Track a MongoDB cluster or node
Cyral supports standalone MongoDB servers and MongoDB replica set clusters. MongoDB sharded clusters are not supported.
The first step in adding Cyral to a data repository is to create an entry for it in Cyral's inventory.
In the Cyral management console, navigate to the Data Repositories tab and click the plus button.
In the pop-up dialog, specify the following:
In type choose MongoDB.
In hostname, specify address or hostname of the endpoint of one node in the MongDB replica set. For example, for example
mycluster-shard-00-01.example.mongodb.net). Cyral will automatically/dynamically identify the remaining nodes of the replication cluster.
The endpoint must be a DNS record that can be resolved to an IP address (a DNS A record or a CNAME record). DNS SRV records are not supported.
This is the address at which Cyral connects to the repository, and we refer to it as the data repository endpoint. Later, when you assign this repository to its sidecar, you will establish a separate user-facing address, the sidecar load balancer address. Data users connect to the repository through the sidecar load balancer address.
port is the port number at which Cyral connects to the repository. The default port for MongoDB is 27017. Check your cluster configuration to find the correct port.
This is not necessarily the port number that data users will specify when they connect to the repository. You'll set the user-facing port(s) later, when you assign this repository to its sidecar.
name is a name you choose to represent this repository in Cyral. Data users can find the repository using this name. Your administrators will use this name in policies, and it will appear in logs and other controls.
In the Replica Sets panel, choose one of the following, based on your needs:
- To protect a single MongoDB node, leave the checkbox unchecked and click Track. Proceed to Assign a repository to a sidecar to assign this repository to its sidecar.
- To protect a MongoDB cluster, check the This repository is a replica set checkbox and continue to follow the steps below.
In Max number of nodes, specify the maximum number of nodes you expect this cluster to have, taking into consideration future growth. This number must be at least equal to the number of nodes currently in your cluster. This number is used for port reservation in the sidecar.
You can change this number later in the data repo configuration page, but any change will require that you re-assign this repository to the sidecar.
To find the number of nodes in your MongoDB cluster, go to the MongoDB Atlas admin portal, open the page for your cluster, and check the TYPE description. It shows "Replica Set" and the number of nodes. In the Atlas admin portal, click on the cluster name to list all the nodes in the cluster and their respective endpoints.
Once added, the cluster will be reachable at a range of port numbers, but not all port numbers in the range need to be in use at time of deployment.
In Replica set ID specify the the replica set identifier, a string value that identifies the MongoDB replica set cluster. To find your replica set ID, see our article, Finding the replica set name of a MongoDB cluster
This value is used for constructing the URI command (available in Cyral's Access Token page) that your users will need for connecting to the repository via Cyral. If this value is not present in the URI used by the client application, the application will connect to a single node instead of the whole cluster, so this value is required.