When MongoDB chose to extend its database monitoring service to include backup and restore capabilities, they needed a secure, two factor authentication solution to authorize handling of user data. By integrating their backup functionality with Twilio’s SMS API, they were able to guarantee secure access for their customers, from day one. The development process was both painless and fast: MongoDB was able to implement two factor authentication via SMS in just one week!
MongoDB, started in 2007, is reinventing data management and powering big data as the leading NoSQL database provider. With an open-source product, MongoDB enables new types of applications, better customer experience, faster time to market, and lower costs for its customers. With offices around the world, it has a thriving global community with more than 600 customers, including many of the world’s largest organizations.
In 2010, MongoDB initiated free monitoring of customers’ database instances as part of the MongoDB Management Service (MMS). Over 20,000 MMS customers use a self-service web site to set up monitoring and alert triggers related to host operation, database operation, and database usage. Alerts are delivered by email and through text messages powered by Twilio.
When MongoDB wanted to add pay-as-you-go backup and recovery capabilities, they again looked to Twilio. “We didn’t have any trouble implementing messages for alerts, so it seemed the best choice for this offering,” said Cailin Nelson, MMS Director of Engineering.
MongoDB realized that a self-service backup tool required strong user authentication. There had to be no doubt that only authorized users would be allowed to perform operations that could result in loss or exposure of mission-critical data. They chose to implement a two factor authentication solution using Twilio SMS to increase security. When a critical operation is requested, an SMS message with a numeric code is sent to the user’s cell phone; the user just needs to enter that same number in the web page in order to get authenticated.
MongoDB needed an SMS solution that was easy to implement, easy to integrate, and reliable for their Java-based application. “Using Twilio was all smooth sailing. Our backup system is a big, complex application if you consider the whole thing,” said Cailin. “It’s nice that the Twilio part was just painless. The APIs just get the job done; you don’t have to think about it a lot.”
MongoDB developers were able to include two factor authentication functionality in just a week, facilitating the launch in April, 2013. According to Vladimir Mukhin, Principal Software Engineer at MongoDB, “Building out the entire SMS infrastructure ourselves would have just been impossible. It’s nice that there’s a platform available that’s so well documented that you can grab off the shelf. It just really took a huge weight of technology off of our shoulders”
How has the solution been working? Meghan Gill, Director of Cloud Marketing at MongoDB, commented “No news is good news.” MongoDB customers use the backup service day in and day out without human intervention, and are extremely satisfied.