webinar - introducing couchbase 2.5: better reliability and security for enterprises
DESCRIPTION
Curious to know what’s new in Couchbase Server 2.5? Couchbase Server is a NoSQL document database for interactive apps. The latest 2.5 Couchbase Server release is here and includes several exciting features in areas like reliability, security and connection management. With this release, enterprises can use rack zone awareness and secure cross datacenter for better reliability and security. In this webinar, you’ll also get to see a hands-on tour of the new features in Couchbase Server with a live demo. What is rack-zone awareness in Couchbase Server and how it can be used for increased reliability and availability. How you can use secure cross datacenter replication for enhanced security on-the-wire when data is replicated from one datacenter to another, and How better connection management in Couchbase Server 2.5 can help you support many more clients, thus enabling higher scale.TRANSCRIPT
What’s new in 2.5
Don Pinto
Product Manager
Outline
What is Couchbase?
Product Roadmap Focus
Major Couchbase 2.5 Features
Download Couchbase Server 2.5
Resources
What is Couchbase?
Overview
Couchbase offers a full range of Data Management solutions
High Availability Cache
Key Value Document Mobile device
SSN: 400 658 9993Pass: ******
Pass: ******
Couchbase – The Complete NoSQL Solution
Easy Scalability
Consistent High Performance
FlexibleData Model
Always On 24x7x365
Grow cluster without application changes, without downtime when needed
Always awesome experience for your application users
The sun never sets on the Internet, your application needs the database to always serve data
Keep developers productive and allow fast and easy addition of new features
JSONJSONJSON
JSONJSON
PERFORMANCE
Product Roadmap Focus Areas
CouchbaseServer
Reliability
Security
PerformanceEase of
administration
Ease of development
Major Couchbase 2.5 Features
AVAILABILITY AND RELIABILITY
Rack awareness
Secure cross datacenter replication
Better connection management (in client)
SECURITY
EASE OF ADMINISTRATION
Rack awareness in Couchbase Server
What is rack awareness ? • Grouping of servers into server groups so that each group
is on a physically separate rack
• Ensures that replica data partitions are not on the same rack as the primary partitions
• Servers 1,2,3 on Rack 1
• Servers 4,5,6 on Rack 2
• Servers 7,8,9 on Rack 3
• Cluster has 2 replicas (3 copies of data)
• This is a balanced configuration
Why you need rack awareness?
• High Availability If a rack fails, data is still available and the app can get to the data
• Rack awareness is an HA solution, not a DR solution!
Primary copy fails
Manual failover promotes replica copies to active
Configuring rack awareness
• Configured through the management UI or by using the REST API
• Simple 2 step process STEP 1: Configure at least 2 server groups
Configuring rack awareness
STEP 2 : Configure all of the servers to use the server groups
Replication and rack awareness• Prior to 2.5, replica partitions were randomly distributed
across the cluster
• With rack awareness, replica partitions of a server group are distributed evenly to other server groups
Rack #1 Rack #2Server 1
Replica vBuckets for Group 2
Server 2Replica vBuckets for Group 2
Server 5Replica vBuckets for Group 1
Server 6Replica vBuckets for Group 1
Server 3Replica vBuckets for Group 2
Server 4Replica vBuckets for Group 2
Server 8Replica vBuckets for Group 1
Server 7Replica vBuckets for Group 1
Group 1
Server 1Server 2Server 3Server 4
Group 2
Server 5Server 6Server 7Server 8
Group 1 Replica vBuckets
Group 2 Replica vBuckets
Adding a server to a rack aware cluster
Rack #1 Rack #2Server 1
Replica vBuckets for Group 2Replica vBuckets for Server 9 in Group 1
Server 2Replica vBuckets for Group 2
Replica vBuckets for Server 9 in Group 1
Server 5Replica vBuckets for Group 1
Server 6Replica vBuckets for Group 1
Server 3Replica vBuckets for Group 2
Replica vBuckets for Server 9 in Group 1
Server 4Replica vBuckets for Group 2
Replica vBuckets for Server 9 in Group 1
Server 8Replica vBuckets for Group 1
Server 7Replica vBuckets for Group 1
Server 9Replica vBuckets for Group 2
Group 1
Server 1Server 2Server 3Server 4Server 9
Group 2
Server 5Server 6Server 7Server 8
• If a server group has more servers than the other, there is an imbalance The rebalance operation performs a best effort to evenly distribute
replica data partitions across the cluster.
Multiple instances on a physical machine
• Handy for development purposes Tested and supported on Linux
Demo: Rack Awareness
Things to remember about rack awareness
• Rack awareness is recommended for larger deployments that span multiple physical racks
• To use rack awareness all the servers in the cluster must be upgraded to Couchbase 2.5 enterprise edition
• By default all servers are added to the same server group This means rack awareness if off by default unless configured
• You still need XDCR to protect your data from datacenter failures for disaster recovery
• For best reliability, it is a good practice to have the same number of servers in each server group
Secure Cross Datacenter Replication
Cross Datacenter Replication ReviewCOUCHBASE SERVER CLUSTERNYC DATA CENTERACTIVE
Doc
Doc 2
SERVER 1
Doc 9
SERVER 2 SERVER 3
RAM
Doc Doc Doc
ACTIVE
Doc
Doc
Doc RAM
ACTIVE
Doc
Doc
DocRAM
DISK
Doc Doc Doc
DISK
Doc Doc Doc
DISK
COUCHBASE SERVER CLUSTERSF DATA CENTER
ACTIVE
Doc
Doc 2
SERVER 1
Doc 9
SERVER 2 SERVER 3
RAM
Doc Doc Doc
ACTIVE
Doc
Doc
Doc RAM
ACTIVE
Doc
Doc
DocRAM
DISK
Doc Doc Doc
DISK
Doc Doc Doc
DISK
Security Basics
Public Key Encryption
Encryption
“The quick brown fox jumps over the lazy dog”
“Py75c%bn&*)9|fDe^bDFaq#xzjFr@g5=&nmdFg$5knvMd’rkvegMs”
“The quick brown fox jumps over the lazy dog”
Decryption
Message
privatepublic
Clear-text output message
Recipient’s public key
Recipient’s private key
Cipher text
Digital Certificate
publicPublic Key
Other certificate info
What is secure cross data center replication?
• XDCR traffic is encrypted on the wire when it goes across the network
Why is secure cross datacenter replication important ?
• More and more sensitive data is getting stored in NoSQL databases
• Keep sensitive information across the internet encrypted so that only the intended recipient can understand it
• No built-in VPN support between different regional zones
Configuring secure cross datacenter replication
• STEP 1: Getting the destination SSL certificate
Configuring secure cross datacenter replication
• STEP 2: Setting up XDCR with the remote cluster certificate
Demo: Secure Cross Datacenter Replication
How does the network traffic look?Without Secure XDCR
How does the network traffic look?With Secure XDCR
Things to remember when using secure cross datacenter replication• Make sure that the ports used by XDCR are available
11214, 11215, 18091, 18092
• Periodically rotate the XDCR certificates There might be a slight backlog of items in the XDCR queue
• Encryption might cause a slight increase in CPU load on the source and destination clusters
• With secure XDCR, all traffic between source and destination cluster is encrypted For a given XDCR connection, all buckets replicated between the
source and destination are encrypted
Better Connection Management
COUCHBASE Client LibraryCOUCHBASE Client Library
COUCHBASE Client LibraryCOUCHBASE Client Library
Cluster map management
• Two new servers added
• Docs automatically rebalanced across cluster
• Cluster map updated
• App database calls now distributed over larger number of servers
REPLICA
ACTIVE
Doc 5
Doc 2
Doc
Doc
Doc 4
Doc 1
Doc
Doc
SERVER 1
REPLICA
ACTIVE
Doc 4
Doc 7
Doc
Doc
Doc 6
Doc 3
Doc
Doc
SERVER 2
REPLICA
ACTIVE
Doc 1
Doc 2
Doc
Doc
Doc 7
Doc 9
Doc
Doc
SERVER 3 SERVER 4 SERVER 5
REPLICA
ACTIVE
REPLICA
ACTIVE
Doc
Doc 8 Doc
Doc 9 Doc
Doc 2 Doc
Doc 8 Doc
Doc 5 Doc
Doc 6
READ/WRITE/UPDATE READ/WRITE/UPDATE
APP SERVER 1
COUCHBASE Client Library
CLUSTER MAP
COUCHBASE Client Library
CLUSTER MAP
APP SERVER 2
COUCHBASE SERVER CLUSTER
User Configured Replica Count = 1
CLUSTER MAP UPDATED VIA PERSISTENT CONNECTION
ON PORT 8091
CLUSTER MAP UPDATED OVER MEMCACHED PORT
11210
Better connection management (in client)
• Just-in-time publication of cluster topology map For every client, stateful connection is replaced with a just-in-time
configuration update over the memcached port (11210)
• Faster client bootstrap time and topology changes
• Higher scaling to support large number of clients
• More reliable behavior during rebalance and failover
Other Resources• Couchbase Server 2.5 Docs : http://docs.couchbase.com/
• Rack awareness in Couchbase Server : http://docs.couchbase.com/couchbase-manual-2.5/cb-admin/#rack-awareness
• Secure Cross Datacenter Replication : http://docs.couchbase.com/couchbase-manual-2.5/cb-admin/#xdcr-data-encryption
• Multiple instances of physical machine : http://docs.couchbase.com/couchbase-manual-2.5/cb-install/#installing-multiple-instances-on-a-machine
• Couchbase Server 2.5 Release Notes : http://docs.couchbase.com/couchbase-manual-2.5/cb-release-notes/
• Couchbase Blog : http://blog.couchbase.com
• Couchbase Server Community Portal : http://www.couchbase.com/communities/
Thank You!
Get Couchbase Server 2.5 http://www.couchbase.com/download
Don Pinto@NoSQLDon
Q & A
Encrypting messages
+
Session Key
Un-encryptedJSON Document
Encrypted Message
Session Key
+Recipient's Public key
from certificate
Private KeySession
Key
+
Encrypt
Encrypt
Un-encryptedJSON Document
Decrypt