メインコンテンツまでスキップ

ネットワークと接続性

This section describes how to connect to and control access for FPT MongoDB Enterprise clusters, including connection endpoints, private and public access models, security groups, and floating IPs.

  • Connection endpoint : Each FPT MongoDB Enterprise cluster is provisioned with a standard MongoDB connection endpoint in the form of a MongoDB URI, which applications can use to connect to the cluster. Using a connection endpoint helps:
    • Abstract application logic from the underlying cluster architecture
    • Minimize impact during failover or topology changes
    • Simplify connection management.
  • Private and public access : FDE MongoDB supports two access models:
    • Private Access: Allows connections only from internal networks such as VPC/VNet. This model suitables for production environments and workloads with strict security requirements.
    • Public Access: Provides a public endpoint that allows connections from the Internet, with additional security controls. This model is used for external integrations (e.g., third-party services), temporary administrative access or development and testing environments. When enabling public access, you should carefully evaluate security, performance, and application architecture requirements.
  • Security Groups and Floating IP : FPT MongoDB Enterprise uses Security Groups and Floating IPs to provide flexible and secure network access control.
    • Security Group: A Security Group is a set of stateful firewall rules that control inbound and outbound traffic to database instances based on: IP address or CIDR range, Port and Protocol. Security Groups help enforce the principle of least privilege by allowing access only from trusted sources, such as applications within the same VPC/VNet, bastion hosts and authorized management systems. Changes to the Security Group take effect immediately and do not require a cluster restart.
    • Floating IP: A Floating IP is a public IP address that can be dynamically associated with or disassociated from nodes in the cluster, enabling Internet access when required. Floating IP is commonly used in the following cases:
      • Access from on-premises environments or external systems.
      • Temporary administrative or operational access.
      • Testing and integration scenarios. When using Floating IP, it must be combined with Security Groups to:
      • Restrict allowed source IP ranges
      • Open only required ports

Security best practices:

  • Enable Floating IP only when necessary.
  • Use Private Access for production workloads whenever possible.
  • Apply Security Group rules based on the minimum exposure principle.
  • Regularly review and update access rules to maintain a secure environment
Dang Tran最終更新