
Dear MongoDB users, we welcome you in Azure DocumentDB - jeremya
https://azure.microsoft.com/en-us/blog/dear-mongodb-users-we-welcome-you-in-azure-documentdb/
======
morghus
Yes, except you can't do the most basic things with DocumentDB and it becomes
very expensive very fast. Especially if you want multiple collections.

There's a lot lacking with DocumentDB, as evident from the feedback forum,
that comparing it to Mongo is like comparing an infant to an adult. The infant
might be cute, but it can't do a whole lot.

[https://feedback.azure.com/forums/263030-documentdb/filters/...](https://feedback.azure.com/forums/263030-documentdb/filters/top)

~~~
youdontknowtho
To build something similarly sized with the free version of Mongo would also
be expensive. It's a trade off.

------
mat_keep
When users have evaluated DocumentDB against MongoDB, they see major
shortcomings in Microsoft's offering:

"As we were developing our new financial benchmarking service last year, we
evaluated Microsoft’s Azure DocumentDB, but MongoDB offered much richer query
and indexing functionality"

KPMG France [https://www.mongodb.com/blog/post/kpmg-france-enters-the-
clo...](https://www.mongodb.com/blog/post/kpmg-france-enters-the-cloud-era-
with-new-mongodb-data-lake)

------
redwood
All of the following three share something in common: 1) Microsoft Azure
DocumentDB 2) Google Cloud Spanner 3) Amazon Web Services DynamoDB

Total cloud-vendor lock-in. It's clear why the clouds want users investing in
these difficult-to-migrate-from solutions...

------
curiousDog
Needs more hashtags. Reach all those Millenials graduating $10k 3-month
bootcamps. Sigh.

~~~
camus2
lol, yeah, this marketing piece doesn't really feel professional. It is
littered with useless illustrations and bad poetry.

> Third, we do it with love…

With love for our money sure. What the hell does that even mean? I really
rolled my eyes reading that blog post. This is childish and out of place for
an article trying to sell security.

~~~
romanovcode
I think they know their target audience. (It's for MongoDB users after all.)

------
verandaguy
I've been out of touch with Mongo for a while, but when did it stop being
common practice to just hide :27017 behind a firewall with only your app's DB
access layer (or, at most, a few nodes in the local subnet) talking to it?

~~~
laurentdc
Probably around the same time ops were deemed useless :)

[1]
[https://news.ycombinator.com/item?id=13644789](https://news.ycombinator.com/item?id=13644789)

~~~
virmundi
I saw that chain too. I guess I do devops differently. Since I'm bootstrapping
I don't have money for an ops person. So I've set about learning ufw, let's
encrypt, nginx/tls termination to a service only accepting local connections
to the port, etc. I see devops as the developer learning the ops side to take
responsibility for the whole stack.

~~~
damagednoob
As a dev, I've been going through the same process for several months now.
Honestly, for each of the concepts I've come across (ufw, let's encrypt, etc),
you _might_ bang your head for a few days with each one but you will
eventually _get it_. I don't know why people make it out to be so difficult.

~~~
astral303
Stigma around ops and QA work.

------
ec109685
One of the best things about AWS is the "Jeff Barr style" posts describing
every service they release. I find them much easier to consume than a blog
post like this.

~~~
zip1234
Well, this post was a marketing post, not a product release. Product release
posts in Azure are much more informative for a dev that this post.

~~~
OJFord
> _Product release posts in Azure are much more informative for a dev [than]
> this post._

Who _is_ this for then?

~~~
tracker1
The dev managers that see a new buzzword and think, " _ooh_ azure supports
mongo now... we should target it for our new app, I hear that MEAN stack is
really nice, it should fit right in."

------
hoodoof
AWS needs something like this.

The missing piece for the AWS serverless story is a database that is suitable
for writing real world applications. DynamoDB is far from suitable for that
task, which leaves AWS serverless with no good database.

~~~
kiallmacinnes
AWS has RDS - That's most certainly a database suitable for writing real world
applications as its MySQL.

Does serverless somehow mandate a non SQL solution?

~~~
hoodoof
RDS is server based - you need to pay to have an instance running per hour.
That's not serverless. That's "serverful".

~~~
kiallmacinnes
I'm not sure how that differs from Azure Document DB? I have no inside info on
this, but, I'm pretty sure it runs on a server too.. In the specific context
of databases used for "serverless", clearly there are servers involved, it's
simply that your application and ops team doesn't manage them.

What I'm getting at is, a hosted DB is a hosted DB.. What makes SQL unsuitable
for serverless?

~~~
kiallmacinnes
Replying to myself here, I missed a key point.. the issue you raise is that
you're billed per hour, even when it's unused? That makes some amount of
sense, but any data storage is going to come with a per hour bill - either for
the instance of it, or the data within it.

Anyway, my bad, I now see your point :)

------
etoykan
I think Microsoft should implement basic aggregation functions first.

~~~
ZGF4
Implementing aggregation at query time is a temporary solution. For systems
like this aggregation should be done on insert time - many hugely popular
databases do not provide much more than a basic get operation for this reason

~~~
etoykan
You might be right but Mongo supports them and Microsoft says that we can
start using DocumentDb without changing any line of code which is not true.

~~~
ZGF4
Yeah I don't get why they're marketing to Mongo users, weird choice. This is a
DB for companies trying to moved to a query-less architecture - something no
one should be doing with mongo

~~~
zip1234
I never thought about it that way but makes total sense. Clearly you 'get' it!

------
searchfaster
Interesting... So compatible with Mongodb protocol but not using mongodb
internally ?

What is your view of services, which provide functionality of some other
software or SAAS and is API / Protocol compatible ?

Can API / protocols be copyrighted or patented? I believe not based on Google
vs Oracle.

~~~
willvarfar
Hasn't tokuMX already put a 'proper' solid DB behind the mongo API?

~~~
mat_keep
TokuMX was discontinued last year

------
supremesaboteur
> First and foremost, security is our priority

In response to
[https://www.theregister.co.uk/2017/01/09/mongodb/](https://www.theregister.co.uk/2017/01/09/mongodb/)
?

"MongoDB databases are being decimated in soaring ransomware attacks that have
seen the number of compromised systems more than double to 27,000 in a day."

------
alexyoung
As someone that almost got bitten by MongoDB's lax auth defaults, I was happy
to read that DocumentDB has enabled access control out of the box and no
default username/password.

Also, there's a query playground if you want to try it out quickly:
[https://www.documentdb.com/sql/demo](https://www.documentdb.com/sql/demo)

~~~
raverbashing
It's important to be aware of security implications of leaving an
unauthenticated server listening on the open internet (listening on 0.0.0.0 is
_not_ the default since some time now and if installing the rpm/deb package
listening on 127.0.0.1 is the default option). Also never leave an internet
facing server without a firewall.

As a SaaS it's not surprising DocumentDB got security configured, and it also
won't be surprising when people lose data because they'll put '123456' as
their password or commit their password to a public repository

~~~
tracker1
Pretty much everything Azure does is over TLS and requires authentication..
some of the authentication for services is more convoluted than others.

Personally, I'm pretty happy with how easy it is to use the Azure Storage
services (blob, tables, queues) as well as their Azure SQL offering. Far less
arcane configuration options than you get with AWS's competing options. If
only their compute nodes weren't so pricey.

------
vikestep
We used to use DocumentDB, but switched to Azure Table Storage a while back.
Did some benchmarking and DocumentDB was too slow for our needs (getting
documents for a range between two epochs). Not sure if others experienced the
same thing or if things have gotten better since then though.

------
dirkg
Never looked at DocumentDB before. So if I get this straight, I can get a
fully managed DB that can scale easily, but still have all the advantages and
compatibility of a regular NoSQL like Mongo?

I think that's a first, right?

~~~
fergie
Isn't it the same general idea as Amazon's DynamoDB?

~~~
tech2
So long as you skip over the costs if you want any kind of performance (you
need to configure a "number of accesses per time period" with costs scaling
alarmingly the higher you go)

------
al2o3cr
I hear it's got even better write performance than /dev/null ;)

------
rdiddly
Potter's paying 50 cents on the dollar for your shares in the Building &
Loan...

------
trustfundbaby
From frying pan to fire probably.

------
z0noxz
Trading privacy for a false sense of security, are we?

~~~
Oletros
Trading privacy? Can you elaborate?

~~~
z0noxz
The idea of storing sensitive data at one of the most data hungry company in
the world "for security", doesn't sound like it came from a genius. I thought
I was pretty clear earlier?

Moving FOSS into the cloud as a SaS sounds kinda regressive to me...

~~~
Oletros
If you can explain your fears perhaps we would understand, because I still
don't know why using Azure is a privacy trade? Does Microsoft "steal" the
data?

~~~
z0noxz
It happens all the time, and also; when using proprietary software you never
know, and that's the big issue (for me). I never use SaS or MS-products (I
only use FOSS) so I don't fear for myself.

~~~
bykovich
When has a SaaS operator stolen data hosted on their service?

~~~
avh02
Not agreeing with thread OP here, but I would certainly differentiate between
"stealing" and "exploiting" (not in a security exploit sense). User data
certainly gets exploited on _some_ SaaSs that would otherwise be unexploitable
on your own stack.

I'm not saying this necessarily applies to compute engines or storage as a
service or whatever, but something like gmail (SaaS) where your data is used
to target ads at you could be considered exploiting your data. I would not put
it beyond large companies to start considering doing the same on their
storage-as-a-service offerings soon enough.

~~~
Oletros
The difference is that in the case of Gmail, monetisation is though ads and in
the case of compute engine or storage the monetisation is through client
payments.

If Google, Microsoft or other companies start to look at the data to exploit
it hey will lose trust, the customers and the data.

------
joe563323
Microsoft trying hard to get developers to work on their platform and fail has
really become very much fun. Microsoft deserves for being evil. Example:
Microsoft does not save history in cmd shell(its so irritating for devs). The
height of the cruelty is they aliased the curl and wget by __default __to its
own program(do not remember).

~~~
bpicolo
Having a subpar shell application is evil?

~~~
joe563323
Aliasing linux command tools to its own is definitively evil
[https://daniel.haxx.se/blog/2016/08/19/removing-the-
powershe...](https://daniel.haxx.se/blog/2016/08/19/removing-the-powershell-
curl-alias/)

------
partycoder
You cannot look at the code, and cannot monitor the infrastructure. The only
thing left is trust.

Trust in the belief that Microsoft will act in your best interest regarding
the privacy of your data.

But, isn't reasonable then to ask if Microsoft is actually trustworthy? PRISM,
NSAKEY, Flame malware propagating via Windows Update, their 0day policy... I
don't think Microsoft is trustworthy.

~~~
willvarfar
People choose managed services all the time.

If you worry about interception, then code inspection and monitoring isn't
going to give you any assurances. You'd have to run open-source software
locally, audit it, and not put it on a cloud like Azure in the first place?

(And the NSAKEY was something completely different if you dig into it.)

~~~
partycoder
Using a service means trusting a service. Nothing wrong with either, it's a
decision up to the consumer.

I am just saying, in this specific case, should you trust Microsoft with your
data? That's all.

~~~
itaysk
[https://www.microsoft.com/en-
us/TrustCenter/Privacy/default....](https://www.microsoft.com/en-
us/TrustCenter/Privacy/default.aspx)

If you don't trust MS you can trust one of the organisations that certified
them for the strictest compliance and regulations in the public cloud space.

~~~
partycoder
Sounds good. But how do you exactly verify those claims? Again, you can't. You
are back to square 1: trusting Microsoft acts in good faith and acts in your
best interest.

~~~
EpicEng
How do you verify that a doctor is making the right call re how to treat your
cancer? You either become a doctor yourself, or trust that they know what
they're doing.

~~~
partycoder
And what if a doctor has a controversial reputation?

~~~
EpicEng
Then you can make a decision to go with another doctor. Are you questioning
the reputation of the auditors, or just writing off MS across the board?

~~~
partycoder
You can have audit proof software that is completely secure. If you tamper the
infrastructure, share keys, leave obscure backdoors, etc. it is not hard to
come up with a NOBUS scheme.

