Navigation

Security Overview

Cloud Manager provides configurable encryption, authentication, and authorization to ensure the security of your Cloud Manager agents and MongoDB deployments. Cloud Manager supports SSL, MONGODB-CR, LDAP, and Kerberos.

SSL Encryption

Cloud Manager can use SSL for encrypting communications for the following Monitoring and Backup connections:

Access Control and Authentication

MongoDB uses Role-Based Access Control (RBAC) to determine access to a MongoDB system. When run with access control, MongoDB requires users to authenticate themselves to determine their access.

If you enable authentication for your deployments, the Cloud Manager agents authenticate to the deployments as MongoDB users with appropriate privileges.

If a MongoDB deployment runs with access control, the Monitoring and Backups must authenticate to the deployment as MongoDB users with appropriate access. See the following:

To learn more about authenticating with the supported mechanisms, see MONGODB-CR, LDAP, and Kerberos.

MONGODB-CR

Cloud Manager can use the MongoDB Challenge-Response (MONGODB-CR) authentication mechanism to authenticate to a MongoDB deployment. To learn more, see the MONGODB-CR section on the Authentication page in the MongoDB manual.

If your MongoDB deployment uses MONGODB-CR for authentication, you must create a MongoDB user for the Cloud Manager agents as well as specify the host’s authentication settings.

To create a MongoDB user, see Configure Monitoring Agent for Authentication and Configure Backup Agent for Authentication.

You can specify the host’s authentication settings when adding the host, or you can edit the settings for an existing host.

LDAP

Cloud Manager agents can use the LDAP authentication mechanism to authenticate to the MongoDB deployment.

If your MongoDB deployment uses LDAP for authentication, you must create a MongoDB user for the Cloud Manager agents as well as specify the host’s authentication settings.

To create a MongoDB user for the agents, see Configure Monitoring Agent for LDAP and Configure Backup Agent for LDAP Authentication.

You can specify the host’s authentication settings when adding the host, or you can edit the settings for an existing host.

Kerberos

If your MongoDB deployment uses Kerberos for authentication, you must create the Kerberos Principal for the Cloud Manager agents, create a MongoDB user for that Kerberos Principal, edit the agent’s configuration file, and specify the host’s authentication settings.

If you are running both the Monitoring and the Backup on the same server, then both agents must connect as the same Kerberos Principal.

To create a Kerberos Principal and the associated MongoDB user as well as edit the configuration file, see Configure the Monitoring Agent for Kerberos and Configure the Backup Agent for Kerberos.

You can specify the host’s authentication settings when adding the host, or you can edit the settings for an existing host.