Dear MongoDB users, we welcome you in Azure DocumentDB (opens in new tab)

[1] https://news.ycombinator.com/item?id=13644789

To build something similarly sized with the free version of Mongo would also be expensive. It's a trade off.

mat_keep9y ago

When users have evaluated DocumentDB against MongoDB, they see major shortcomings in Microsoft's offering:

"As we were developing our new financial benchmarking service last year, we evaluated Microsoft’s Azure DocumentDB, but MongoDB offered much richer query and indexing functionality"

KPMG France https://www.mongodb.com/blog/post/kpmg-france-enters-the-clo...

redwood9y ago

All of the following three share something in common: 1) Microsoft Azure DocumentDB 2) Google Cloud Spanner 3) Amazon Web Services DynamoDB

Total cloud-vendor lock-in. It's clear why the clouds want users investing in these difficult-to-migrate-from solutions...

curiousDog9y ago

Needs more hashtags. Reach all those Millenials graduating $10k 3-month bootcamps. Sigh.

camus29y ago

lol, yeah, this marketing piece doesn't really feel professional. It is littered with useless illustrations and bad poetry.

> Third, we do it with love…

With love for our money sure. What the hell does that even mean? I really rolled my eyes reading that blog post. This is childish and out of place for an article trying to sell security.

romanovcode9y ago

I think they know their target audience. (It's for MongoDB users after all.)

fb039y ago

It's really satisfying when I read some post with what I exactly wanted to write but didn't have the balls to. Thank you :)

flintchip9y ago

What a sweeping generalisation to make.

verandaguy9y ago

I've been out of touch with Mongo for a while, but when did it stop being common practice to just hide :27017 behind a firewall with only your app's DB access layer (or, at most, a few nodes in the local subnet) talking to it?

laurentdc9y ago

Probably around the same time ops were deemed useless :)

virmundi9y ago

I saw that chain too. I guess I do devops differently. Since I'm bootstrapping I don't have money for an ops person. So I've set about learning ufw, let's encrypt, nginx/tls termination to a service only accepting local connections to the port, etc. I see devops as the developer learning the ops side to take responsibility for the whole stack.

y0ghur7_xxx9y ago

> hide :27017 behind a firewall with only your app's DB access layer talking to it?

Because if you can do without it, why bother? Developing an access layer costs time and money. If you can leverage the DB features to do what you need, you can make you stack simpler and more maintainable.

bpicolo9y ago

It does not take that much time or effort to set up useful subnet/vpc security in AWS. Put the database in your VPC, say only your application vpc can talk to it. Done.

Reasonably good security practices are not that much effort, and really it's a case for respecting your users for the most part.

The security trust game is starting to blow up. Yahoo just lost $250million dollars to it.

ec1096859y ago

One of the best things about AWS is the "Jeff Barr style" posts describing every service they release. I find them much easier to consume than a blog post like this.

zip12349y ago

Well, this post was a marketing post, not a product release. Product release posts in Azure are much more informative for a dev that this post.

OJFord9y ago

> Product release posts in Azure are much more informative for a dev [than] this post.

Who is this for then?

http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcom...

hoodoof9y ago

AWS needs something like this.

The missing piece for the AWS serverless story is a database that is suitable for writing real world applications. DynamoDB is far from suitable for that task, which leaves AWS serverless with no good database.

kiallmacinnes9y ago

AWS has RDS - That's most certainly a database suitable for writing real world applications as its MySQL.

Does serverless somehow mandate a non SQL solution?

delta19y ago

RDS also supports PostgreSQL, SQL Server, Oracle, Aurora and MariaDB

hoodoof9y ago

RDS is server based - you need to pay to have an instance running per hour. That's not serverless. That's "serverful".

cyberferret9y ago

Yeah, I dabbled in DynamoDB for a recent project - couldn't really get my head around it - very strange sort of NoSQL database. The query language is incredibly arcane and wordy, and mostly inflexible.

Thinking of setting up an EC2 instance running RethinkDB or PouchDB for my project (and for future projects).

ZGF49y ago

Cross datacenter replication is the missing piece from AWS. I wish they'd just roll out a hosted Cassandra or something identical

jeffasinger9y ago

While probably not what you're looking for if you're mentioning Cassandra, RDS does let you have read replicas in any region.

manigandham9y ago

You can use scylladb.com and set it up pretty easily. Stable, distributed and fast out of the box with a lot less maintenance.

hayd9y ago

> DynamoDB is far from suitable for that task

why?

steve9189y ago

DynamoDB would be pretty close if it just allowed null values.

hoodoof9y ago

DynamoDB is effectively useless for querying, except perhaps for some sort of highly specialised application able to fit within the DynamoDB strange and arcane query model.

What sort of database is effectively useless for querying?

Also they need to ditch the really, really confusiong and limiting scaling model. For a database that advertises scaling as one of its key strengths, DynamoDB sure has a bad scaling story.

steve9189y ago

Actually I guess the query language and indexing is pretty limiting too.

etoykan9y ago

I think Microsoft should implement basic aggregation functions first.

ZGF49y ago

Implementing aggregation at query time is a temporary solution. For systems like this aggregation should be done on insert time - many hugely popular databases do not provide much more than a basic get operation for this reason

etoykan9y ago

You might be right but Mongo supports them and Microsoft says that we can start using DocumentDb without changing any line of code which is not true.

searchfaster9y ago

Interesting... So compatible with Mongodb protocol but not using mongodb internally ?

What is your view of services, which provide functionality of some other software or SAAS and is API / Protocol compatible ?

Can API / protocols be copyrighted or patented? I believe not based on Google vs Oracle.

willvarfar9y ago

Hasn't tokuMX already put a 'proper' solid DB behind the mongo API?

mat_keep9y ago

TokuMX was discontinued last year

supremesaboteur9y ago

> First and foremost, security is our priority

In response to https://www.theregister.co.uk/2017/01/09/mongodb/ ?

"MongoDB databases are being decimated in soaring ransomware attacks that have seen the number of compromised systems more than double to 27,000 in a day."

alexyoung9y ago

As someone that almost got bitten by MongoDB's lax auth defaults, I was happy to read that DocumentDB has enabled access control out of the box and no default username/password.

Also, there's a query playground if you want to try it out quickly: https://www.documentdb.com/sql/demo

raverbashing9y ago

It's important to be aware of security implications of leaving an unauthenticated server listening on the open internet (listening on 0.0.0.0 is not the default since some time now and if installing the rpm/deb package listening on 127.0.0.1 is the default option). Also never leave an internet facing server without a firewall.

As a SaaS it's not surprising DocumentDB got security configured, and it also won't be surprising when people lose data because they'll put '123456' as their password or commit their password to a public repository

tracker19y ago

Pretty much everything Azure does is over TLS and requires authentication.. some of the authentication for services is more convoluted than others.

Personally, I'm pretty happy with how easy it is to use the Azure Storage services (blob, tables, queues) as well as their Azure SQL offering. Far less arcane configuration options than you get with AWS's competing options. If only their compute nodes weren't so pricey.

EpicEng9y ago

Of course, you really shouldn't be exposing databases if you don't know how to administer them. I agree that the defaults should be better, but...

vikestep9y ago

We used to use DocumentDB, but switched to Azure Table Storage a while back. Did some benchmarking and DocumentDB was too slow for our needs (getting documents for a range between two epochs). Not sure if others experienced the same thing or if things have gotten better since then though.

dirkg9y ago

Never looked at DocumentDB before. So if I get this straight, I can get a fully managed DB that can scale easily, but still have all the advantages and compatibility of a regular NoSQL like Mongo?

I think that's a first, right?

redwood9y ago

Except that the advantages and compatibility are not all there. Plus there are now fully managed options for the real thing.

The advantages are real. Compatibility might not be 100%, but honestly Mongo isn't magic. DocumentDB has strengths of it's own.

willvarfar9y ago

Percona have their drop-in MongoDB replacement that uses TokuMX under the hood and they'll manage it for you.

mat_keep9y ago

TokuMX was discontinued last year

MongoDB Atlas will manage MongoDB for you

fergie9y ago

Isn't it the same general idea as Amazon's DynamoDB?

tech29y ago

So long as you skip over the costs if you want any kind of performance (you need to configure a "number of accesses per time period" with costs scaling alarmingly the higher you go)

dirkg9y ago

DynamoDB isn't the same thing at all, its very limited and you need to use it in very specific ways. You certainly can't just use your current MongoDb data with it.

doublerebel9y ago

Fully managed easily scalable nosql DBs have been available for many years as CouchDB variants from multiple providers.

al2o3cr9y ago

I hear it's got even better write performance than /dev/null ;)

rdiddly9y ago

Potter's paying 50 cents on the dollar for your shares in the Building & Loan...

trustfundbaby9y ago

From frying pan to fire probably.

z0noxz9y ago

Trading privacy for a false sense of security, are we?

Oletros9y ago

Trading privacy? Can you elaborate?

z0noxz9y ago

The idea of storing sensitive data at one of the most data hungry company in the world "for security", doesn't sound like it came from a genius. I thought I was pretty clear earlier?

Moving FOSS into the cloud as a SaS sounds kinda regressive to me...

joe5633239y ago

Microsoft trying hard to get developers to work on their platform and fail has really become very much fun. Microsoft deserves for being evil. Example: Microsoft does not save history in cmd shell(its so irritating for devs). The height of the cruelty is they aliased the curl and wget by default to its own program(do not remember).

bpicolo9y ago

Having a subpar shell application is evil?

joe5633239y ago

Aliasing linux command tools to its own is definitively evil https://daniel.haxx.se/blog/2016/08/19/removing-the-powershe...

partycoder9y ago

You cannot look at the code, and cannot monitor the infrastructure. The only thing left is trust.

Trust in the belief that Microsoft will act in your best interest regarding the privacy of your data.

But, isn't reasonable then to ask if Microsoft is actually trustworthy? PRISM, NSAKEY, Flame malware propagating via Windows Update, their 0day policy... I don't think Microsoft is trustworthy.

willvarfar9y ago

People choose managed services all the time.

If you worry about interception, then code inspection and monitoring isn't going to give you any assurances. You'd have to run open-source software locally, audit it, and not put it on a cloud like Azure in the first place?

(And the NSAKEY was something completely different if you dig into it.)

partycoder9y ago

Using a service means trusting a service. Nothing wrong with either, it's a decision up to the consumer.

I am just saying, in this specific case, should you trust Microsoft with your data? That's all.

https://feedback.azure.com/forums/263030-documentdb/filters/...

j / k navigate · click thread line to collapse

108 comments

morghus9y ago

Yes, except you can't do the most basic things with DocumentDB and it becomes very expensive very fast. Especially if you want multiple collections.

There's a lot lacking with DocumentDB, as evident from the feedback forum, that comparing it to Mongo is like comparing an infant to an adult. The infant might be cute, but it can't do a whole lot.

[1] https://news.ycombinator.com/item?id=13644789

To build something similarly sized with the free version of Mongo would also be expensive. It's a trade off.

mat_keep9y ago

When users have evaluated DocumentDB against MongoDB, they see major shortcomings in Microsoft's offering:

"As we were developing our new financial benchmarking service last year, we evaluated Microsoft’s Azure DocumentDB, but MongoDB offered much richer query and indexing functionality"

KPMG France https://www.mongodb.com/blog/post/kpmg-france-enters-the-clo...

redwood9y ago

All of the following three share something in common: 1) Microsoft Azure DocumentDB 2) Google Cloud Spanner 3) Amazon Web Services DynamoDB

Total cloud-vendor lock-in. It's clear why the clouds want users investing in these difficult-to-migrate-from solutions...

curiousDog9y ago

Needs more hashtags. Reach all those Millenials graduating $10k 3-month bootcamps. Sigh.

camus29y ago

lol, yeah, this marketing piece doesn't really feel professional. It is littered with useless illustrations and bad poetry.

> Third, we do it with love…

With love for our money sure. What the hell does that even mean? I really rolled my eyes reading that blog post. This is childish and out of place for an article trying to sell security.

romanovcode9y ago

I think they know their target audience. (It's for MongoDB users after all.)

fb039y ago

It's really satisfying when I read some post with what I exactly wanted to write but didn't have the balls to. Thank you :)

flintchip9y ago

What a sweeping generalisation to make.

verandaguy9y ago

laurentdc9y ago

Probably around the same time ops were deemed useless :)

virmundi9y ago

y0ghur7_xxx9y ago

> hide :27017 behind a firewall with only your app's DB access layer talking to it?

bpicolo9y ago

It does not take that much time or effort to set up useful subnet/vpc security in AWS. Put the database in your VPC, say only your application vpc can talk to it. Done.

Reasonably good security practices are not that much effort, and really it's a case for respecting your users for the most part.

The security trust game is starting to blow up. Yahoo just lost $250million dollars to it.

ec1096859y ago

One of the best things about AWS is the "Jeff Barr style" posts describing every service they release. I find them much easier to consume than a blog post like this.

zip12349y ago

Well, this post was a marketing post, not a product release. Product release posts in Azure are much more informative for a dev that this post.

OJFord9y ago

> Product release posts in Azure are much more informative for a dev [than] this post.

Who is this for then?

http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcom...

hoodoof9y ago

AWS needs something like this.

kiallmacinnes9y ago

AWS has RDS - That's most certainly a database suitable for writing real world applications as its MySQL.

Does serverless somehow mandate a non SQL solution?

delta19y ago

RDS also supports PostgreSQL, SQL Server, Oracle, Aurora and MariaDB

hoodoof9y ago

RDS is server based - you need to pay to have an instance running per hour. That's not serverless. That's "serverful".

cyberferret9y ago

Thinking of setting up an EC2 instance running RethinkDB or PouchDB for my project (and for future projects).

ZGF49y ago

Cross datacenter replication is the missing piece from AWS. I wish they'd just roll out a hosted Cassandra or something identical

jeffasinger9y ago

While probably not what you're looking for if you're mentioning Cassandra, RDS does let you have read replicas in any region.

manigandham9y ago

You can use scylladb.com and set it up pretty easily. Stable, distributed and fast out of the box with a lot less maintenance.

hayd9y ago

> DynamoDB is far from suitable for that task

why?

steve9189y ago

DynamoDB would be pretty close if it just allowed null values.

hoodoof9y ago

DynamoDB is effectively useless for querying, except perhaps for some sort of highly specialised application able to fit within the DynamoDB strange and arcane query model.

What sort of database is effectively useless for querying?

Also they need to ditch the really, really confusiong and limiting scaling model. For a database that advertises scaling as one of its key strengths, DynamoDB sure has a bad scaling story.

steve9189y ago

Actually I guess the query language and indexing is pretty limiting too.

etoykan9y ago

I think Microsoft should implement basic aggregation functions first.

ZGF49y ago

etoykan9y ago

You might be right but Mongo supports them and Microsoft says that we can start using DocumentDb without changing any line of code which is not true.

searchfaster9y ago

Interesting... So compatible with Mongodb protocol but not using mongodb internally ?

What is your view of services, which provide functionality of some other software or SAAS and is API / Protocol compatible ?

Can API / protocols be copyrighted or patented? I believe not based on Google vs Oracle.

willvarfar9y ago

Hasn't tokuMX already put a 'proper' solid DB behind the mongo API?

mat_keep9y ago

TokuMX was discontinued last year

supremesaboteur9y ago

> First and foremost, security is our priority

In response to https://www.theregister.co.uk/2017/01/09/mongodb/ ?

"MongoDB databases are being decimated in soaring ransomware attacks that have seen the number of compromised systems more than double to 27,000 in a day."

alexyoung9y ago

As someone that almost got bitten by MongoDB's lax auth defaults, I was happy to read that DocumentDB has enabled access control out of the box and no default username/password.

Also, there's a query playground if you want to try it out quickly: https://www.documentdb.com/sql/demo

raverbashing9y ago

tracker19y ago

Pretty much everything Azure does is over TLS and requires authentication.. some of the authentication for services is more convoluted than others.

EpicEng9y ago

Of course, you really shouldn't be exposing databases if you don't know how to administer them. I agree that the defaults should be better, but...

vikestep9y ago

dirkg9y ago

Never looked at DocumentDB before. So if I get this straight, I can get a fully managed DB that can scale easily, but still have all the advantages and compatibility of a regular NoSQL like Mongo?

I think that's a first, right?

redwood9y ago

Except that the advantages and compatibility are not all there. Plus there are now fully managed options for the real thing.

The advantages are real. Compatibility might not be 100%, but honestly Mongo isn't magic. DocumentDB has strengths of it's own.

willvarfar9y ago

Percona have their drop-in MongoDB replacement that uses TokuMX under the hood and they'll manage it for you.

mat_keep9y ago

TokuMX was discontinued last year

MongoDB Atlas will manage MongoDB for you

fergie9y ago

Isn't it the same general idea as Amazon's DynamoDB?

tech29y ago

So long as you skip over the costs if you want any kind of performance (you need to configure a "number of accesses per time period" with costs scaling alarmingly the higher you go)

dirkg9y ago

DynamoDB isn't the same thing at all, its very limited and you need to use it in very specific ways. You certainly can't just use your current MongoDb data with it.

doublerebel9y ago

Fully managed easily scalable nosql DBs have been available for many years as CouchDB variants from multiple providers.

al2o3cr9y ago

I hear it's got even better write performance than /dev/null ;)

rdiddly9y ago

Potter's paying 50 cents on the dollar for your shares in the Building & Loan...

trustfundbaby9y ago

From frying pan to fire probably.

z0noxz9y ago

Trading privacy for a false sense of security, are we?

Oletros9y ago

Trading privacy? Can you elaborate?

z0noxz9y ago

The idea of storing sensitive data at one of the most data hungry company in the world "for security", doesn't sound like it came from a genius. I thought I was pretty clear earlier?

Moving FOSS into the cloud as a SaS sounds kinda regressive to me...

joe5633239y ago

bpicolo9y ago

Having a subpar shell application is evil?

joe5633239y ago

Aliasing linux command tools to its own is definitively evil https://daniel.haxx.se/blog/2016/08/19/removing-the-powershe...

partycoder9y ago

You cannot look at the code, and cannot monitor the infrastructure. The only thing left is trust.

Trust in the belief that Microsoft will act in your best interest regarding the privacy of your data.

But, isn't reasonable then to ask if Microsoft is actually trustworthy? PRISM, NSAKEY, Flame malware propagating via Windows Update, their 0day policy... I don't think Microsoft is trustworthy.

willvarfar9y ago

People choose managed services all the time.

(And the NSAKEY was something completely different if you dig into it.)

partycoder9y ago

Using a service means trusting a service. Nothing wrong with either, it's a decision up to the consumer.

I am just saying, in this specific case, should you trust Microsoft with your data? That's all.