ApsaraDB for MongoDB is developed based on the Apsara distributed operating system and a high-reliability storage engine and is compatible with the MongoDB protocol. ApsaraDB for MongoDB uses a multi-node architecture to ensure high availability and supports elastic scaling, disaster recovery, backup and restoration, and performance optimization.
ApsaraDB for MongoDB provides a comprehensive set of security features to protect your data. The following table summarizes the security categories and capabilities covered in this document.
| Security category | Capabilities | More information |
|---|---|---|
| Access control | Database account authentication, IP allowlists | Configure a whitelist or an ECS security group for an ApsaraDB for MongoDB instance |
| Network isolation | Virtual Private Cloud (VPC), classic network (legacy) | Switch the network type of an ApsaraDB for MongoDB instance |
| Data encryption | TLS encryption (in transit), Transparent Data Encryption (at rest) | Configure SSL encryption, Configure TDE |
| Backup and restoration | Snapshot-based backup, physical backup, logical backup; restoration by backup point, by point in time, or by database | Configure automatic backup, Configure manual backup |
| Disaster recovery | Multi-zone instances, cross-region disaster recovery (MongoShake) | Create a multi-zone replica set instance, Create a multi-zone sharded cluster instance |
| Version maintenance | Regular version releases, security-driven upgrades | Upgrade the major version, Update the minor version |
| Service authorization | Controlled access for Alibaba Cloud support teams | - |
Access control
ApsaraDB for MongoDB uses database account authentication and IP allowlists (whitelists) to control access and protect data security.
Database accounts
ApsaraDB for MongoDB requires username and password authentication to connect to an instance. The following rules apply:
When you create an ApsaraDB for MongoDB instance, an initial root database user is created by default. You can specify the password for the root database user during instance creation or reset the password afterward. For more information, see (Optional) Reset a password.
The root database user has all permissions on an ApsaraDB for MongoDB instance.
You can log on to the database as the root database user to add, delete, or grant permissions to other accounts.
IP allowlists
You can configure an IP allowlist (whitelist) for each ApsaraDB for MongoDB instance to control network access.
The default IP allowlist contains only 127.0.0.1, which means the instance is inaccessible from all external IP addresses. You must add authorized IP addresses before you can connect to the instance.You can configure IP allowlists by using one of the following methods:
| Method | Description |
|---|---|
| Console | Go to the Security Controls page of the ApsaraDB for MongoDB console. For more information, see Modify an IP address whitelist for an instance. |
| API | Call the ModifySecurityIps operation. |
Network isolation
ApsaraDB for MongoDB supports Virtual Private Cloud (VPC) and the classic network. We recommend that you use VPC because it provides stronger network isolation and security.
VPC
VPC enables advanced network access control for ApsaraDB for MongoDB. Combining VPC with IP allowlists significantly improves instance security.
A VPC allows you to build an isolated network environment in Alibaba Cloud. You can customize route tables, IP addresses, and gateways within a VPC to resolve resource conflicts. VPC achieves complete isolation of your network traffic by using underlying network protocols.
You can connect your on-premises data center to Alibaba Cloud by using a leased line or a VPN. This allows you to use the customized CIDR block of an ApsaraDB for MongoDB instance in a VPC to resolve resource conflicts. You can then access the ApsaraDB for MongoDB instance from both your data center and Alibaba Cloud Elastic Compute Service (ECS).
ApsaraDB for MongoDB instances deployed in a VPC can be accessed only by ECS instances in the same VPC. If necessary, you can apply for a public IP address to allow access from the Internet (not recommended). For example, you can allow access from elastic IP addresses (EIPs) of ECS instances or from the Internet egress of your data center.
Before you apply for a public IP address, you must configure the corresponding IP allowlist. For more information, see Modify an IP address whitelist for an instance.
For more information about how to apply for a public IP address, see (Optional) Apply for a public endpoint for an instance.
For more information about VPCs, see What is a VPC?
Classic network (legacy)
Classic network is a legacy network type. We recommend that you deploy new instances in a VPC for improved security.
Cloud services in the classic network are not isolated from each other. Unauthorized access to cloud services is blocked only by security groups or IP allowlists.
Data encryption
ApsaraDB for MongoDB provides encryption for data in transit and data at rest.
TLS encryption (in transit)
ApsaraDB for MongoDB provides TLS (Transport Layer Security) encryption, referred to as SSL encryption in the console. You can use the server root certificate to verify whether the destination database is an ApsaraDB for MongoDB instance. This helps prevent man-in-the-middle attacks.
ApsaraDB for MongoDB allows you to enable and update TLS certificates for servers to ensure data security and validity. For more information, see Configure SSL encryption for an instance.
TLS encryption cannot function correctly until the application authenticates the server. In addition, TLS encryption consumes extra CPU resources and affects the throughput and response time of ApsaraDB for MongoDB instances to a certain degree. The specific impact varies depending on the number of connection times and the data transfer frequency.
TDE (at rest)
ApsaraDB for MongoDB provides Transparent Data Encryption (TDE). TDE uses the Advanced Encryption Standard (AES) algorithm. The encryption key for TDE is encrypted and stored by Key Management Service (KMS).
After you enable TDE for an ApsaraDB for MongoDB instance, the data of the specified database or collection is encrypted before being written to any device such as an HDD, SSD, or PCIe card, or to any service such as Object Storage Service (OSS). As a result, data files and backups of the instance are all stored in ciphertext.
For more information, see Configure TDE for an instance.
Backup and restoration
ApsaraDB for MongoDB provides automatic and manual backup capabilities to ensure data integrity and reliability. Regular backups allow you to restore data in the event of unexpected issues.
Backup methods
ApsaraDB for MongoDB supports the following backup methods:
| Backup method | Description |
|---|---|
| Snapshot-based backup | Retains the state of disk data at a specific point in time. This method allows data to be restored within minutes. |
| Physical backup | Backs up the physical database files of an ApsaraDB for MongoDB instance. This method provides faster backup and restoration compared with logical backup. |
| Logical backup | Uses the mongodump tool to store operation records of databases in a logical backup file. This method restores data by replaying commands during restoration. |
For more information, see Configure automatic backup for an instance and Configure manual backup for an instance.
Restoration methods
ApsaraDB for MongoDB provides the following restoration methods:
| Restoration method | Description | Use case |
|---|---|---|
| Restore by backup point | Restores data to a new ApsaraDB for MongoDB instance by backup set. | Data restoration and verification |
| Restore by point in time | Restores data to a new ApsaraDB for MongoDB instance at a specific point in time. | Data restoration and verification |
| Restore databases | Restores one or more databases of an ApsaraDB for MongoDB instance to a specific point in time by using an associated backup. | Quick data restoration |
The backup and restoration methods that are supported vary based on the configuration of your ApsaraDB for MongoDB instance. For a complete reference, see Data restoration.
Instance disaster recovery
ApsaraDB for MongoDB provides multiple disaster recovery solutions, including multi-zone deployments within a region and cross-region data replication.
Multi-zone instances
Alibaba Cloud provides cloud computing services across multiple regions worldwide. Each region contains multiple zones. Faults are isolated between different zones within the same region, while network latency remains low between zones.
Single-zone deployment
An ApsaraDB for MongoDB single-zone instance runs on two physical servers within the same zone. All racks, air conditioners, circuits, and networks in the zone are fully redundant to ensure high availability. ApsaraDB for MongoDB uses asynchronous or semi-synchronous replication and an efficient primary/secondary failover mechanism to provide service availability that exceeds the limits of individual physical servers.
Multi-zone deployment
Multi-zone instances are deployed on physical servers across different zones. When one zone fails, services can be switched over to another zone in a short period of time. The entire switchover process requires no changes to your application code.
Each time you trigger a primary/secondary failover for an instance, the instance may be disconnected for up to 30 seconds. We recommend that you:
Perform failover operations during off-peak hours.
Ensure that your applications can automatically re-establish connections.
For more information, see:
Cross-region disaster recovery
ApsaraDB for MongoDB supports cross-region data disaster recovery using data synchronization tools such as MongoShake.
How it works
For example, you can replicate data from ApsaraDB for MongoDB Instance A in the China (Hangzhou) region to ApsaraDB for MongoDB Instance B in the China (Shanghai) region by using MongoShake. Instance B is a self-contained instance with its own endpoints, account, and permissions. Instance B can be used to recover data and serve read traffic in its region.
Instance A serves as the primary instance.
Instance B serves as the secondary instance.
If Instance A fails due to an unexpected event such as a natural disaster, Instance B can be promoted to the primary instance. Cross-region disaster recovery is achieved by modifying the database connection configurations in your application to forward requests to Instance B.
For more information, see Use MongoShake to perform one-way synchronization between ApsaraDB for MongoDB instances.
We recommend that you deploy the same geo-disaster recovery (cross-region disaster recovery) application on Instance A and Instance B to minimize the network instability and latency associated with cross-region access.
If Instance B is promoted to the primary instance, you must run the
killcommand to disable the MongoShake service. This stops data replication from Instance A to Instance B and prevents possible problems.
Version maintenance
ApsaraDB for MongoDB releases new database versions on a regular basis. Version upgrades help you benefit from the latest features, performance improvements, and security fixes.
Database upgrades are optional and are triggered only after you restart your ApsaraDB for MongoDB instances. For more information, see Upgrade the major version of an instance and Update the minor version of an instance.
When the ApsaraDB for MongoDB team determines that your current version has significant security risks, you will receive a scheduled upgrade notification.
The upgrade process is typically completed within 5 minutes. During the upgrade, several brief service interruptions may occur.
Service authorization
Alibaba Cloud enforces strict access boundaries for its support and development teams. Without your authorization, the Alibaba Cloud after-sales team and the ApsaraDB for MongoDB development team can view only the following information about your instances:
Resource information (such as purchase and expiry dates)
Fee information
Performance metrics (CPU, memory, and storage usage)
With your authorization:
The Alibaba Cloud after-sales team and the ApsaraDB for MongoDB development team can view or modify configurations of your ApsaraDB for MongoDB instances during a specified time period. For example, you can authorize them to view the IP allowlist and audit logs of an instance.
The Alibaba Cloud after-sales team and the ApsaraDB for MongoDB development team never proactively modify the connection information of your ApsaraDB for MongoDB instances. This includes the instance endpoint, database account, and password.