August 31, 2016
Ep. #12, Security Ergonomics
In this episode of Don't Make Me Code, David and Steve are joined by Guy Podjarny, CEO of Snyk. The group discuss the current state of devel...
In episode 34 of JAMstack Radio, Brian talks to Michael Lynn and Drew DiPalma of MongoDB about how developers are using Stitch and Atlas to power their projects.
About the Guests
Brian Douglas: Welcome to another installment of JAMstack Radio. On the line we've got Michael Lynn. Hey, Mike.
Michael Lynn: Hey, folks. My name is Michael Lynn and I am the worldwide director of developer advocacy for MongoDB.
Brian: Nice, "Worldwide." That's an awesome title. I wish I had that in my title, "Worldwide host of JAMstack Radio." Also on the line, we've got Drew DiPalma.
Drew DiPalma: Hey, everyone. My name is Drew DiPalma. I run a product called MongoDB Stitch over here at MongoDB and we'll be talking about that today.
Brian: We definitely will be. Mike, we met back at Codeland in New York originally earlier this year.
Michael: Great event.
Brian: I found out that you do DevRel over at Mongo, and you guys already shipped some really cool things at Mongo as well. Can we explain what MongoDB is? I know some people are familiar with it, but I'm not sure how many people have touched or used it.
Michael: Sure, I'll take that one. MongoDB is a document database, and when we say document a lot of people think automatically a Word document or some binary form of a PDF or something like that. While you can store those in MongoDB that's not what we're talking about, we're talking about a JSON document.
We store data in objects that look like JSON. We use an extended form of JSON called BSON, but this is in contrast to what you're used to if you're used to databases from a while ago. Older databases, or traditional databases, store data in rows and columns inside tables. We store data in documents inside collections inside databases. So there's a lot of similarities and a lot of differences.
We feel it's an updated approach to data storage and it offers some real great flexibility for developers, which is why we're seeing massive growth.
Brian: Cool. When you say documents, "Stored in documents" itself, I know the term that gets thrown around a lot is "No SQL." Do you guys still use that term to describe the type of database that Mongo is?
Michael: We still use that, we're still in that in that genre, I suppose. "No SQL," we have a language that is very much like structured query language, we call it MongoDB query language. It's got some great capabilities in terms of data access. We also have something built into MongoDB query language that we call the aggregation framework, which is focused on analytics and some of the analytical behaviors of data access. But "No SQL still applies.
Michael: Yeah. Val Karpov is credited with coining the term, or the acronym MEAN, for MEAN Stack.
Brian: That's right.
Michael: There's the MEAN Stack and the MERN Stack which is MongoDB, Express.js, Angular.js and Node.js. It's because it was so prevalent at the time, and it's still really popular and a lot of people are now adopting an approach that involves heavier more capable front ends and React is huge today. That's why it's so exciting that we've got some great stuff to talk about with Drew and Stitch and what that's all about.
Brian: Cool. Nice. Can we roll into, "What is Stitch, and why the JAMStack listeners would be interested in this product?"
Michael: First of all, let's talk about how we got to Stitch. Stitch started back end as a service, Drew's going to explain a lot about that, but it makes sense to back up one step and ,talk about Atlas. Many of your listeners may not know the term "Atlas," but MongoDB Atlas is our database as a service. It's hosted MongoDB in the Cloud.
The cool thing about Atlas is that it offers you the ability to launch, manage and scale your MongoDB instances without the headache associated with downloading MongoDB and installing it on a server, finding a server to run it on, securing that and worrying about running out of disk space, and finding more disk space.
Or manually moving the instances around, or configuring replication and configuring charting, which is the way that we scale our MongoDB instances. All of that can be onerous. There is a an amount of work that is associated with doing that type of management. MongoDB Atlas allows you to seamlessly and easily push a button, get a cluster which is highly available.
It leverages built-in replication in MongoDB, so you've got high availability, and if you want to scale that instance of MongoDB you can do that as easy as turning a dial. All of the work associated with scaling the resources that are hosting your MongoDB instance, that's all done for you in zero downtime. You're not affected and your applications are not affected.
That's where the need for this came along and the great thing about Atlas is you can start for free. You can go get a flavor for what MongoDB Atlas is all about. Just go to cloud.MongoDB.com, I don't want to turn this into a sales pitch, but I'm excited about it. I'm pretty passionate about some of the offerings that we have.
Brian: When you say you could try it today for free, I'm sure there's a lot of cool tutorials out there and things to get started. Do you guys have documentation, or some sort of open source aspect of this?
Michael: The docs team at MongoDB, they're awesome. They're terrific. They've done some phenomenal work around Docs.MongoDB.com. They just introduced the capability to try some MongoDB right in the web page, right in the docs site.
Brian: Cool. I get the general idea around Atlas and why it might be a solution that you'd want to approach for getting Mongo into your project. Drew, do you want to explain Stitch and how that stitches itself into this conversation?
Drew: Absolutely. If you take a step back, one of MongoDB's main goals is to help developers be productive and create interesting stuff. With Atlas you've got a database, it's hosted, it's managed, and that's awesome. But you still have to build everything else related to your application.
With Stitch, we take that layer and let you create the logic connection to databases and other services and security, and manage that alongside your database the same way that we manage and host Atlas for you. You can think of it as a back end service or a serverless platform creating that API layer and that layer of logic and connectivity that would typically live behind your front end.
Brian: OK. So Mongo is your database, which is your API layer to connect your front end to that actual database. Correct?
Drew: Exactly. It's that simple. We let you plug into any of the logic that you create through HTTP calls, or we have an SDK where you can call any functions that you create. You can call directly to the database, or authenticate, things like that.
Brian: That's cool. That's exciting that's a product offering that Mongo is providing. I'm curious, how much of this is-- I don't know if I've paid for Mongo or any of my side projects or anything like that. I've used it for work, so we paid something at work. But how much of this is open sourced or community driven?
Drew: Sure. For Stitch we are currently hosting a lot of the infrastructure that does the request processing, but everything that connects to Stitch is fully open sourced. All of the API endpoints, all of the SDKs and tooling around Stitch, even down to the command line tools that we provide is all open source.
We've seen people pick up some of these tools, create their own spin or their own SDK, and there's definitely a good balance between the community and also having some of these things hosted and hosted in the Cloud.
Michael: From a purely software perspective, MongoDB has a dual licensing model. So we've got an open source version of MongoDB that you can download and use all day every day, it's purely open source.
Then we have a commercial version that has some additional capabilities compiled into it, things that large scale enterprises are going to be interested in like storing data at rest in an encrypted format and connecting to larger scale Active Directory authentication and authorization stores, those types of things. Those are offered in the commercial license and that's something that we vend on a yearly license basis.
Obviously can do some fun stuff with editing it directly in UI, but the purpose of our command line tooling is that you can edit that configuration and that code in any local text editor. That you can throw it up in GitHub and then move it from GitHub into Stitch. You can have a little bit of code portability.
Brian: Cool. Then for the hosting part it sounds like, that if you look at the back of the box it sounds like Mongo makes money if you're hosting with them through the commercial licenses.
Brian: But do you have the opportunity to take your instance and host it wherever you would like?
Michael: The great thing about Atlas, MongoDB Atlas, is that we're not competing with Cloud hosting providers, we're riding on top of. We give you the choice when you launch your instance where you want to host your underlying infrastructure.
The first thing you're asked when you launch a MongoDB cluster in Atlas is "What provider do you want to leverage?" It could be AWS, it could be Azure. Is there a cost associated with that? Yeah. There's an incremental cost over and above what you would normally pay for an EC2 instance, for example. However it's fairly minimal and we believe that what you get from the increased capabilities around management and security make it well worth it.
Brian: OK. Cool. So when I set up my Atlas instance, or database. As I created my account, I'm creating my instance. What do you guys call them, instances? For these Atlases?
Brian: OK. When I clear up my cluster I choose the provider, and am I providing my keys? Are you guys setting that up for me?
Michael: No, we're managing that for you.
Michael: You would do that for proximity, so you would if you have your applications in GCP for example, you would want to launch your MongoDB cluster so that it would be in close proximity to your application. But it's not going to be in your specific instance, it's going to be in ours and we're going to provide you with a management interface to do that, which is available from a web interface as well as from an API.
Brian: That's pretty huge, because as far as context switching and working on either large or small-- Actually I've been working in AWS pretty much all day today, and I'm not griping on them because it's a great product but trying to figure out what machine I'm on, because I use a personal machine for personal projects and a work machine for work projects.
Trying to figure out where my keys are, and I know there's a better way to manage that through their CLI, but if I'm at work I don't want to have to worry about where to find keys and I know my job does not want to have keys exposed in a way that someone could accidentally slip them up. Because that's an expensive problem to have if they are exposed.
I'm all for, especially getting up and running and started, if I can pay a little bit of money and have someone else manage that for me. And I can just ship the code that I care about then I'm all for that for sure.
Michael: That's what it's all about, you hit the nail on the head.
Brian: Cool. there's a couple of buzzwords that are coming up a lot within tangential to the JAMstack, which is like severless and containers in general. Does Mongo play with any of those buzzwords at all?
Michael: Mongo provides integration with Kubernetes in our on-premise management tool, we call that ops manager. That's baked into the offering there. From a continuation perspective and in the context of Atlas, no. At this point we're abstracting that layer for you. We're abstracting the actual underlying instance.
In the case of the free M0, we label those instances by size, so M0 is the smallest cluster size and that still comes with three nodes. It's a three node cluster. As I mentioned several times, it's free, but it's on a shared memory instance. The virtualization is all managed for you and it's all abstracted away from you.
As you get into the larger sciences, M30, M60, M80 and above. Those are all on EC2 instances or GCP Google instances that are larger in size, but you're not concerned with whether or not it's on a virtual license or what the scheduling is around where those instances live.
Drew: On the Stitch side, Stitch is another one of the buzz words that you said at Serverless. We talk about Stitch as a serverless platform for creating applications. We at Stitch have these similar to API requests, you could be running functions, could be making requests to the database or requests to a service.
Stitch takes all those requests and runs whatever logic they require in a serverless fashion. When we get a request for your application, we provision whatever compute and memory you need.
It's a super dynamic process and you don't have any hardware that's running, any containers that are running. So that process is fully serverless.
Brian: Do you guys have any CI integrations as far as some of these hosted solutions between Stitch and Atlas? Because one of things I like to do is abstract enough of the DevOps out of my life. Is there a way to push to GitHub or push it directly to your hosted Mongo cluster, to see some of things go live? Or is this a manual process to deploy some of these changes?
We're thinking about doing some first party CI/CD integrations in the future. That's something definitely that's top of mind for us, but lots of people are storing the code in GitHub and then moving it directly into Stitch today.
On the Atlas side, I know Mike you could talk to this too, but just about everything on Atlas you can make requests that scale up and pause your database from the API. We also have a couple of different tools that let you connect directly to the instance from your desktop, things like that.
Michael: There's some exciting stuff coming along there. Joe Drumgoole, developer and director of developer advocacy out of out of Ireland is writing a series on driving and managing your Atlas instances via the API. He's got a couple articles coming out where he's going to show from Python how to start, stop, list and manage the resources that you have in Atlas from within Python.
For example, if you wanted to build your own MongoDB as a service internally, maybe you're a service bureau for a larger company and you want to vend MongoDB internally. But you also want to leverage and gain the value and the benefits associated with having it managed by somebody else off premise, so that that could certainly be done by leveraging the API.
Brian: Cool, but question about the whole document model. I've been a part of at least one Mongo project at a company and I've definitely been a part of projects using SQL, but I don't know if I've seen scalability issues personally. Because I'm mainly geared towards the front end a bit, but I'm curious if there's an upper limit that you can see for this sort of Mongo document model using BSON? Or are we pretty much good to go?
Michael: From a from an architectural perspective MongoDB was built for large scale, and it was built with scalability in mind, and when you think about the architecture of a tabular database you almost have to divide the data across many tables. You're going to write an application that's most likely going to have any serious applications it's going to have many tables and those tables are going to live in separate places on the disk.
Dividing those, trying to find a good place to divide those disks and separate them and scale horizontally, is difficult traditionally in the relational world. At MongoDB we have this saying that "Data that will be accessed together is stored together."
We store all of the data for a particular application or an entity within an application in a document. All of the patient data, for example, is stored in one document. That entire document is going to be in the same place. Scalability, scaling horizontally, it was a design feature from early on.
Drew: To make that a little bit more concrete. We talk about some of the customers who are at high levels of scale within MongoDB and Atlas in our website, but one person that I always love to talk about is Baidu which is a pretty massive Chinese company.
Last I heard they were running something like a two petabyte workload on MongoDB on a single cluster. Once you get to that scale, it's a scale that a lot of people don't see for a single database instance. Especially more of an operational database instance.
Brian: That's a lot of a dog and cat pictures. I've never used Baidu, I don't know what people are searching over there. But that's awesome, that was my final question too. I was curious of companies using Stitch, I know Stitch seems fairly newer in Atlas. Are there companies jumping on the Atlas bandwagon, and leveraging that tool first when they think Mongo?
Michael: The number of companies grows every day. It's a really successful platform. One that comes to mind is 7-Eleven. I don't know if I had the statistics off the top of my head, but they were leveraging on-premise and wanted to move their infrastructure to the Cloud. MongoDB helped them do that. We also incorporated Atlas as a part of their solution.
Brian: That makes a lot of sense, because they're open 24 hours a day. They're focused on other things instead of just the infrastructure.
Drew: From the Stitch side,
we're seeing a ton of customers start building interesting and compelling stuff with Stitch.
I've met with people on cases from connected cars to oil platforms, all over the map. One customer who we talk a lot about who is doing some interesting stuff with Stitch is Axiom, who's a marketing tech company.
What they've done with Stitch is they have this valuable wealth of data that they drive a lot of their marketing ops from. They've used Stitch to build an API on top of it that can connect to some of their authentication and internal systems, can safely expose a lot of that business driving data to the public in a way that's pretty targeted and secure. That's just one of the good cases that we've seen.
Brian: Awesome. We talked about earlier about getting started in these guides. I don't know if you guys mentioned the developer advocate in Ireland, where they can find these post that feature series?
Michael: Sure thing. Joe's doing a number of series, that the APIs is one that he's putting out, but there's also a PyMongo Monday, so if you're into Python he'll be publishing an article every Monday with something interesting. You can find those on MongoDB's blog, it's www.MongoDB.com/blog, so you can see that in a number of other posts that we have coming out on a regular basis.
There's also a really exciting series being put out on a weekly basis by Aydrian Howard who is a developer advocate out of New York. He's calling it Stitchcraft. Every week he fearlessly jumps on Twitch and codes up some solution to an interesting problem, and we're looking for folks to get involved and get interactive, and maybe throw some suggestions for things that he should take on as a part of Stitchcraft.
Brian: OK, cool. I'm definitely going to save that on my Twitch account for sure.
Brian: I was doing some Twitching earlier this summer, and for a reference I mentioned in a podcast in passing, so whoever was listening that didn't get my handle it's @me8robot, so check me out on Twitch. It's a lot of fun to pull up Twitch and start writing code and get people to pair with you and ask you questions and ramble.
Michael: Isn't it great?
Brian: I only had eight people in the room at the most, but it was still a lot of fun.
Michael: The great thing about it is it's a weekly thing. It's going to grow. The great thing is you fearlessly open up to it and you start solving problems, and people benefit from that. Then you have this great collateral that's available for review later, so if you want to check that out he's @itsaydrian.
Brian: OK cool. Before we roll into the picks, it sounded like we were just giving picks. Did you guys want to share the promo code for our listeners to check out Atlas and Stitch?
Drew: Yes. We put together a special promo code for everyone who's listening in. Like Mike was saying before, it's easy to get started and build an application on top of Stitch and Atlas for free. But if you want to try something a little bit more larger scale we have the code JAM100, and with that you can get $100 to start kicking the tires with Stitch and Atlas.
Brian: Cool. Definitely check it out, listeners. With that being said let's move into picks. These are jam picks, anything we're jamming on that's keeping us going. A lot of us work with headphones on, so sometimes it could be music picks or food picks.
But while you're thinking of your picks, I'll go first. I mentioned I was working with AWS all day, mainly working with and Lambda and trying to debug that all day. To do that I was using Postman which is a tool a lot of people have used. I haven't used it until this summer.
I had one of the interns our team, she deployed a pretty cool blog post about using the GitHub API to use the IoT buttons from Amazon to approve pull requests and deploy your code. She uses Postman to test that interaction. Because of that now I'm using Postman to test another novel idea of using the GitHub API. That's my first pick.
My second pick is within the last couple months I got back on the 30 Rock bandwagon. I know it's old, but I watched 30 Rock back in the day. I only saw a handful of episodes and it didn't really get me, but then I started re-watching it because I saw Tracy Morgan on Comedians in Cars Getting Coffee with Jerry Seinfeld and I thought he was hilarious on that.
Just someone's crazy old uncle, the way he was bantering with Jerry Seinfeld. I went back and watched 30 Rock Starting with season two. I skipped season one altogether, because I saw that and it was also pretty slow, and I'm a couple episodes from finishing the last season. It was a good ride.
It's a great thing to have on in the background while you're making dinner or hanging out around the house, so I didn't really sit in front and watch every single one of the episodes. But it's streaming now on Hulu, it's been on Hulu forever. But definitely check it out if you're interested in 30 Rock. Drew, why did she go next? Do you have any picks for us?
Drew: Yes, you mentioned IoT. I'm just dipping my toes into the IoT scene, and I just ordered a Tessel 2.
I just got back from vacation being totally turned off in Wisconsin for about a week, and I was reading this awesome book called On Food and Cooking which is a book from the '80s and it's this 600-page manuscript on chemistry and food and history. It was a great way to turn off.
Brian: Cool. Offline in Wisconsin, I haven't heard that before. Pretty cool. Mike, do you got picks for us?
Michael: Sure. Any free second I have these days I'm spending somewhat disconnected. I'm trying to spend a little more time disconnected, and that for me lately means rolling. Doing some Brazilian jujitsu. It's an amazing sports/fitness routine and I'm having a real blast with that. I roll at Balance Studios here in Philadelphia, and those guys are phenomenal. The Migliarese brothers are running that and that's an awesome way to unwind and disconnect.
When I am connected I'm usually listening to some form of Joe Satriani. He's got some new tunes out but I always find myself going back to the older stuff, Surfing with the Alien is one of my favorites to get the blood pumping.
Lately I'm checking out Vue.js, I know I'm late to the game but I banged my head against React for a long time. While I can fumble my way through it it's just not comfortable. Someone recently, a candidate actually, introduced me to Vue.js and it seemed so much more succinct and maybe it just suits my brain. So, just having a good time with Vue.js.
Brian: Those are some picks right there. That's pretty awesome. Mike, thanks for your picks. Drew, thanks for your picks as well. I'm interested in that cooking book, I've been doing a lot of cooking myself lately, and always looking to improve my game.
With that being said, thanks for coming out and talking about Mongo, Atlas and Stitch. I'm sure listeners are going to take advantage of that promo code you guys provided. Listeners, thanks for listening. Keep spreading the jam.