Overview of MongoDB’s BaaS offering: MongoDB Stitch

One of the challenges many developers have is keeping up with backend processes. Things like data security, service integrations, and code for data manipulations can take up a lot of time and resources. As a result, many have made a move to utilize a Backend as a Service (BaaS). If you have an application backed by MongoDB there is a new Baas option available, MongoDB Stitch.

MongoDB allows you to get started at no cost with Stitch, which is always great. At the moment it is backed by MongoDB’s Database as a Service (DBaaS) offering, Atlas. In another post, I discussed Atlas and am excited that these two services are connected.

BaaS Overview

A Backend as a Service approach to development allows mobile and web developers to connect their applications to backend cloud storage and utilize inherent processing capabilities. Further, it provides many common features that users demand from sites and applications. Some of these features are security, user management, push notifications, and social networking integrations.

MongoDB Stitch Benefits

Stitch provides many capabilities for developers to leverage the features inherent in MongoDB along with BaaS concepts. It provides direct access to the database, whether it is already existing or new data, Stitch allows developers to focus on building their application. The backend logic is taken care of and provided. This leads to a faster development cycle.

Stitch takes MongoDB’s data security features even further. It provides functionality such as end user authentication and access control on a per-field basis. For example, if the marketing department doesn’t need access to a customer’s financial information, those fields can be excluded from their access rights. This allows developers and application stakeholders to have confidence that information and services are only available to the proper users.

MongoDB has built Stitch in an open fashion. It provides a single API allowing access to both the MongoDB database as well as other public cloud services. This allows for microservice integration and prevents being committed to a single vendor.

Another terrific benefit is the integration with Atlas. This allows for easy scaling of capacity and performance as an application grows. This is yet another set of duties that don’t need to be managed ourselves. We can allow the details of the backend application and infrastructure to be handled by a team of Dev-Ops folks at MongoDB and can then concentrate on the application itself.

MongoDB Stitch Components

There are three main components of Stitch, pipelines, services, and rules. Services come in two different varieties, MongoDB services, and partner services for integration with services like Amazon S3 or Twilio for messaging. Let’s take a quick look at what these different components do and how they fit into an application.

Services

Services in Stitch allow for application integration and execution of common actions. There are integrations for a variety of third-party (partner) services for such tasks as user authentication through Facebook or Google, Slack, Twilio, and some components of AWS, to name a few. The HTTP Service allows for a MongoDB Stitch application to connect to REST API services. MongoDB has a dedicated service for connecting to Atlas and has some built in pipeline operations.

Pipelines

A Stitch pipeline allows for a sequence of actions to be performed in order by the Stitch services. This is a powerful feature. It allows a series of actions to be defined all through simple JSON syntax.

A pipeline is built in stages, each running in consecutive order. A stage runs and passes the information it generates onto the next stage. For example, you can do a MongoDB aggregation stage from your data and determine which user in the past week had the most likes on your new Snap-o-gram app. That stage could then pass that information to the Twilio Service which could send a text to their phone with this awesome accomplishment.

There are some Built-In Actions for filtering the pipeline input, defining in an explicit way what the output of a stage will be, expression evaluation against input documents, and a project feature, to name a few. Another nice feature MongoDB has provided is the concept of named pipelines. This allows for a designed pipeline to be reused within a Stitch app and referenced by name. A tremendous help for writing code that follows the DRY (don’t repeat yourself) principle.

Rules

The last major component of a MongoDB Stitch is Rules. Rules, as one might guess, allow for a control over the actions a service takes. Rules are designed and written in JSON format, as are pipelines.

One can define a rule for read, write, and validation operations, for example. These can be used at the document level and on down to the field level. Want to prevent a service from reading specific financial data in a document? Write a rule for that. It is a powerful feature of MongoDB Stitch and provides an extra level of security for your data.

MongoDB Stitch Development

Right now there are three different options for developing a Stitch application. Using JavaScript for web applications and for mobile development there are options for Android and iOS. MongoDB has put together some great tutorials and getting started guides.

Wrap Up

The name Stitch comes out of the idea of stitching together the pieces of an application and not from the Disney character in Lilo & Stitch. Given the benefits and features MongoDB Stitch brings to the table, I think it is a very appropriate name. Much like sewing brings all of the pieces of a garment together, MongoDB Stitch does the same thing for your application.

I know that for myself I plan on utilizing this service on my next project.

As with any “pre-packaged” service, one gives up some flexibility and control over your application. However, for being able to retain direct access to your MongoDB database, and the collections and documents it contains, Stitch is a great option. Keep in mind that as of this post, Stitch is still in a beta version. As with any beta product, things may change with the final product.

There are several MongoDB specific terms in this post. I created a MongoDB Dictionary skill for the Amazon Echo line of products. Check it out and you can say “Alexa, ask MongoDB for the definition of authentication?” and get a helpful response.


Follow me on Twitter @kenwalger to get the latest updates on my postings.

Facebooktwitterredditlinkedinmail

IoT Security with SSL/TLS in MicroPython

I’m on vacation in San Francisco this week with my family and looking out over the bay at Alcatraz Island. For those who aren’t familiar with this island, it housed a maximum high-security prison 1.25 miles off the San Francisco coast for 54 years. While thinking about the high security that Alcatraz offered in the past, it makes me think about the digital security of today.

Alcatraz Island

Specifically, as it relates to the Internet of Things(IoT) and considerations that must be taken with connected devices. If you have been reading my previous IoT related blog posts, you’ll recall that I’ve been using a NodeMCU ESP8266 device with MicroPython for much of my work.

I enjoy my family and want to enjoy my vacation. Therefore I opted to not bring my IoT devices with me. In this post then, I’d like to cover some of the aspects of security that IoT connected devices face. So sit back and put your breadboards away as we take a look at some concepts.

Networking Overview

When we talk about networking we are discussing ways in which devices communicate with each other. The devices can certainly be IoT devices. But it goes beyond the physical device as the how is often as important as the device itself. In today’s world, for example, the popular how is via Ethernet or WiFi and TCP/IP. Let’s have a brief look at some networking models and see how security is implemented in them.

Network Protocol models

At one point I was very involved with networking. In the process of studying for various networking certifications from Cisco and Microsoft, there is a lot of discussion on the Open Systems Interconnection, or OSI, model of networks. There is also a more streamlined TCP/IP model that is popular as well.

OSI Networking Model

These models divide networking into various layers, starting at an Application and working down to the physical cables for a network to function. Conceptually, the OSI Model can be represented like this:

OSI Network Model
OSI Network Model
TCP/IP Networking Model

There are several “layers” there, so to simplify things, let’s take a look at the TCP/IP representation of the network model.

TCP/IP Network Model
TCP/IP Network Model

There are many different ways in which to secure a network. Some are more flexible than others. If you want a very secure network, you don’t connect it to the outside world and build it a hardened physical location with limited access. Secure, yes. Extremely user-friendly, no. Therefore, methods have been developed to provide security at higher layers of the network model which allows for privacy and data integrity between two communicating applications.

TLS/SSL Protocol Model

The software industry has used cryptographic protocols to provide network communication security for a long time. For IoT devices, it is common to utilize TLS When we start talking about network security protocols such as Transport Layer Security (TLS) and its predecessor Secure Sockets Layer (SSL), where do those fit in though to our Networking Models?

TLS Protocol in Network Model
Networking Model with TLS Protocol

We see that there is quite a bit going on there with TLS and that it is occurring at high levels of the network model. This is, typically, great as it allows us, as developers, to have useful access to the protocol. Further, since it is a commonly used protocol, our access to it is, generally speaking, pretty straight forward.

TLS

Websites use TLS, and previously SSL, to provide secure communication between browsers and web servers. IoT devices can take advantage of TLS as well. Some of the benefits of using TLS include:

  • private connection is established through symmetric cryptography.
  • Identities can be authenticated using public-key cryptography.
  • Communication integrity via a message authentication code.

TLS builds upon the SSL standards and, as the above image indicates, there are two layers. Within TLS there are two embedded protocols, a handshake protocol, and a record protocol. The handshake is used to establish the format of the exchange of information. The record is what encapsulates the data itself.

This is an oversimplification of the process. There are many steps to the handshake, and a TLS record includes multiple types of information, beyond what is passed from an application itself. Both internal protocols handle, to differing degrees, the cipher security features.

With all of this going on internally in TLS, there are obviously a lot of “moving parts” to this whole thing. I stated that having these security features on a high level in the networking stack can make a developer’s life easier. Fortunately, in a MicroPython based IoT world, it is fairly simple to utilize and implement TLS.

MicroPython

MicroPython includes a standard SSL/TLS module. This provides access to TLS on both the client and server sides of our applications. MicroPython includes the ssl.wrap_socket() function, which wraps a stream in an SSL context. Depending on the particular IoT device and the way the module is implemented, some functionality of wrap_socket() may not be entirely supported.

Wrap up

In this brief discussion, I’ve shown how TLS/SSL security fits into the networking model. I would highly encourage the use of the SSL/TLS module when building your MicroPython projects. In this day and age of cyber attacks, it is important to secure all communications between devices big and small.


Follow me on Twitter @kenwalger to get the latest updates on my postings on MicroPython and IoT and let me know what you are building with MicroPython.

Facebooktwitterredditlinkedinmail