webinar - introducing couchbase 2.5: better reliability and security for enterprises
DESCRIPTION
Curious to know what’s new in Couchbase Server 2.5? Couchbase Server is a NoSQL document database for interactive apps. The latest 2.5 Couchbase Server release is here and includes several exciting features in areas like reliability, security and connection management. With this release, enterprises can use rack zone awareness and secure cross datacenter for better reliability and security. In this webinar, you’ll also get to see a hands-on tour of the new features in Couchbase Server with a live demo. What is rack-zone awareness in Couchbase Server and how it can be used for increased reliability and availability. How you can use secure cross datacenter replication for enhanced security on-the-wire when data is replicated from one datacenter to another, and How better connection management in Couchbase Server 2.5 can help you support many more clients, thus enabling higher scale.TRANSCRIPT
![Page 1: Webinar - Introducing Couchbase 2.5: Better Reliability and Security for Enterprises](https://reader035.vdocuments.site/reader035/viewer/2022081404/55861b56d8b42a7d428b4c13/html5/thumbnails/1.jpg)
What’s new in 2.5
Don Pinto
Product Manager
![Page 2: Webinar - Introducing Couchbase 2.5: Better Reliability and Security for Enterprises](https://reader035.vdocuments.site/reader035/viewer/2022081404/55861b56d8b42a7d428b4c13/html5/thumbnails/2.jpg)
Outline
What is Couchbase?
Product Roadmap Focus
Major Couchbase 2.5 Features
Download Couchbase Server 2.5
Resources
![Page 3: Webinar - Introducing Couchbase 2.5: Better Reliability and Security for Enterprises](https://reader035.vdocuments.site/reader035/viewer/2022081404/55861b56d8b42a7d428b4c13/html5/thumbnails/3.jpg)
What is Couchbase?
![Page 4: Webinar - Introducing Couchbase 2.5: Better Reliability and Security for Enterprises](https://reader035.vdocuments.site/reader035/viewer/2022081404/55861b56d8b42a7d428b4c13/html5/thumbnails/4.jpg)
Overview
Couchbase offers a full range of Data Management solutions
High Availability Cache
Key Value Document Mobile device
SSN: 400 658 9993Pass: ******
Pass: ******
![Page 5: Webinar - Introducing Couchbase 2.5: Better Reliability and Security for Enterprises](https://reader035.vdocuments.site/reader035/viewer/2022081404/55861b56d8b42a7d428b4c13/html5/thumbnails/5.jpg)
Couchbase – The Complete NoSQL Solution
Easy Scalability
Consistent High Performance
FlexibleData Model
Always On 24x7x365
Grow cluster without application changes, without downtime when needed
Always awesome experience for your application users
The sun never sets on the Internet, your application needs the database to always serve data
Keep developers productive and allow fast and easy addition of new features
JSONJSONJSON
JSONJSON
PERFORMANCE
![Page 6: Webinar - Introducing Couchbase 2.5: Better Reliability and Security for Enterprises](https://reader035.vdocuments.site/reader035/viewer/2022081404/55861b56d8b42a7d428b4c13/html5/thumbnails/6.jpg)
Product Roadmap Focus Areas
CouchbaseServer
Reliability
Security
PerformanceEase of
administration
Ease of development
![Page 7: Webinar - Introducing Couchbase 2.5: Better Reliability and Security for Enterprises](https://reader035.vdocuments.site/reader035/viewer/2022081404/55861b56d8b42a7d428b4c13/html5/thumbnails/7.jpg)
Major Couchbase 2.5 Features
AVAILABILITY AND RELIABILITY
Rack awareness
Secure cross datacenter replication
Better connection management (in client)
SECURITY
EASE OF ADMINISTRATION
![Page 8: Webinar - Introducing Couchbase 2.5: Better Reliability and Security for Enterprises](https://reader035.vdocuments.site/reader035/viewer/2022081404/55861b56d8b42a7d428b4c13/html5/thumbnails/8.jpg)
Rack awareness in Couchbase Server
![Page 9: Webinar - Introducing Couchbase 2.5: Better Reliability and Security for Enterprises](https://reader035.vdocuments.site/reader035/viewer/2022081404/55861b56d8b42a7d428b4c13/html5/thumbnails/9.jpg)
What is rack awareness ? • Grouping of servers into server groups so that each group
is on a physically separate rack
• Ensures that replica data partitions are not on the same rack as the primary partitions
• Servers 1,2,3 on Rack 1
• Servers 4,5,6 on Rack 2
• Servers 7,8,9 on Rack 3
• Cluster has 2 replicas (3 copies of data)
• This is a balanced configuration
![Page 10: Webinar - Introducing Couchbase 2.5: Better Reliability and Security for Enterprises](https://reader035.vdocuments.site/reader035/viewer/2022081404/55861b56d8b42a7d428b4c13/html5/thumbnails/10.jpg)
Why you need rack awareness?
• High Availability If a rack fails, data is still available and the app can get to the data
• Rack awareness is an HA solution, not a DR solution!
Primary copy fails
Manual failover promotes replica copies to active
![Page 11: Webinar - Introducing Couchbase 2.5: Better Reliability and Security for Enterprises](https://reader035.vdocuments.site/reader035/viewer/2022081404/55861b56d8b42a7d428b4c13/html5/thumbnails/11.jpg)
Configuring rack awareness
• Configured through the management UI or by using the REST API
• Simple 2 step process STEP 1: Configure at least 2 server groups
![Page 12: Webinar - Introducing Couchbase 2.5: Better Reliability and Security for Enterprises](https://reader035.vdocuments.site/reader035/viewer/2022081404/55861b56d8b42a7d428b4c13/html5/thumbnails/12.jpg)
Configuring rack awareness
STEP 2 : Configure all of the servers to use the server groups
![Page 13: Webinar - Introducing Couchbase 2.5: Better Reliability and Security for Enterprises](https://reader035.vdocuments.site/reader035/viewer/2022081404/55861b56d8b42a7d428b4c13/html5/thumbnails/13.jpg)
Replication and rack awareness• Prior to 2.5, replica partitions were randomly distributed
across the cluster
• With rack awareness, replica partitions of a server group are distributed evenly to other server groups
Rack #1 Rack #2Server 1
Replica vBuckets for Group 2
Server 2Replica vBuckets for Group 2
Server 5Replica vBuckets for Group 1
Server 6Replica vBuckets for Group 1
Server 3Replica vBuckets for Group 2
Server 4Replica vBuckets for Group 2
Server 8Replica vBuckets for Group 1
Server 7Replica vBuckets for Group 1
Group 1
Server 1Server 2Server 3Server 4
Group 2
Server 5Server 6Server 7Server 8
Group 1 Replica vBuckets
Group 2 Replica vBuckets
![Page 14: Webinar - Introducing Couchbase 2.5: Better Reliability and Security for Enterprises](https://reader035.vdocuments.site/reader035/viewer/2022081404/55861b56d8b42a7d428b4c13/html5/thumbnails/14.jpg)
Adding a server to a rack aware cluster
Rack #1 Rack #2Server 1
Replica vBuckets for Group 2Replica vBuckets for Server 9 in Group 1
Server 2Replica vBuckets for Group 2
Replica vBuckets for Server 9 in Group 1
Server 5Replica vBuckets for Group 1
Server 6Replica vBuckets for Group 1
Server 3Replica vBuckets for Group 2
Replica vBuckets for Server 9 in Group 1
Server 4Replica vBuckets for Group 2
Replica vBuckets for Server 9 in Group 1
Server 8Replica vBuckets for Group 1
Server 7Replica vBuckets for Group 1
Server 9Replica vBuckets for Group 2
Group 1
Server 1Server 2Server 3Server 4Server 9
Group 2
Server 5Server 6Server 7Server 8
• If a server group has more servers than the other, there is an imbalance The rebalance operation performs a best effort to evenly distribute
replica data partitions across the cluster.
![Page 15: Webinar - Introducing Couchbase 2.5: Better Reliability and Security for Enterprises](https://reader035.vdocuments.site/reader035/viewer/2022081404/55861b56d8b42a7d428b4c13/html5/thumbnails/15.jpg)
Multiple instances on a physical machine
• Handy for development purposes Tested and supported on Linux
![Page 16: Webinar - Introducing Couchbase 2.5: Better Reliability and Security for Enterprises](https://reader035.vdocuments.site/reader035/viewer/2022081404/55861b56d8b42a7d428b4c13/html5/thumbnails/16.jpg)
Demo: Rack Awareness
![Page 17: Webinar - Introducing Couchbase 2.5: Better Reliability and Security for Enterprises](https://reader035.vdocuments.site/reader035/viewer/2022081404/55861b56d8b42a7d428b4c13/html5/thumbnails/17.jpg)
Things to remember about rack awareness
• Rack awareness is recommended for larger deployments that span multiple physical racks
• To use rack awareness all the servers in the cluster must be upgraded to Couchbase 2.5 enterprise edition
• By default all servers are added to the same server group This means rack awareness if off by default unless configured
• You still need XDCR to protect your data from datacenter failures for disaster recovery
• For best reliability, it is a good practice to have the same number of servers in each server group
![Page 18: Webinar - Introducing Couchbase 2.5: Better Reliability and Security for Enterprises](https://reader035.vdocuments.site/reader035/viewer/2022081404/55861b56d8b42a7d428b4c13/html5/thumbnails/18.jpg)
Secure Cross Datacenter Replication
![Page 19: Webinar - Introducing Couchbase 2.5: Better Reliability and Security for Enterprises](https://reader035.vdocuments.site/reader035/viewer/2022081404/55861b56d8b42a7d428b4c13/html5/thumbnails/19.jpg)
Cross Datacenter Replication ReviewCOUCHBASE SERVER CLUSTERNYC DATA CENTERACTIVE
Doc
Doc 2
SERVER 1
Doc 9
SERVER 2 SERVER 3
RAM
Doc Doc Doc
ACTIVE
Doc
Doc
Doc RAM
ACTIVE
Doc
Doc
DocRAM
DISK
Doc Doc Doc
DISK
Doc Doc Doc
DISK
COUCHBASE SERVER CLUSTERSF DATA CENTER
ACTIVE
Doc
Doc 2
SERVER 1
Doc 9
SERVER 2 SERVER 3
RAM
Doc Doc Doc
ACTIVE
Doc
Doc
Doc RAM
ACTIVE
Doc
Doc
DocRAM
DISK
Doc Doc Doc
DISK
Doc Doc Doc
DISK
![Page 20: Webinar - Introducing Couchbase 2.5: Better Reliability and Security for Enterprises](https://reader035.vdocuments.site/reader035/viewer/2022081404/55861b56d8b42a7d428b4c13/html5/thumbnails/20.jpg)
Security Basics
![Page 21: Webinar - Introducing Couchbase 2.5: Better Reliability and Security for Enterprises](https://reader035.vdocuments.site/reader035/viewer/2022081404/55861b56d8b42a7d428b4c13/html5/thumbnails/21.jpg)
Public Key Encryption
Encryption
“The quick brown fox jumps over the lazy dog”
“Py75c%bn&*)9|fDe^bDFaq#xzjFr@g5=&nmdFg$5knvMd’rkvegMs”
“The quick brown fox jumps over the lazy dog”
Decryption
Message
privatepublic
Clear-text output message
Recipient’s public key
Recipient’s private key
Cipher text
![Page 22: Webinar - Introducing Couchbase 2.5: Better Reliability and Security for Enterprises](https://reader035.vdocuments.site/reader035/viewer/2022081404/55861b56d8b42a7d428b4c13/html5/thumbnails/22.jpg)
Digital Certificate
publicPublic Key
Other certificate info
![Page 23: Webinar - Introducing Couchbase 2.5: Better Reliability and Security for Enterprises](https://reader035.vdocuments.site/reader035/viewer/2022081404/55861b56d8b42a7d428b4c13/html5/thumbnails/23.jpg)
What is secure cross data center replication?
• XDCR traffic is encrypted on the wire when it goes across the network
![Page 24: Webinar - Introducing Couchbase 2.5: Better Reliability and Security for Enterprises](https://reader035.vdocuments.site/reader035/viewer/2022081404/55861b56d8b42a7d428b4c13/html5/thumbnails/24.jpg)
Why is secure cross datacenter replication important ?
• More and more sensitive data is getting stored in NoSQL databases
• Keep sensitive information across the internet encrypted so that only the intended recipient can understand it
• No built-in VPN support between different regional zones
![Page 25: Webinar - Introducing Couchbase 2.5: Better Reliability and Security for Enterprises](https://reader035.vdocuments.site/reader035/viewer/2022081404/55861b56d8b42a7d428b4c13/html5/thumbnails/25.jpg)
Configuring secure cross datacenter replication
• STEP 1: Getting the destination SSL certificate
![Page 26: Webinar - Introducing Couchbase 2.5: Better Reliability and Security for Enterprises](https://reader035.vdocuments.site/reader035/viewer/2022081404/55861b56d8b42a7d428b4c13/html5/thumbnails/26.jpg)
Configuring secure cross datacenter replication
• STEP 2: Setting up XDCR with the remote cluster certificate
![Page 27: Webinar - Introducing Couchbase 2.5: Better Reliability and Security for Enterprises](https://reader035.vdocuments.site/reader035/viewer/2022081404/55861b56d8b42a7d428b4c13/html5/thumbnails/27.jpg)
Demo: Secure Cross Datacenter Replication
![Page 28: Webinar - Introducing Couchbase 2.5: Better Reliability and Security for Enterprises](https://reader035.vdocuments.site/reader035/viewer/2022081404/55861b56d8b42a7d428b4c13/html5/thumbnails/28.jpg)
How does the network traffic look?Without Secure XDCR
![Page 29: Webinar - Introducing Couchbase 2.5: Better Reliability and Security for Enterprises](https://reader035.vdocuments.site/reader035/viewer/2022081404/55861b56d8b42a7d428b4c13/html5/thumbnails/29.jpg)
How does the network traffic look?With Secure XDCR
![Page 30: Webinar - Introducing Couchbase 2.5: Better Reliability and Security for Enterprises](https://reader035.vdocuments.site/reader035/viewer/2022081404/55861b56d8b42a7d428b4c13/html5/thumbnails/30.jpg)
Things to remember when using secure cross datacenter replication• Make sure that the ports used by XDCR are available
11214, 11215, 18091, 18092
• Periodically rotate the XDCR certificates There might be a slight backlog of items in the XDCR queue
• Encryption might cause a slight increase in CPU load on the source and destination clusters
• With secure XDCR, all traffic between source and destination cluster is encrypted For a given XDCR connection, all buckets replicated between the
source and destination are encrypted
![Page 31: Webinar - Introducing Couchbase 2.5: Better Reliability and Security for Enterprises](https://reader035.vdocuments.site/reader035/viewer/2022081404/55861b56d8b42a7d428b4c13/html5/thumbnails/31.jpg)
Better Connection Management
![Page 32: Webinar - Introducing Couchbase 2.5: Better Reliability and Security for Enterprises](https://reader035.vdocuments.site/reader035/viewer/2022081404/55861b56d8b42a7d428b4c13/html5/thumbnails/32.jpg)
COUCHBASE Client LibraryCOUCHBASE Client Library
COUCHBASE Client LibraryCOUCHBASE Client Library
Cluster map management
• Two new servers added
• Docs automatically rebalanced across cluster
• Cluster map updated
• App database calls now distributed over larger number of servers
REPLICA
ACTIVE
Doc 5
Doc 2
Doc
Doc
Doc 4
Doc 1
Doc
Doc
SERVER 1
REPLICA
ACTIVE
Doc 4
Doc 7
Doc
Doc
Doc 6
Doc 3
Doc
Doc
SERVER 2
REPLICA
ACTIVE
Doc 1
Doc 2
Doc
Doc
Doc 7
Doc 9
Doc
Doc
SERVER 3 SERVER 4 SERVER 5
REPLICA
ACTIVE
REPLICA
ACTIVE
Doc
Doc 8 Doc
Doc 9 Doc
Doc 2 Doc
Doc 8 Doc
Doc 5 Doc
Doc 6
READ/WRITE/UPDATE READ/WRITE/UPDATE
APP SERVER 1
COUCHBASE Client Library
CLUSTER MAP
COUCHBASE Client Library
CLUSTER MAP
APP SERVER 2
COUCHBASE SERVER CLUSTER
User Configured Replica Count = 1
CLUSTER MAP UPDATED VIA PERSISTENT CONNECTION
ON PORT 8091
CLUSTER MAP UPDATED OVER MEMCACHED PORT
11210
![Page 33: Webinar - Introducing Couchbase 2.5: Better Reliability and Security for Enterprises](https://reader035.vdocuments.site/reader035/viewer/2022081404/55861b56d8b42a7d428b4c13/html5/thumbnails/33.jpg)
Better connection management (in client)
• Just-in-time publication of cluster topology map For every client, stateful connection is replaced with a just-in-time
configuration update over the memcached port (11210)
• Faster client bootstrap time and topology changes
• Higher scaling to support large number of clients
• More reliable behavior during rebalance and failover
![Page 34: Webinar - Introducing Couchbase 2.5: Better Reliability and Security for Enterprises](https://reader035.vdocuments.site/reader035/viewer/2022081404/55861b56d8b42a7d428b4c13/html5/thumbnails/34.jpg)
Other Resources• Couchbase Server 2.5 Docs : http://docs.couchbase.com/
• Rack awareness in Couchbase Server : http://docs.couchbase.com/couchbase-manual-2.5/cb-admin/#rack-awareness
• Secure Cross Datacenter Replication : http://docs.couchbase.com/couchbase-manual-2.5/cb-admin/#xdcr-data-encryption
• Multiple instances of physical machine : http://docs.couchbase.com/couchbase-manual-2.5/cb-install/#installing-multiple-instances-on-a-machine
• Couchbase Server 2.5 Release Notes : http://docs.couchbase.com/couchbase-manual-2.5/cb-release-notes/
• Couchbase Blog : http://blog.couchbase.com
• Couchbase Server Community Portal : http://www.couchbase.com/communities/
![Page 35: Webinar - Introducing Couchbase 2.5: Better Reliability and Security for Enterprises](https://reader035.vdocuments.site/reader035/viewer/2022081404/55861b56d8b42a7d428b4c13/html5/thumbnails/35.jpg)
Thank You!
Get Couchbase Server 2.5 http://www.couchbase.com/download
Don Pinto@NoSQLDon
![Page 36: Webinar - Introducing Couchbase 2.5: Better Reliability and Security for Enterprises](https://reader035.vdocuments.site/reader035/viewer/2022081404/55861b56d8b42a7d428b4c13/html5/thumbnails/36.jpg)
Q & A
![Page 37: Webinar - Introducing Couchbase 2.5: Better Reliability and Security for Enterprises](https://reader035.vdocuments.site/reader035/viewer/2022081404/55861b56d8b42a7d428b4c13/html5/thumbnails/37.jpg)
Encrypting messages
+
Session Key
Un-encryptedJSON Document
Encrypted Message
Session Key
+Recipient's Public key
from certificate
Private KeySession
Key
+
Encrypt
Encrypt
Un-encryptedJSON Document
Decrypt