Skip to main content

Networking and connectivity

This section describes how to connect to and control access for FPT MongoDB Enterprise clusters, including connection endpoints, private and public access models, security groups, and floating IPs.

  • Connection endpoint : Each FPT MongoDB Enterprise cluster is provisioned with a standard MongoDB connection endpoint in the form of a MongoDB URI, which applications can use to connect to the cluster. Using a connection endpoint helps:
    • Abstract application logic from the underlying cluster architecture
    • Minimize impact during failover or topology changes
    • Simplify connection management.
  • Private and public access : FDE MongoDB supports two access models:
    • Private Access: Allows connections only from internal networks such as VPC/VNet. This model suitables for production environments and workloads with strict security requirements.
    • Public Access: Provides a public endpoint that allows connections from the Internet, with additional security controls. This model is used for external integrations (e.g., third-party services), temporary administrative access or development and testing environments. When enabling public access, you should carefully evaluate security, performance, and application architecture requirements.
  • Security Groups and Floating IP : FPT MongoDB Enterprise uses Security Groups and Floating IPs to provide flexible and secure network access control.
    • Security Group: A Security Group is a set of stateful firewall rules that control inbound and outbound traffic to database instances based on: IP address or CIDR range, Port and Protocol. Security Groups help enforce the principle of least privilege by allowing access only from trusted sources, such as applications within the same VPC/VNet, bastion hosts and authorized management systems. Changes to the Security Group take effect immediately and do not require a cluster restart.
    • Floating IP: A Floating IP is a public IP address that can be dynamically associated with or disassociated from nodes in the cluster, enabling Internet access when required. Floating IP is commonly used in the following cases:
      • Access from on-premises environments or external systems.
      • Temporary administrative or operational access.
      • Testing and integration scenarios. When using Floating IP, it must be combined with Security Groups to:
      • Restrict allowed source IP ranges
      • Open only required ports

Security best practices:

  • Enable Floating IP only when necessary.
  • Use Private Access for production workloads whenever possible.
  • Apply Security Group rules based on the minimum exposure principle.
  • Regularly review and update access rules to maintain a secure environment
Last updated on by Dang Tran