le moteur de recherche Full Text S...
MongoDB .local Paris 2020: Tout savoir sur le moteur de recherche Full Text S...MongoDB .local Paris 2020: Tout savoir sur le moteur de recherche Full Text S...
MongoDB .local Paris 2020: Tout savoir sur le moteur de recherche Full Text S...
 
MongoDB .local Paris 2020: Adéo @MongoDB : MongoDB Atlas & Leroy Merlin : et ...
MongoDB .local Paris 2020: Adéo @MongoDB : MongoDB Atlas & Leroy Merlin : et ...MongoDB .local Paris 2020: Adéo @MongoDB : MongoDB Atlas & Leroy Merlin : et ...
MongoDB .local Paris 2020: Adéo @MongoDB : MongoDB Atlas & Leroy Merlin : et ...
 
MongoDB .local Paris 2020: Les bonnes pratiques pour travailler avec les donn...
MongoDB .local Paris 2020: Les bonnes pratiques pour travailler avec les donn...MongoDB .local Paris 2020: Les bonnes pratiques pour travailler avec les donn...
MongoDB .local Paris 2020: Les bonnes pratiques pour travailler avec les donn...
 
MongoDB .local Paris 2020: Devenez explorateur de données avec MongoDB Charts
MongoDB .local Paris 2020: Devenez explorateur de données avec MongoDB ChartsMongoDB .local Paris 2020: Devenez explorateur de données avec MongoDB Charts
MongoDB .local Paris 2020: Devenez explorateur de données avec MongoDB Charts
 
MongoDB .local Paris 2020: La puissance du Pipeline d'Agrégation de MongoDB
MongoDB .local Paris 2020: La puissance du Pipeline d'Agrégation de MongoDBMongoDB .local Paris 2020: La puissance du Pipeline d'Agrégation de MongoDB
MongoDB .local Paris 2020: La puissance du Pipeline d'Agrégation de MongoDB
 
MongoDB .local Toronto 2019: Keep your Business Safe and Scaling Holistically...
MongoDB .local Toronto 2019: Keep your Business Safe and Scaling Holistically...MongoDB .local Toronto 2019: Keep your Business Safe and Scaling Holistically...
MongoDB .local Toronto 2019: Keep your Business Safe and Scaling Holistically...
 
MongoDB .local Toronto 2019: MongoDB – Powering the new age data demands
MongoDB .local Toronto 2019: MongoDB – Powering the new age data demandsMongoDB .local Toronto 2019: MongoDB – Powering the new age data demands
MongoDB .local Toronto 2019: MongoDB – Powering the new age data demands
 

Último

"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 

Último (20)

"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 

MongoDB .local Chicago 2019: Keep your Business Safe and Scaling Holistically with MongoDB on LinuxONE

  • 1. Keep your Business Safe and Scaling Holistically with MongoDB on LinuxONE Rebecca Gott, Ph.D IBM Distinguished Engineer, IBM LinuxONE gott@us.ibm.com Systems / LinuxONE / Copyright 2019 IBM Corp.
  • 2. IBM Cloud Z - Hyper Protect Services | © 2019 IBM Corporation trust transitive verb ˈtrəst 1a: to rely on the truthfulness or accuracy of b: to place confidence in c: to hope or expect confidently soon 2a: to commit or place in one's care or keeping b: to permit to stay or go or to do something without fear or misgiving https://www.merriam-webster.com/dictionary/trust In whom or what do you trust? What is most important to you?
  • 3. Your EnterpriseThird Party Agents in an Cloud Environment: Who do you trust? IBM Cloud Z - Hyper Protect Services | © 2019 IBM Corporation Mr. Malicious Cloud SRE Application Admin Government Agent Network Admin Application User Database Admin Developer Hardware Vendor Software Vendor Storage Admin Доверяй, но проверяй; Doveryai, no proveryai)
  • 4. The only people you can truly trust… IBM Cloud Z - Hyper Protect Services | © 2019 IBM Corporation …are those who do not have your best interests at heart. People make mistakes, people can be corrupted. Your EnterpriseThird Party Mr. Malicious IBM Cloud SRE Application Admin Government Agent Network Admin Application User Database Admin Developer Hardware Vendor Software Vendor Storage Admin How do you establish trust in an untrusting ecosystem?
  • 5. 5 App C Bins/Libs Bins/Libs Docker Linux Host OS X86 Infrastructure Docker Container AttackerDocker Group Hot Wallet 1 Access the Docker Group to which the user is a member (many Docker Groups have hardcoded credentials for ease of use) Obtain root level system access and, as a superuser, run this command: 2 3 4 Trade funds from the exchange’s hot wallet to attacker’s wallet $ docker run -v /home/${USER}:/h_docs ubuntu bash -c "cp /bin/bash /h_docs/rootshell && chmod 4777 /h_docs/rootshell;" && ~/rootshell -p Obtain a system administrator’s account credentials: • Social Engineering / Credential Reuse • Account Takeover of Cloud Hosting • Application Vulnerability Permission Exploit
  • 6. Significant breaches… Who is next? IBM LinuxONE / Secure Cloud / © 2019 IBM Corporation Late 2016 57 million driver and rider accounts compromised $100,00 ransom to hackers Paid $148M to settle claims July 2017 Website breach 145.5 million people affected Feb 2018 Kubernetes Container Management console not password protected June 2018 Disgruntled Employee with “higher system privileges than necessary” https://www.equifaxsecurity2017.com/ https://www.eweek.com/cloud/tesla-cloud-account-data-breach-revealed-in-redlock-security-report https://www.securityweek.com/tesla-breach-malicious-insider-revenge-or-whistleblowing https://www.nytimes.com/2017/11/21/technology/uber-hack.htm http://news.marriott.com/2018/11/marriott-announces-starwood-guest-reservation-database-security-incident/ https://www.newsweek.com/amazon-capital-one-hack-data-leak-breach-paige-thompson-cybercrime-1451665 2x 6 NSA 2013 Copied and leaked classified information leveraging SysAdmin privileges Capital One July 2019 140,00 social security numbers 80,000 linked bank account numbers
  • 7. Data Privacy is no longer optional Organizations are facing unprecedented data privacy fines from GDPR and FTC January 2019 – July 2019 Systems / LinuxONE / © 2019 IBM Corporation July 12 $5 Billion July 22 $575M July 8 $230M July 9 $123M $57M 7
  • 8. And yet, either we’re still not protecting everything Only what we think will get audited Only what we would get fined for not encrypting today Or we’re encrypting, but not effectively Only at the storage media layer All-or-nothing approach: either you can’t get in the bank at all, or you can not only enter the bank, but can open all the safe deposit boxes There’s just too much data, and it’s too hard to protect it all 8Systems / LinuxONE / © 2019 IBM Corporation
  • 9. 9 While the data we need to protect keeps growing Data sent over internal and external networks Know- your- customer (KYC) forms IoT Database Backups Customer Profile Data Systems / LinuxONE / © Copyright 2019 IBM Corp.
  • 10. Systems / LinuxONE / © 2019 IBM Corporation Imagine if you had to encrypt all this data… You could do it if you had High-speed on-chip compression On-chip compression + on-chip encryption = storage reduction + security without impacting service levels, making it easier to protect data as it grows 10
  • 11. IBM LinuxONE III™: Architected for Secure Data Serving Systems / LinuxONE / © 2018 IBM Corporation Do the work of 1000 data-serving cores in a single 19” footprint On-chip crypto co-processor per core for fast encryption security On-chip compression lets you compress then encrypt everything, all on-chip, without impacting response times Grow from single-frame to multi-frame configurations within the same firmware hypervisor manager Up to 24 TB in single-frame, up to 40 TB in quad-frame Most highly rated Hardware Security Module: FIPS 140-2 Level 4 Secure Service Container appliances for hosting Hyper Secure Virtual Servers that protect against misuse of privileged credentials -- up to 85 per system Data Privacy Passports controller Systems / LinuxONE / © Copyright 2019 IBM Corp.
  • 12. Secure applications in the Secure Service Container 12 IBM Secure Service Container (SSC) Evil Admin REST API MongoDB running in protected memory Isolated Hyper Protect Runtime MongoDB running in protected memory Isolated Hyper Protect Runtime Secure Key FIPS 197 AES-256 encryption Administrators and applications must use white labeled Rest API No command line $ docker run –v… Secure Shell (SSH) Encrypted communications Encrypted IBM Flash Storage Firmware Tamper-proof SSC Secure Boot
  • 13. Protect your keys with an HSM that instantly destroys the master keys upon tamper detection, guaranteeing against loss to attackers 13 Tamper-evident physical security features (seals) on enclosed card FIPS 140-2 Level 2 FIPS 140-2 Level 3 FIPS 140-2 Level 4 Level 2 + Tamper detection and response for covers and doors* Complete 360 degree envelope of protection and response by destroying keys IBM Crypto Express 6S Unique to IBM:100 Nano second response & error-code correcting (prevents key loss due to CPU processing faults)* Some Level 3 vendors include key destruction, Level 3+
  • 14. 14 IBM Secure Service Container Secure Key FIPS 197 AES-256 encryption Secure Service Container Secure Key 2 HSM Master Key Storage Secure Key 1 Docker Container Secure Key 3 Layers of Encryption Isolated Hyper Protect Runtime IBM Crypto Express 6s HSM Trusted Key Entry 0110101.. True RNG 1. Master Key wrapped AES-256 bit key for storage and backups 2. Master Key wrapped AES-256 bit key for Secure Service Container encryption 3. Master Key wrapped AES-256 bit key for Individual Docker container applications. Encrypted IBM Flash Storage Encrypted Communications Encrypted IBM Cloud Object Store Backup Encrypted Communications MongoDB MongoDB Reporting Protected by LinuxONE Secure Private Cloud Platform Security Policy Wallets No key export. Master keys are simultaneously generated in multiple HSMs Isolated Hyper Protect Runtime
  • 15. Security at Scale – what makes LinuxONE so unique 15 16 TB Intel Software Guard Extensions (SGX) 0.00012 TB IBM Secure Service Container (SSC)
  • 16. LinuxONE - Super-Scalable and Elastic System Extreme Virtualization and Scale § Hypervisor partitioning built into firmware • Complete isolation – EAL5+ § 85 hypervisors– z/VM or KVM • 1k Linux guests/hypervisor • +2 million docker containers • 17TB MongoDB • Hypervisor communication is via fast, in-memory sockets – Hipersockets or Shared-OSA – 3x less latency than discrete servers • Massive dedicated I/O – 640 power co-processors • 692 MB L4 cache, 5Ghz core, dual-TLBs, crypto acceleration Super Elastic System § Non-disruptively add/remove resources from Linux guests § Non-disruptively add/remove Linux guests Compose high-performance, secure and scalable applications. Dynamically and seamlessly re-allocate resources. Scale-up data-serving + scale-out app-serving + right-time analytics for powerful engagement LinuxONE Hardware HiperSocket LAN / Shared OSA Linux guest Docker Docker Docker Docker … LPAR1 LPAR2 / KVM Scale-out Scale-up Linux guest LPAR3 / zVM Linux guest © 2019 IBM Corporation
  • 17. Scaling-up with MongoDB on LinuxONE Single MongoDB node on LinuxONE scales up to 17TBs with sustained throughput and response time <5ms, while supporting +4 Billion documents, 460,000 reads+writes/second, with no sharding required! We are committed to make MongoDB available on all major platforms and are excited to add support for IBM LinuxONE Enterprise Grade Linux and LinuxONE Platform. This announcement is a leap forward for customers who want to deploy modern, mission-critical applications built with MongoDB and take advantage of the performance, scalability and security of IBM s LinuxONE platform hardware products. --- Eliot Horowitz CTO & Founder, MongoDB © 2019 IBM Corporation
  • 18. MongoDB Scale-Up on LinuxONE III 19 Systems / LinuxONE / © 2019 IBM Corporation • MongoDB scale-up on LinuxONE III vs. scale- out on x86 cluster with replication
  • 19. MongoDB Scale-up on LinuxONE III vs. Scale-out on x86 Systems / LinuxONE / © 2019 IBM Corporation § Setup on LinuxONE III • 1TB aggregated database size • 3-node replica set • Journaling turned on • Database to memory ratio 4:1 • No sharding on LinuxONE III • 2 OSA cards • 1 primary + 2 secondaries in 3 LinuxONE LPARs • Flashsystem900 storage on LinuxONE III § Benchmark Setup – 3x LinuxONE III LPARs, 4 cores for the primary and 1 or 2 cores per secondary, 128 GB memory per LPAR, FlashSystem 900 storage • 1 shard (1 TB) • 2 replica (each 1 TB) – YCSB Benchmark read-mostly – MongoDB 4.0.6 on SLES 12 SP4, write concern “majority” – 2 driving blades with each 4 YCSB instances each with 64 threads, in total 512 threads LinuxONE III Setup LinuxONE III LPAR MongoDB Shard #0 Primary FlashSystem 900 10 Gbit/s LinuxONE III LPAR LinuxONE III LPAR MongoDB Shard #0 Secondary #0 MongoDB Shard #0 Secondary #1 x86 blade 0 YCSB 1 64 threads YCSB 0 64 threads YCSB 2 64 threads YCSB 3 64 threads x86 blade 1 YCSB 1 64 threads YCSB 0 64 threads YCSB 2 64 threads YCSB 3 64 threads
  • 20. MongoDB Scale-up on LinuxONE III vs. Scale-out on x86 21 Systems / LinuxONE / © 2019 IBM Corporation 21 § Setup on x86 • 1TB aggregated database size • 3-node replica set • Database to memory ratio 6:1 • Sharding on x86 • 4 shards + 8 secondaries on 4 x86 server • Local SSD storage on x86 § Benchmark Setup – 5 x86 Skylake each with 12 cores, 128 GB memory, local SSDs (~ 1TB) • Each server hosting 1 shard (256 GB) and 2 replica (2x 256 GB) – YCSB Benchmark read-mostly – MongoDB 4.0.6 (or newer) on SLES 12 SP4, write concern “majority” – 2 driving blades with each 4 YCSB instances each with 64 threads, in total 512 threads x86 Cluster Configuration x86 Server #0 (local SSDs) x86 Server #1 (local SSDs) x86 Server #2 (local SSDs) x86 Server #3 (local SSDs) x86 Server # 5 (local SSDs) Router (Mongos) x86 blade 0 YCSB 1 64 threads YCSB 0 64 threads YCSB 2 64 threads YCSB 3 64 threads x86 blade 1 YCSB 1 64 threads YCSB 0 64 threads YCSB 2 64 threads YCSB 3 64 threads Shard #0 Primary Shard #3 Secondar y #0 Shard #1 Primary Shard #0 Secondar y #0 Shard #2 Primary Shard #1 Secondar y #0 Shard #3 Primary Shard #2 Secondar y #0 Shard #0 Secondar y #1 Shard #1 Secondar y #1 Shard #2 Secondar y #1 Shard #3 Secondar y #1
  • 21. MongoDB Scale-up on LinuxONE III vs. Scale-out on x86 22 Systems / LinuxONE / © 2019 IBM Corporation Disclaimer: Performance results based on IBM internal tests running YCSB 0.10.0 benchmark (read-mostly) on MongoDB Enterprise Release 4.0.6 with 3-node replication. On LinuxONE III MongoDB was setup without sharding. On x86 MongoDB was setup with four shards. Results may vary. x86 config: 5 Intel® Xeon® Gold 6140 CPU @ 2.30GHz with Hyperthreading turned on, 128 GB memory, 2 TB local RAID5 SSD storage, SLES12 SP4 running MongoDB, driven remotely by YCSB using 5 x86 server with total 512 threads LinuxONE III configuration: LPAR with 4 dedicated cores and 2 LPARs with each 1 core, each with SMT and 128 GB memory, 5 TB FlashSystem 900 storage, SLES 12 SP4 (SMT mode) running MongoDB, driven remotely by YCSB using 4 x86 servers with total 512 threads. Run the Yahoo Cloud Serving Benchmark (YCSB) on MongoDB without sharding on IBM LinuxONE III with 6 cores in total and achieve the same throughput as on MongoDB with 4 shards on compared x86 systems with 60 cores in total, which provides a 10:1 core consolidation ratio in favor of LinuxONE III Preliminary results, final results may vary
  • 22. MongoDB Scale-up on LinuxONE III vs. Scale-out on x86 23 Systems / LinuxONE / © 2019 IBM Corporation Run the Yahoo Cloud Serving Benchmark (YCSB) on MongoDB without sharding on IBM LinuxONE III with up to 3.7x better read latency and 2.4x better write latency than on MongoDB with four shards on compared x86 systems 2.4x 3.7x Preliminary results, final results may vary Disclaimer: Performance results based on IBM internal tests running YCSB 0.10.0 benchmark (read-mostly) on MongoDB Enterprise Release 4.0.6 with 3-node replication. On LinuxONE III MongoDB was setup without sharding. On x86 MongoDB was setup with four shards. Results may vary. x86 config: 5 Intel® Xeon® Gold 6140 CPU @ 2.30GHz with Hyperthreading turned on, 128 GB memory, 2 TB local RAID5 SSD storage, SLES12 SP4 running MongoDB, driven remotely by YCSB using 5 x86 server with total 512 threads LinuxONE III configuration: LPAR with 4 dedicated cores and 2 LPARs with each 1 core, each with SMT and 128 GB memory, 5 TB FlashSystem 900 storage, SLES 12 SP4 (SMT mode) running MongoDB, driven remotely by YCSB using 4 x86 servers with total 512 threads.
  • 23. MongoDB Backup and Encryption 24 Systems / LinuxONE / © 2019 IBM Corporation • MongoDB backup performance on encrypted btrfs volume on LinuxONE III
  • 24. MongoDB Dump (Backup) and Restore 25 § Disaster Recovery via remote dump and restore procedure § Database dumps are taken periodically and are usually compressed § Restore process can take a long time if: • Single large collection • Backup is compressed Systems / LinuxONE / © 2019 IBM Corporation DatabaseDatabase Dump (Backup) Restore libz.so zip gzip libz.so unzip gunzip zEDC Compressed DB: J Low storage J Quick transfer L High complexity L Less robust
  • 25. Compressing Data with Integrated Accelerator for zEDC before Encryption 26 Systems / LinuxONE / © 2019 IBM Corporation MongoDB MongoDB IBM System Storage DS8000 IBM System Storage DS8000 • Benchmark Setup • Ran mongodump • with software compression (pigz -1) on x86 • with gzip exploiting the Integrated Accelerator for z Enterprise Data Compression on LinuxONE III • MongoDB database size 355 GB • System Stack • LinuxONE III • LPAR with 1-8 dedicated cores • s and 1.5 TB memory running RHEL 7.6 with SMT enabled • Database located on IBM DS8000 storage • MongoDB 4.0.6 • gzip based on source code level https://git.savannah.gnu.org/git/gzip.git commit 7a6f9c9c3267185a299ad178607ac5e3716ab4a5 • x86 • 1-8 Intel® Xeon® Gold 6140 CPU @ 2.30GHz w/ Hyperthreading turned on, 1.5 TB of memory running RHEL 7.6 • Database located on IBM DS8000 storage • MongoDB 4.0.6 • pigz pigz -1 Int. Acc. for zEDC x86 Skylake LinuxONE III
  • 26. Compressing Data with Integrated Accelerator for zEDC before Encryption 27 Systems / LinuxONE / © 2019 IBM Corporation Perform a MongoDB database dump on an encrypted and compressed Btrfs volume on LinuxONE III using the Integrated Accelerator for z Enterprise Data Compression up to 3.2x faster and with up to 3.6x less CPU time versus a compared x86 platform using software compression Disclaimer: Performance results based on IBM internal tests running database dump with compression on MongoDB 4.0.6 on a database of size 355 GB using pigz -1 on x86 and gzip -1 (gzip based on source code level https://git.savannah.gnu.org/git/gzip.git commit 7a6f9c9c3267185a299ad178607ac5e3716ab4a5) on LinuxONE III. The database dump file size on LinuxONE III is 20% bigger than on x86. Results may vary. LinuxONE III configuration: LPAR with 2 dedicated cores, 1.5 TB memory, RHEL 7.6 in SMT mode, database located on IBM DS8000 storage. x86 configuration: 2 Intel® Xeon® Gold 6140 CPU @ 2.30GHz with Hyperthreading turned on, 1.5 TB memory, RHEL 7.6, database located on IBM DS8000 storage. 3.2x 2.2x 1.9x 3.6x 2.8x 3.0x
  • 27. LinuxONE TCO Studies 28 Systems / LinuxONE / © 2019 IBM Corporation • Use case I • Use case II
  • 28. § Consolidation – From: 42 Dell R730, 1,512 cores – To: 2 LinuxONE Emperor II, 135 cores § TCO comparison summary – 11:1 core consolidation ratio from Dell to IBM LinuxONE – 41% lower TCO, saving $12M over 5 years – Savings begin Year 1 – The difference in annual run rate is ~$2.5M Customer case 1: IBM LinuxONE Emperor II 29 Source: IBM IT Economics team Systems / LinuxONE / © 2019 IBM Corporation
  • 29. § Consolidation – From: 30 HP ProLiant, 300 cores – To: 1 IBM LinuxONE Rockhopper II, 15 cores § TCO Comparison Summary – 20:1 core consolidation ratio from HP Intel servers to IBM LinuxONE Rockhopper – 55.6% lower TCO, saving $3.28M over 5 years – Savings begin Year 1 Customer case 2: IBM LinuxONE Rockhopper II Source: IBM IT Economics team 30 Systems / LinuxONE / © 2019 IBM Corporation
  • 30. How LinuxONE can consolidate so many x86 cores Balanced architecture for secure data serving Ø Processor speed, cache size, memory Ø CPU utilization and z/VM hypervisor Ø Spare CPU’s Ø I/O Subsystem Ø Exclusive on-chip compression and per-core crypto for secure data serving Systems / LinuxONE / © Copyright 2019 IBM Corp.
  • 31. Hyper Protect Virtual Servers In planning z/OS Cloud Broker Beta available GA coming Secure Service Container for IBM Cloud Private Available today IBM Cloud Private on Z Available today Private Cloud IBP on ICP on Z Available today Hyper Protect Services IBM Cloud Z - Hyper Protect Services | © 2019 IBM Corporation IBM Cloud Hyper Protect Virtual Servers Experimental today GA in 2019 IBM Cloud Hyper Protect Containers In planning IBM Cloud Hyper Protect DBaaS Available today IBM Cloud Hyper Protect Crypto Services Available today Public Cloud
  • 32. IBM Cloud Z - Hyper Protect Services | © 2019 IBM Corporation Data Security in the Cloud and potential Attack Vectors... Manage Access Protect Data Gain Visibility Secure Platform Key Management Data-at-rest Encryption Data-in-use Protection Identity & Access Network Threat Protection Audit/ Activity Logs Certificate Management Security Posture Data-in-transit Protection External Attacker External Threats Insider / 3rd Party Cloud Provider ?
  • 33. Hyper Protect DBaaS High Availability • 3 replicas by default • Multizone setup in Dallas Frankfurt (08/22) and Sydney planned • Automatic daily backups included Available as Hyper Protect Database for MongoDB (3.6 EE) Hyper Protect Database for PostgreSQL (10) IBM Cloud Z - Hyper Protect Services | © 2019 IBM Corporation Secure Enclave IBM Z/LinuxONE Platform Postgre SQL Customer 1 Secure Enclave Postgre SQL Customer n Secure Enclave Postgre SQL Customer 2 DB APIDB APIDB API Zone 2 LUKS LUKS LUKS Mongo Enterprise license Identical developer experience to IBM Cloud Databases Enable Security by default on high available and resilient hardware Security and Performance avoids risky trade-offs. (Higher per CPU performance compared to AWS RDS PostgreSQL; Hammer DB TPC-C 10GB/50 WH - Benchmark run*) *internal benchmark, do not share.
  • 34. IBM Cloud Z - Hyper Protect Services | © 2019 IBM Corporation Example opportunity from the automotive industry ... DataRuntime More detailed information about this case can be found at https://w3-03.ibm.com/services/lighthouse/documents/134286 Storage of classified data in the cloud is an important threat for our customers -> HPDBaaS provides the answer to customers needs and unlocks their path to cloud Having a place to store the highly sensitive datasets allows the entire application to move to the cloud, which in turn is going to leverage the rest of the IBM public cloud. Enabling new customers and new classes of workloads to move to our public cloud. Classified data Non-classified data
  • 35. LinuxONE III + MongoDB Data Serving Data Security Hybrid Multicloud Integration Standardized & Flexible for the Cloud Datacenter Delivering modular, scalable, and proven, cloud-ready infrastructure Systems / LinuxONE / © Copyright 2019 IBM Corp.
  • 36. IBM Cloud Z - Hyper Protect Services | © 2019 IBM Corporation
  • 37. Notices and Disclaimers 38 Systems / LinuxONE / © 2019 IBM Corporation © 2019 International Business Machines Corporation. No part of this document may be reproduced or transmitted in any form without written permission from IBM. U.S. Government Users Restricted Rights — use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM. Information in these presentations (including information relating to products that have not yet been announced by IBM) has been reviewed for accuracy as of the date of initial publication and could include unintentional technical or typographical errors. IBM shall have no responsibility to update this information. This document is distributed “as is” without any warranty, either express or implied. In no event, shall IBM be liable for any damage arising from the use of this information, including but not limited to, loss of data, business interruption, loss of profit or loss of opportunity. IBM products and services are warranted per the terms and conditions of the agreements under which they are provided. IBM products are manufactured from new parts or new and used parts. In some cases, a product may not be new and may have been previously installed. Regardless, our warranty terms apply.” Any statements regarding IBM's future direction, intent or product plans are subject to change or withdrawal without notice. Performance data contained herein was generally obtained in a controlled, isolated environments. Customer examples are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary. References in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM operates or does business. Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views of IBM. All materials and discussions are provided for informational purposes only, and are neither intended to, nor shall constitute legal or other guidance or advice to any individual participant or their specific situation. It is the customer’s responsibility to insure its own compliance with legal requirements and to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer follows any law.
  • 38. Notices and Disclaimers continued 39 Systems / LinuxONE / © 2019 IBM Corporation Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products about this publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. IBM does not warrant the quality of any third-party products, or the ability of any such third-party products to interoperate with IBM’s products. IBM expressly disclaims all warranties, expressed or implied, including but not limited to, the implied warranties of merchantability and fitness for a purpose. The provision of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents, copyrights, trademarks or other intellectual property right. IBM, the IBM logo, ibm.com and [names of other referenced IBM products and services used in the presentation] are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at: www.ibm.com/legal/copytrade.shtml.