MongoDB Atlas tries to provide as much flexibility as possible to customers, ensuring they achieve the security posture that they want. Private Link provides private connectivity from a virtual network to services on the Azure platform, customer-owned services, or Microsoft partner services. By adding Private Link to the array of connection options that MongoDB Atlas offers, the company has increased the flexibility and extensibility it can offer customers while also reinforcing its security-centric operating principles.
Headquartered in New York City, MongoDB first began offering its source-available, cross-platform database software to customers in 2009. In the intervening decade, the company improved and expanded its services to include more comprehensive offerings like MongoDB Atlas, an integrated suite of cloud database and data services that’s designed to accelerate and simplify how companies build with data. Large and small organizations use the company’s services in 100 countries around the world.
“Azure Private Link is an incredibly simple and elegant solution for a complicated and gnarly networking problem.”
Chris Shum, Senior Product Manager, MongoDB
While providing data services to its customers is important to MongoDB, ensuring that those customers are provided with the scalability, flexibility, and data security they require is equally important. “Our customers’ most important and sensitive data is in these databases,” says Eric Holzhauer, Director of Strategy and Product Marketing at MongoDB. “We want them to know they can trust us with that data. That’s why we make sure that we can meet them how and where they need us to be in the cloud.”
MongoDB has used Microsoft Azure for years to provide its services to many customers, and the company currently offers its services in 35 Azure regions, with more on the way. The global cloud database at the core of MongoDB Atlas can deploy on Azure compute and storage, giving MongoDB Atlas users the ability to manage data on the same Azure infrastructure where they run their applications. Azure service integrations are also available for both the solution’s virtual network peering option and for key management within its client-side field-level encryption and at-rest security. “Security is first and foremost for any modern application,” says Chris Shum, Senior Product Manager at MongoDB. “It’s a vital topic, and MongoDB Atlas tries to provide as much flexibility as possible to customers, ensuring they achieve the security posture that they want.”
For these reasons and others, MongoDB was very interested in the benefits of using Azure Private Link with MongoDB Atlas since the very first days of Private Link. “As recently as two years ago, the conversation around data networks was between public versus private networking,” says Shum. “We had IP access lists for public networking, and for those customers who preferred private networking, we had virtual network peering. Even though virtual network peering itself allowed all data transfers to go across private networks, we heard from customers that it wasn’t sufficient, primarily because of concerns around directionality and transitivity.”
Granting simple and highly secure access
To some organizations, the bidirectional nature of virtual network peering represents an extension of their network trust boundary. For customers like these and those who are seeking transitive access, MongoDB traditionally developed workarounds. Working closely with customers’ information security teams, the company has been able to satisfy the vast majority of concerns. “Solving issues through time-consuming workarounds introduced friction or delays to the onboarding process, though,” acknowledges Shum. “That’s not what you want to see in a product that’s supposed to be highly user-friendly.”
Private Link provides private connectivity from a virtual network to services on the Azure platform, customer-owned services, or Microsoft partner services. Private Link does this by removing data exposure to the public internet, securing connections between endpoints in Azure. “Private Link provides two key innovations,” says Shum. “It gives unidirectional access to our services from a customer’s environment, and it creates transitive connectivity, which opens up a whole new world of access.”
Transitive connectivity gives an on-premises datacenter the ability to connect to a Private Link–enabled virtual network via Azure ExpressRoute, allowing MongoDB customers to connect directly from their on-premises datacenters to MongoDB Atlas without using public IP access lists. “Before Private Link, customers who wanted to connect to MongoDB Atlas via Azure ExpressRoute had to invest in bastion hosts or other network virtual appliances,” says Shum. “This often required extensive setup and ongoing maintenance, which represented time and money investments in non-differentiating work. Private Link makes this type of connectivity native and first-class, solving a significant customer pain point and dramatically reducing the time necessary to go to production.”
For enterprise customers and organizations that are averse to considering IP access lists because of information security policies, Private Link provides improved ease-of-use for services like MongoDB Atlas. “As a cloud database service provider, giving our customers new, highly secure ways to connect to our cloud database is crucial,” says Shum. “We were very interested when Microsoft first brought up the concept of Private Link, and not just from an adoption perspective—we wanted to know if we could aid in development.”
Strengthening customer and business relationships
MongoDB adopted Private Link as soon as it was possible to do so. “Adding Private Link to our landscape was incredibly simple,” says Shum. “And because it was architected and designed well, it fit seamlessly into the MongoDB Atlas architecture.” Azure product group experts were readily available for the few questions that MongoDB did have, minimizing the adoption time frame. “We’ve enjoyed a strong relationship with the Azure team for the last four years,” adds Holzhauer. “And I think that relationship has grown even stronger as we collaborate in both R&D and go-to-market initiatives, which ensures that our joint customers are using the best solutions for their needs.”
As MongoDB planned and implemented its Private Link adoption, new potential customers were approaching the company. These customers, many of whom were just beginning their cloud journeys, realized their lack of expertise with Azure and wanted to feel comfortable as they adopted the cloud capabilities they knew were vital to the continued success of their brands. “From a product roadmap perspective, we were seeing a lot of customer validation,” says Shum. “Private Link makes so much sense as a solution that helps accelerate new customer cloud migrations. Companies that previously couldn’t make use of the cloud with their network topologies can now confidently adopt and use Azure. Private Link simplifies their ability to connect to both Azure and our application databases in the cloud in a highly secure manner.”
MongoDB views Private Link as a highly secure, simple solution for connecting enterprise networks and applications to both Azure and other applications like MongoDB Atlas. “Our alignment with Microsoft helps establish trust in the platform that we’ve built,” says Shum. “The best practices and technological profiles that Microsoft suggested are the same that MongoDB uses today.”
A proven and growing success story
By adding Private Link to the array of connection options that MongoDB Atlas offers, the company has increased the flexibility and extensibility it can offer customers while also reinforcing its security-centric operating principles. “We continue to believe that IP access lists make sense along with virtual network peering for some customers,” says Shum. “And with Private Link, every customer now has a secure means of connecting to MongoDB Atlas even if our other options didn’t work for them in the past.”
A significant number of customers have already chosen to connect to MongoDB Atlas through Private Link, and the company expects this community to continue growing. Customers including a multinational insurance provider, a large telecommunication company, and financial service providers from across North America and Europe have adopted the solution. “I’ve been involved in a number of customer conversations that would have been difficult even 18 months ago,” says Shum. “But with Private Link on the table, those interactions have become extremely smooth.”
Sales motions, which can sometimes be a lengthy process, have shortened since MongoDB began offering Private Link to its customers—especially for those who are early in their cloud journeys. Workarounds, proof of concept implementations, and additional conversations brought on by customer doubts have evaporated. “That’s the beauty of building on a cloud platform as extensive as Azure,” says Shum. “We’re able to pick the best-in-class solution for each customer’s problem rather than being forced to make an ill-fitting solution work.”
MongoDB customers are accessing the company’s services quicker and with higher confidence. “Azure Private Link is an incredibly simple and elegant solution for a complicated and gnarly networking problem,” says Shum. “It’s easy to set up on the MongoDB Atlas control plane and the Azure portal; we’re seeing customers access the agility and power of the cloud at rates that were likely impossible without Private Link. That’s a win for us, but more importantly, it’s a win for the companies that are now able to access MongoDB Atlas for the first time.”
Find out more about MongoDB on Twitter, YouTube, Facebook, and LinkedIn.
“Private Link provides two key innovations. It gives unidirectional access to our services from a customer’s environment, and it creates transitive connectivity, which opens up a whole new world of access.”
Chris Shum, Senior Product Manager, MongoDB
Follow Microsoft