Introduction to Couchbase

Couchbase ServerNoSQL Document Database

Couchbase Open Source Project

• Leading NoSQL database project focused on distributed database technology and surrounding ecosystem

• Supports both key-value and document-oriented use cases

• All components are available under the Apache 2.0 Public License

• Obtained as packaged software in both enterprise and community editions.

Couchbase

Open Source Project

Easy Scalability

Consistent High Performance

Always On

24x365

Grow cluster without application changes, without downtime with a single click

Consistent sub-millisecond read and write response times

with consistent high throughput

No downtime for software upgrades, hardware maintenance, etc.

JSONJSON

JSON

JSONJSON

Flexible Data Model

JSON document model with no fixed schema.

Couchbase Server

Couchbase Server Architecture

Couchbase Server Architecture

Hea

rtb

eat

Pro

cess

mo

nit

or

Glo

bal

sin

glet

on

su

per

viso

r

Co

nfi

gura

tio

n m

anag

er

on each node

Reb

alan

ce o

rch

estr

ato

r

No

de

hea

lth

mo

nit

or

one per cluster

vBu

cket

sta

te a

nd

rep

licat

ion

man

ager

httpR

EST

man

age

me

nt

AP

I/W

eb

UI

HTTP

8091Erlang port mapper

4369Distributed Erlang

21100 - 21199

Erlang/OTP

storage interface

Couchbase EP Engine

11210Memcapable 2.0

Moxi

11211Memcapable 1.0

Memcached

New Persistence Layer

8092Query API

Qu

ery

En

gin

e

Data Manager Cluster Manager

Couchbase Server Architecture

Replication, Rebalance, Shard State Manager

REST management API/Web UI

8091Admin Console

Erla

ng

/OTP

11210 / 11211Data access ports

Object-managedCache

Multi-threaded Persistence Engine

8092Query API

Qu

ery

En

gin

e

http

Data Manager Cluster Manager

Couchbase Operations

33 2

Single node - Couchbase Write Operation

Managed Cache

Dis

k Q

ueu

e

Disk

Replication Queue

App Server

Couchbase Server Node

Doc 1Doc 1

Doc 1

To other node

33 2

Single node - Couchbase Update Operation

Managed Cache

Dis

k Q

ueu

e

Replication Queue

App Server

Doc 1’

Doc 1

Doc 1’Doc 1

Doc 1’

Disk

To other node

Couchbase Server Node

GET

Do

c 1

33 2

Single node - Couchbase Read Operation

Dis

k Q

ueu

e

Replication Queue

App Server

Doc 1

Doc 1Doc 1

Managed Cache

Disk

To other node

Couchbase Server Node

33 2

Single node – Couchbase Cache Miss2

Dis

k Q

ueu

e

Replication Queue

App Server

Couchbase Server Node

Doc 1

Doc 3Doc 5 Doc 2Doc 4

Doc 6 Doc 5 Doc 4 Doc 3 Doc 2

Doc 4

GET

Do

c 1

Doc 1

Doc 1

Managed Cache

Disk

To other node

COUCHBASE SERVER CLUSTER

Basic Operation

• Docs distributed evenly across servers

• Each server stores both active and replica docsOnly one server active at a time

• Client library provides app with simple interface to database

• Cluster map provides map to which server doc is onApp never needs to know

• App reads, writes, updates docs

• Multiple app servers can access same document at same time

User Configured Replica Count = 1

READ/WRITE/UPDATE

ACTIVE

Doc 5

Doc 2

Doc

Doc

Doc

SERVER 1

ACTIVE

Doc 4

Doc 7

Doc

Doc

Doc

SERVER 2

Doc 8

ACTIVE

Doc 1

Doc 2

Doc

Doc

Doc

REPLICA

Doc 4

Doc 1

Doc 8

Doc

Doc

Doc

REPLICA

Doc 6

Doc 3

Doc 2

Doc

Doc

Doc

REPLICA

Doc 7

Doc 9

Doc 5

Doc

Doc

Doc

SERVER 3

Doc 6

APP SERVER 1

COUCHBASE Client Library

CLUSTER MAP

COUCHBASE Client Library

CLUSTER MAP

APP SERVER 2

Doc 9

Add Nodes to Cluster

• Two servers addedOne-click operation

• Docs automatically rebalanced across clusterEven distribution of docsMinimum doc movement

• Cluster map updated

• App database calls now distributed over larger number of servers

REPLICA

ACTIVE

Doc 5

Doc 2

Doc

Doc

Doc 4

Doc 1

Doc

Doc

SERVER 1

REPLICA

ACTIVE

Doc 4

Doc 7

Doc

Doc

Doc 6

Doc 3

Doc

Doc

SERVER 2

REPLICA

ACTIVE

Doc 1

Doc 2

Doc

Doc

Doc 7

Doc 9

Doc

Doc

SERVER 3 SERVER 4 SERVER 5

REPLICA

ACTIVE

REPLICA

ACTIVE

Doc

Doc 8 Doc

Doc 9 Doc

Doc 2 Doc

Doc 8 Doc

Doc 5 Doc

Doc 6

READ/WRITE/UPDATE READ/WRITE/UPDATE

APP SERVER 1

COUCHBASE Client Library

CLUSTER MAP

COUCHBASE Client Library

CLUSTER MAP

APP SERVER 2

COUCHBASE SERVER CLUSTER

User Configured Replica Count = 1

Fail Over Node

REPLICA

ACTIVE

Doc 5

Doc 2

Doc

Doc

Doc 4

Doc 1

Doc

Doc

SERVER 1

REPLICA

ACTIVE

Doc 4

Doc 7

Doc

Doc

Doc 6

Doc 3

Doc

Doc

SERVER 2

REPLICA

ACTIVE

Doc 1

Doc 2

Doc

Doc

Doc 7

Doc 9

Doc

Doc

SERVER 3 SERVER 4 SERVER 5

REPLICA

ACTIVE

REPLICA

ACTIVE

Doc 9

Doc 8

Doc Doc 6 Doc

Doc

Doc 5 Doc

Doc 2

Doc 8 Doc

Doc

• App servers accessing docs

• Requests to Server 3 fail

• Cluster detects server failedPromotes replicas of docs to activeUpdates cluster map

• Requests for docs now go to appropriate server

• Typically rebalance would follow

Doc

Doc 1 Doc 3

APP SERVER 1

COUCHBASE Client Library

CLUSTER MAP

COUCHBASE Client Library

CLUSTER MAP

APP SERVER 2

User Configured Replica Count = 1

COUCHBASE SERVER CLUSTER

COUCHBASE SERVER CLUSTER

Indexing and Querying

User Configured Replica Count = 1

ACTIVE

Doc 5

Doc 2

Doc

Doc

Doc

SERVER 1

REPLICA

Doc 4

Doc 1

Doc 8

Doc

Doc

Doc

APP SERVER 1

COUCHBASE Client Library

CLUSTER MAP

COUCHBASE Client Library

CLUSTER MAP

APP SERVER 2

Doc 9

• Indexing work is distributed amongst nodes

• Large data set possible

• Parallelize the effort

• Each node has index for data stored on it

• Queries combine the results from required nodes

ACTIVE

Doc 5

Doc 2

Doc

Doc

Doc

SERVER 2

REPLICA

Doc 4

Doc 1

Doc 8

Doc

Doc

Doc

Doc 9

ACTIVE

Doc 5

Doc 2

Doc

Doc

Doc

SERVER 3

REPLICA

Doc 4

Doc 1

Doc 8

Doc

Doc

Doc

Doc 9

Query

SERVER 3SERVER 1 SERVER 2

Couchbase Server – San Francisco

SERVER 3SERVER 1 SERVER 2

Couchbase Server – New York

Per replication Tunable Parameters

Cross Data Center Replication (XDCR)

Active – Active Replication

Hot Standby

Couchbase Server Security

Couchbase Buckets – Semi-synonymous with “database”

Accessing Buckets –• Using SASL Authentication• Authentication happens over CRAM-MD5 encryption

Gazzang for Couchbase Server

Couchbase Connectors Page - http://www.couchbase.com/couchbase-server/connectors/gazzang

Gazzang for Couchbase Datasheet -http://www.couchbase.com/sites/default/files/uploads/all/datasheets/Gazzang-Couchbase_Datasheet.pdf

About Gazzang

• Headquartered in Austin, Texas

• Focus on high-performance data-at-restencryption and key management

• Specialize in securing cloud and big dataenvironments

• Key vertical industries: financial services, healthcare, retail, government, education, technology

• Featured as a Couchbase Server Connector

What we hear from our customers• “I need to protect sensitive data in my cloud”

­ Ensure sensitive data and encryption keys are never stored in plain text nor exposed publicly

­ Maintain compliance (HIPAA, PCI, SOX, FERPA, etc…) and meet customer expectations for data security

• “Help me secure my Big Data infrastructure”

­ Harden Big Data infrastructures that have relatively weak securityand little cryptographic protection

­ Maintain Big Data performance and availability

• “I need to maintain control of my keys”

­ Manage the rapid growth of key, certificate, token proliferation caused by Big Data/cloud/Industrial Internet

­ Bring sensitive digital artifacts under a consistent set of controls and policies

• “My cloud provider should not have access to my data”

­ Deploy multi-factor authentication in the cloud

­ Establish and enforce robust access controls for sensitive objects

11/14/2013

Gazzang - All rights reserved 2012 23

Gazzang zNcrypt™ sits between the file system and any database, application or service running on Linux to encrypt data before it’s written to the disk.

• AES-256 encryption

• Process-based ACLs

• Maximum performance

• Enterprise scalability

• Packaged support for Couchbase Serverand other big data platforms

• Keys protected by Gazzang zTrustee™

Gazzang Encryption

24Gazzang - All rights reserved 2013 Confidential – Internal Use Only

Gazzang Key Management

Gazzang zTrustee™ is a “virtual safe-deposit box” for managing zNcrypt keys or any other digital artifact that must be secure and policy controlled

• Software-based solution separateskeys from encrypted data

• Centralized management of SSL certificates, SSH keys, tokens, passwords and more

• Unique “trustee” and machine-based policies deliver multifactorauthentication

• Integration with HSMs from Thales, RSA and SafeNet

• Multiple deployment optionsinclude on-prem or hosted SaaS offering

25

• Time to live• Number of retrievals• URL• Trustee approval• Client• Much more

Trustees must approve release of objects in accordance with the deposit policy

• Trustee votes• Time to live• Retrieval limits• Single-use URL• Client

permissions

API Library• Java• Python• C library

Gazzang - All rights reserved 2013 Confidential – Internal Use Only

Key Differentiators

• Simple, powerful solutions supporting a broad range of use cases

• Fast, easy deployments

­ Install and configure using standard DevOps tools e.g. Chef, Puppet

­ No application or storage configuration changes required

• Low performance impact

• Virtual safe deposit box for any critical digital asset

• Built for Big Data, architected for cloud deployments, protects any Linux application

Gazzang - All rights reserved 2013 Confidential – Internal Use Only

Questions?

anil@couchbase.com@anilkumar1129

robert.linden@gazzang.com

Download Couchbase Server 2.2 http://www.couchbase.com/download

Visit www.gazzang.com/solutions/securing-big-data for more information