TechnologyJuly 27, 2020

[Webcast] 10 Clever Astra Demos: Build Cloud-Native Apps with the Astra DBaaS

[Webcast] 10 Clever Astra Demos: Build Cloud-Native Apps with the Astra DBaaS

How fast can you build a cloud-native app on a Database-as-a-Service? What new APIs and familiar open-source tools are at your disposal? How many can we demo in 50 minutes!? 

Join us, Jim McCollom and Matt Kennedy, engineering and product leaders for DataStax Astra while we highlight and walk you through some of the most powerful Astra features to accelerate your productivity and reduce your time to deliver.

In this recorded webinar below, we show 10 rapid-fire demos of how to use Astra, the Cassandra DBaaS, including:

  • Using Roles and User Management 
  • Sharing Databases
  • REST with Curl
  • REST with Postman
  • GraphQL
  • DSBulk
  • Geospatial Search
  • NoSQL Bench
  • Expansion
  • VPC Peering

We hope you find this session inspiring and informative! Sign up for the free 10GB Astra tier and start building!

Transcript

Introduction 

Matt Kennedy:
Good morning. Thank you for joining us for today's webinar, 10 Clever Astra Tricks. My name is Matt Kennedy. I am a product manager here at DataStax. I've got with me today, Jim McCollom, who leads our cloud engineering team.

So, as many of you know, DataStax Astra is our database as a service and we recently went GA with that. Today, we want to go through some quick demos and show you some of the clever things you can do with Astra. So let's get to it.

Using Roles and User Management

Matt Kennedy:
Okay, so as you can see, I have two databases here, one is Astra tricks, that's a free tier database. We're going to go into that and go into the CQL console. Now, what I'm going to be doing is creating some additional users and roles for us to use to control permissions on the database. I will log in with the user that I created when we spun up the Astra database and now I'm just going to paste in a couple of commands and we'll go through what those all are. I need to use keyspace, one, to make that work. There we go. Okay.

Matt Kennedy:
What I've done here is I created a table and then I inserted the data row into the table, I made sure that my insert worked and then I also created a few roles. Now, what we have here is a read only role, a mutant role and a maker role. Now, those are going to be users that can only read data from tables, users that do have permissions to update tables and then users that have permissions to make tables. You'll see that we inherit all of the permissions on a table when you are the one that made it.

Now, what I'm going to do is copy a couple of grant statements over and go through what each of these does. Here, we have to grant describe and select on keyspace one to read only. That user is going to be able to just describe and select resources in the keyspace. We are granting update on keyspace one to mutant. We grant describe on keyspace one to maker, but we also grant create on all tables in keyspace one to maker. Those are all relatively straightforward permissions but now we need some real users, users that will be able to log in, in order to use those permissions.

Matt Kennedy:
I'm going to create a bunch of those here. I'll paste in an Alice and a Bob user and then I'm also going to need to create a Charlie user. Create Charlie with login equals true and password equals Charlie pass. Okay, great.

Now, what I should be able to do is associate these real users with particular roles. What I want to do is grant read only to Alice, grant mutant Bob and grant maker to Charlie. Okay. Now, we're going to exit out of here and login as these users and see what they can do.

First, I'm actually going to log in as Charlie. I use the wrong password. I'm going to try that again because I forgot my password scheme. We'll say the user is Charlie and the password this time I will get right. We're going to use keyspace one just to set ourselves into keyspace one. Now, I'm going to try to read from that staxers table that I created. I have to use a full read command to do that but as you can see, I have no select permission on that table but what I can do is create a table and I'm just going to make this a simple key value table. We're going to have a text key, that is the primary key and value is also text. Okay, that's a really simple table.

Matt Kennedy:
Now I'm going to insert into kv, values and we're just going to make a simple one and a key value entry in that table and I can read back from that. I have permission to read the table I created even though I did not have permission to read that staxers table.

Now, let's see what we can do with one of the other users. Click over here to reset this really quickly. Let's log in as Alice. Now here, we'll see that Alice, I will use keyspace one first. Here, we'll see that Alice can, in fact, read from staxers because she was granted read only permission but what she can't do is insert into staxers alice@place.com and that's not right. Insert into staxers email, first name, last name, hire date, and then it would be values. We'll just say alice@place.com. It is Alice, last name, Allison and hire date is, let's say July 4th, right? Alice isn't going to be able to make that insert but not for the reasons that just showed up in that error message. This should actually be values. User Alice has no update permissions on the table and we expected that.

Matt Kennedy:
That said, if I go and copy this, I can come in and login as Bob and that'll be Bob pass. Now, I can run that same command again. I need to specify what keyspace I want to use. I'm going to use keyspace one and run that insert again and I'm good to go because Bob does have the insert permissions but even though he didn't create the kv table, we’ll have him try to insert some data into that and we'll make him insert 2B as a data record into that table. I did the same typo again, values and you see because he has insert or rather update on everything created there, he didn't have to be granted specific permission to insert into kv. He basically got that permission from the role he has.

That was a quick look at how you can use permissions that are really simple model to have users that have read only permissions, users that can update rows and tables or update also means insert rows into tables, and then finally, we have the role that allows you to create tables and inherit all of the permissions on those tables. All right, so let's move on to the next demo.

Sharing Databases

Matt Kennedy:
Now that we've created some users, I want to use those users we created to actually share access to these databases. I'm going to invite sort of myself to an organization here. This matt.kennedy@datastax.com, organization is myself account as it were. I'm going to go to view users and as you can see, I've added a personal email address to this group. Now, I can use that to access databases I've created under this account. 

What I'm going to do is switch over to an incognito window here real quick. Okay, as you can see, this is an incognito window that I have used to sign into Astra with my other account. Now, here's a quick tip, you see that we use intercom overlays to help nudge people through the process of creating a database. If you're anything like my kids when I had them test this, you are inclined to just want to click this away. Hit that X and it won't bother you anymore but we're not going to create a database right now. We are going to switch over to this organization and we're going to see that we have access to this Astra Tricks database.

Matt Kennedy:
Now, the way we log in here is I have communicated to myself what Charlie's password is. I can log in with Charlie here. Now, having shared a simple CQL user with another Astra user, I've been able to share access to this database. This user can now create tables to their hearts content and use the database all without having any access permissions that the owner doesn't want them to have.

For example, I can open developer studio from the actions menu, but I can't terminate the database. The owner has only given me access to the database. He hasn't given me the ability to really do much of consequence from this actions menu like terminate or anything. I have restricted permissions. That's one way to use those subordinate users that you create with your initial account is you can share access across Astra accounts with those databases.

REST with Curl

Matt Kennedy:
Okay, so we're back at our list of databases. I'm going to go back into Astra Tricks and this time, I want to look at the API access section here. If I open this API documentation tab, I go over here to our docs on how to use these APIs so we can first generate an authorization token, then we'll look at retrieving rows from the table but here, you can find comprehensive REST docs for everything you would need to interact with the pre-built REST endpoint for your tables. I'll talk a little bit more about what that means exactly as I show the demo.

What I want to do right now is hit this button here to copy this URL to the clipboard and then I am going to switch over to a terminal window. Okay, I've switched over to my terminal window and now I'm going to do a shell variable for that URL that we copied in. Okay, that's just going to make it a little bit easier for us to work with. I'm also going to do export Astra user. We're going to use Charlie right now and export Astra pass and we will use Charlie pass, right? Okay.

Matt Kennedy:
Now, we're going to bring in a curl command that lets us get a request token. That is going to look like this. We'll walk through each line of this. The first is curl dash I with a post request type. This basically says send an HTTP post and we want to print out the headers we get back or the response codes we get back with this dash I. We're going to be sending this request to our URL plus of V1 slash auth path component to the end of that. We have a couple of mime type settings here and then we're also going to set this X Cassandra request ID to be a UUID and we just use this built-in UUID Gen command that is available on most Linux's and recent Mac OS distributions. Then finally, for the post body, we're going to send this data, which is a JSON string that has an Astra user and password in it. Those are both environment variables that we set from the shell earlier, you'll remember.

Matt Kennedy:
Now, we are going to get back this auth token. We are going to copy that now and say, export token equals that value. Okay, so now we should be able to do other kinds of requests without having to send our username and password. We'll use the token for subsequent requests.

Now, what I want to look at is let's take a look at that staxers table that I created before, right? You remember the staxers table, whoops, I copied in the wrong thing there, the staxers table is when Charlie should not be able to read. We are expecting to run this and get an error back.

Matt Kennedy:
Here, you can see that the URL is a lot longer. We are still using that base URL variable but we have added a whole bunch of path components to it to address our keyspace one, the table staxers and the primary row for or the primary key for a row in that table. Then, we once again, generate a UUID and we are passing the token. Okay?

Now we see we get unable to execute the select query that's because we have the wrong permissions. Let's see what happens if we change this from a table that we don't have permissions on to one that we do. If you'll remember, we have a table called kv that Charlie created and the primary key there was one. Now, we will see that we have our key and value one and A for that row back. That's a simple example of how we use REST with curl, which I like to have access to because it's a lowest common denominator kind of tool, makes it very easy to get up and running with REST endpoints really quickly but now we're going to switch over and show what postman looks like. All right.

REST with Postman

Matt Kennedy:
What we're looking at here is a relatively blank postman environment. I have created a collection that will add some requests to and I have a couple of environments that I'm going to switch between. Let's take a look at those. Demo environment one has the base URL that we copied from the Astra console and we've also set it up with Charlie and Charlie pass as our username and password. There is a token here, which I'm actually going to delete for now because we're going to recreate that. Take the token out of that environment. Then, let's also look at environment two, we'll take the token out of that environment as well where I get that back. Here, it's the same URL, but we are using a different username and password.

Now, we've investigated those environments. Let's look at how we make a request. I've pre-created a request here. Let's look at what this looks like. This is the V one slash auth request. What we're going to be doing is getting back an auth token, right? We send these three headers. Instead of the curl command which used UUID Gen, we're going to have a random UUID built-in function here that creates that UUID for us and then on the body, we are also using the environment variables. They obviously look a little bit different than in a shell context but we should be able to send this and get back an auth token.

Matt Kennedy:
Now, I'll point out one other thing, under tests, what we're going to do is run a little bit of JavaScript and this is going to grab the off token part of the JavaScript return and put that back into an environment variable called token. We'll see how that works. Note that the current token is this B1A value, we're going to send a new request and we get 477D et cetera. Let's look and see if that was set correctly in the environment. It was. Our little JavaScript re-added that token back. It's a really handy snippet to have available to you just when you are working with API's that use this kind of system. 

For now, let's actually create a new request and let's do that based on the curl command we ran earlier. Here, we're going to use the import function and we're going to say this is raw text. I just pasted in that curl command that I used earlier and you see it's created a new GET request for me with that URL. Now it screwed a couple of things up because I need to make that REST URL a variable that it understands. Let's go look at the headers.

Matt Kennedy:
Now, my UUID Gen command is back. We need to convert that into the random UUID generator and then also token is in the wrong syntax, right? If we just set it like that, it's not going to know to pick the token out of the environment. We set that up like that. This is a GET request so there's nobody and we don't really have any test to do at this point.

Because we are using Charlie and Charlie does not have access to this table, we are expecting to get an error back, unable to execute select query and that is correct. Now, we're going to switch over to environment two. We're going to re-authenticate ourself. Let's look to make sure. There's no token here for Alice right now but we're going to re-authenticate ourselves against the endpoint. We have this 681B token we expect to see there now. We do. Our JavaScript worked as we expected. Now, we are going to run that GET request again. We should see data back as, in fact, we do.

Matt Kennedy:
That was a quick run through of postman. I'll finish out with a couple little tricks here on how you save. What I want to do is call this GET off token. I want to add that to my demo collection, save to demo. Here, I am going to save this and call this GET sample row and I'll also save that to demo, right?

This is how I create a collection of requests for a particular REST endpoint. I can switch between environments and I can use that to change URLs or parameters or usernames. Now, I have this nice little REST toolkit that I can use to also hit my Astra REST endpoints.

Matt Kennedy:
Let's talk about those REST endpoints a little bit because they're interesting in and of themselves. We are essentially creating REST and GraphQL endpoints for you with absolutely no coding required on the part of the end user. All you have to do is create a table in CQL and then you have an automatically generated endpoint that you can hit with REST or GraphQL tooling. Pretty convenient way to go from setting up a data model to immediately testing APIs that you can use either for UI development or for serving as regular APIs with CRUD functionality. Let's move on to the next thing now.

GraphQL

Matt Kennedy:
We've talked about the REST API endpoint. Let's look at GraphQL now. I am just going to grab this onto the clipboard. I want to jump into CQL console just to remind ourselves about some of the data that we have in the database. We will log in as my admin user and then we're going to do select star from keyspace one dot kv. You remember this is one of the tables we created earlier and it has two keys in it, one and two with values A and B. Fairly easy to remember that.

We're now going to switch over to GraphQL playground, which is like postman but specifically for GraphQL. Now, we're in GraphQL playground. I'm going to paste my URL in there and we'll see that I get a 401 response code. That's because I'm missing some headers. I need to get those headers in and I'm going to pull those headers from some notes I've taken but what I've got right now is headers that don't have a token. I am going to go just pop over to my terminal real quick and generate one of those. I'm not going to share that part of the screen because I've shown that before but rest assured I just got a new token. You see on the right side, there's been some refreshing going on but as I enter a token that does have the ability to authenticate in, now we just see the normal hit the play button to get a response but we don't really have a query.

Matt Kennedy:
What I want to do is put in query and now we are going to look over at the schema to see what we have. We have a type called kv. We can query kv and then we want to look at values from kv and finally, we're going to grab one column from kv, which I happen to know is key, right? Let's see what happens when we run that. Now, we got... I had syntax error there, the values not value. All right. Now, we run this again and we should see that we are getting key one and key two. If we want to look at more of those, we see here that I have autocomplete because it is pulling the schema from the server. I can go ahead and say I want to see the key and the value from table kv on this query here in GraphQL. It's just a quick whirlwind tour of GraphQL.

Let's now turn our attention to something really completely different than what we've been looking at so far.

Jim McCollom:
I wanted to, those demos that you had around the users and roles were super important. They bring out a conscious decision we made when designing Astra, which was we wanted to break down the difference in roles between the operators and SysAdmins and the developers. The first example really dove into how developers build different users for their application roles. Then, you went into how as an administrator or an operator, do I limit access to the infrastructure we've created. We did a very conscious split there because it is a, they are two different roles with two different types of security concerns there. I also love how you tie it back to the REST example and show the actual users and again, how you can use different users for different parts of your application. You could use a user for pulling product catalogs and that user can read that table but you're only an administrator who can write to that table. You can actually see your application all the way down at the Cassandra and Astra end of things.

Matt Kennedy:
Yeah, that's pretty key being able to use roles effectively can sometimes make the application level security model a lot simpler. It's worth kind of trying to find the right model that works for you and put some thought into that.

Just on the off chance that I am overly VoIP in this session, I'm struggling with bandwidth today because both of my kids are at summer camp over Zoom, challenges of modern life. I apologize if I've been laggy or VoIP. I'm going to move on to the next demo now.

DSBulk & Geospatial Search

Matt Kennedy:
Now, completely switching gears, we're going to take a look at this C10 database I have here and we're going to do two things here, we are going to show you how to use dsbulk along with the secure connect bundle. I'm going to download that. I'm also going to go download dsbulk here, which I can get from our downloads page. I'm also going to be using some geospatial features. We're using a set of tooling called geohashes to make this work, but let's look at what we already have in the database here.

I've done some pre-configuration for this one. We have a table that is ready for dsbulk to load into and then interestingly, we already have some indexes on that. Let's use keyspace one and then describe schema. What we have here is a table called my map data that has a bunch of different columns in it, primarily text columns and then we have indexes on some of those column names and these are using storage attached indexes. You're going to hear more about these from us coming up in the next month or so but for the moment, just be aware that that's how we are doing this geospatial matching feature. All right.

Matt Kennedy:
Let's hop back over to our terminal and we'll figure out how to get some of this data loaded into our table via dsbulk. Okay, the first thing I need to do is I need to set up a little working folder. I have a data file in here already. Let's take a quick look at that. As you can see, on the top line, there is a header. We are using pipe characters as the delimiters and we just otherwise have a lot of data in here. Let's do a line count on that. We should be looking at a quarter million lines of data. Yup, so that's right.

Now, we need to get our dsbulk tooling installed and I have that now right here to use. Then, I also want to move my secure connect bundle into this folder just for ease of access. We're just going to leave that zipped up.

Matt Kennedy:
Now, I'm going to CD into dsbulk. We'll look at that. We've got a bin directory that has a dsbulk command in it. Right now, we are going to show you how a fairly lengthy dsbulk command works. Let's start by just an invocation of that. We're going to run that with dash, dash help just so you can see how copious the output is. As you can see, there's a lot of built-in documentation on how to use the dsbulk. I am going to use a cheat sheet of course and go right to entering the correct parameters rather than fishing through all of that to try to find what we need to enter. Bear with me one moment while I bring that over.

Okay, let's look at what this dsbulk invocation looks like a detail. Here we have our path to our executable and then our command is load. The options are going to set the delimiter to being a pipe character instead of a comma and then we are telling it that there is a header. Those header values are going to be the mapping that we need for the input file to database columns configuration. The columns in the database are the same values that you see on the column headers.

Matt Kennedy:
Then, we are going to give our path to our secure connect bundle and we are going to also allow missing fields. In this case, there happens to be a field in the table that is not in the input data. This one's interesting. We're going to say dsbulk dot connector dot CSV dot URL is dash and this tells it that we are going to be reading from standard input because as you can see at the bottom, I have directed a file into this execution. We're going to be using our Astra user and our Astra password as before with consistency level local quorum, keyspaces, keyspace one and the table is my map data, all coming from the redirected input that we have from this geohash data file.

As you can see, you're starting to load. This is what dsbulk looks like as it loads. It gives you this nice output, tells us what our rate of loading is. Let's actually switch over and take a look at the data that we see coming into this. Okay, we just about finished. We had no failed. We had 249,999 rows load and we know that's correct because we had one header row. This plus one is a quarter million. None of them failed and it's showing us our stats for how quickly this went. I wouldn't put much stock in these as I am running this from my local computer into the datacenter. It's not expected to be any kind of a speed demon but still pretty good here loading 2,800 rows a second on a table with five indexes on it with P 39 millisecond latencies of a second. Not too bad from a database loading user standpoint.

Matt Kennedy:
Let's switch back over to the Astra console and see what we've been able to do here. Okay, I've loaded up a bunch of data, but what does that really mean? Let's go and just make sure we can see a sample of that data in here. I'm going to use keyspace one as per usual and I'm just going to do a quick select star from my map data limit 10. All right, we can see that I've got data in there.

Now, it just so happens that most of this data is in the Denver area. I've already gone and brought up Denver in the map here. What I want to do is zoom in and I'm going to, let's say, I want to find something near the Denver Art Museum. I'm going to go over here... Torchy's Tacos. That is one of my favorite establishments. I am going to look at what's here and I see that I have some coordinates. I'm going to grab these coordinates and I'm just going to put them into this geohash.org service.

Matt Kennedy:
When I do that, I am going to get back a geohash and what this is, is it's an alphanumeric identifier for a particular place on Earth. The more digits there are here, the higher the resolution that that is. With all 12 digits, we're talking about centimeter resolution for what we're looking for.

Now, if you were building a real app like this, you would include a geohash library in your application tier. That would be responsible for converting coordinates into geohashes and also for being able to tell you how to navigate around once you have a geohash. This geohash can, with some simple math in a really quick amount of time, tell you what the geohash is that is to the north, south, east, west, and the points in between northwest, northeast, etc. You can navigate a path with geohashes. It's a really sophisticated system for having basic alphanumeric representation of a coordinate system on Earth.

Matt Kennedy:
Let's look at how that impacts us in Astra here really quickly because now, what I should be able to do is find individual points I've loaded up that are near this geohash. Okay, so now what I'm going to do is come back in the CQL console. We'll log in again and we're going to go over to keyspace one. Whoops. Okay, and now we are going to say, all right, we want to select star from my map data. We're going to refer back to this geohash value, remember? We're going to look for 9XJ64 in the geohash five column.

We have where geohash 5 equals 9XJ64 and we'll find all of the entries that have that prefix. As you can see, it's quite a lot. I'm actually not going to go through all those but what I am going to do is combine that with one of the other columns and we have an MD name three equals and I'm just going to pick KEN here because it's the first letters of my last name. I have a column wrong.

Matt Kennedy:
Now, I get 14 rows back where the name of the service starts with KEN, as you can see here, Kendall and is within this 9XJ64 area. This tells you if I'm standing in this particular spot on the map, these are the immediate businesses around me that start with this prefix. Obviously, the more digits you have in your geohash search area, the fewer results you're going to find because that basically narrows things down. But in this case, I think I'm going to go find this Kentucky Fried Chicken. If I were building this in an app, I would basically fetch this row back and pass these coordinates into my mapping layer in JavaScript and it would show up as a pin drop on the map. Pretty cool way to get geospatial functionality out of Astra and we also showed you how to use dsbulk to load all of this data while that was going on. All right, let's move on to our next demo. All right, before we do that, Jim, anything to add here on geospatial functionality?

Jim McCollom:
No, it's just super impressive that really Astra, because it's powered by Cassandra, really works for almost any type of workload you want to throw at, whether it's NoSQL, standard IoT or even geospatial and the geohashing. Those are functions that you don't see very often.

Matt Kennedy:
Yeah, it really is a very general purpose database and it's funny because people have this tendency to try to categorize databases down to a really specific sweet spot but Cassandra has all these capabilities that address a really, really wide gamut of workloads. Having that as the basis of a data architecture that you know will reliably scale is pretty powerful.

Jim McCollom:
Yeah, and speaking of scale, I'm really surprised that the speed you got off of your network with two kids at home on Zoom. Just wanted to contrast that a little bit though, the speeds we're actually seeing on Astra for just the C10 tier and only one capacity or one scaling of that is we're getting up to 6,000 to 8,000 writes per second when we go AWS to AWS. You can do a little math with the latency there, but it's even 1,000 or 2,000 per second over normal DSL or cable connections is very impressive. I'll let you get on with the next one.

NoSQL Bench & Expansion

Matt Kennedy:
All right, sounds good. Okay, I'm going to show now an invocation of NoSQL bench. This SQL bench is a workload generator tool that we have that allows you to really run a whole bunch of different scenarios against Cassandra databases or really any NoSQL database. We have open support for adding engines to NoSQL bench. It's an open source project that we've largely sponsored but there already has been a Mongo-bench or a MongoDB benchmark added to NoSQL bench. We're looking forward to seeing other participants adopt this framework for testing.

Let's look at what an invocation looks like. I am running this through docker. You can get this with a docker pull, NoSQL bench slash NoSQL bench. What we're doing here is I've just got a volume mounted so that I can pass in my secure connect bundle path. I am running a specific activity, which is the baseline activity with an IoT-type workload for Astra and then passing in the secure connect bundle username, password and I have an extra option here to show stacktraces. Let's get that started and then we will hop over to the database that we created for this to show a couple of differences that we have here and then we'll start an expansion operation.

Matt Kennedy:
We will kick this off and it will start to run, which we'll see here very shortly. We're logging to this particular log. We're going to see a fair amount of output here anyway, even though there's a log file. As you run NoSQL bench, you're going to see these outputs progress as we run more and more iterations of NoSQL bench, but since we've seen these, we know that NoSQL bench is active. Let's switch over to the database view real quick.

As you can see, we are now back in Astra. I want to point out that I went ahead and named this databases keyspace baselines. That just simplifies the setup process because there is a pre-configuration in the test that we call these keyspaces used for NoSQL bench baselines just makes things a little easier to start out that way. I have expanded this already to a terabyte. I am going to go do that again just to show what that process looks like. Here, we are going to expand. This is a C10 tier. There's currently running two capacity units and we're going to go ahead and increase that to three capacity units and then this is all going to complete while the NoSQL bench continues to run in the background.

We are going to let that do its thing and we will now move on to our last demo. All right, Jim. We've got one final demo coming up. Anything you want to say before we get into that?

Jim McCollom:
Yeah, I just wanted to speak really quickly about the secure connect bundle, because we had a question rolling about that about what the secure connect bundle is. The secure connect bundle is a zip file that you download. Matt just showed you. You just showed it using it on your demo there. I'll show it on mine. What it actually is, is a zip file that contains all the details on how to connect to the Astra database, the IP addresses, the host names, but most importantly, it contains certificates so that we can make an mTLS bundle and that mTLS is mutual TLS, which means both sides of the communication chain are encrypted and they will only speak to a side that has the other key. We pass those keys along.

What that helps us do is make sure that your connections are secure, whether they're cloud to cloud or desktop to cloud or laptop to cloud or even inside of the same cloud. All communications at all times back to Astra are very, very secure and locked down. There's no work. Traditionally with Java or any other language, you'd have to do a lot of work about bootstrapping those keys but with the secure connect bundle and the DataStax drivers, all the work is taken care of for you and it's just as simple as one quick connect string and you're done.

Matt Kennedy:
Yeah, that's configured on a per database basis for every user of Astra. Everyone gets their own secure connect bundle, obviously. That takes the place of a lot of boilerplate code in those driver connections. Typically, if you are porting over a Cassandra app, you're going to be going from 15, 20 lines of code to configure that connection, down to two lines of code to pull in the secure connect bundle and set your new username and password. It makes it much easier to manage those connections. All right, now, Jim, you're going to show us how we are going to do VPC peering, correct?

Jim McCollom:
That's correct.

Matt Kennedy:
All right, Jim.

Jim McCollom:
Take it away.

Matt Kennedy:
Get that going.

VPC Peering

Jim McCollom:
Okay, I'm in the AWS console. I have two VPC's here. You can see I created one already for us. This is a pretty boilerplate VPC. It's got some route tables, security settings. I've got a little text file here and I'm going to copy out all the important things that we need. We're going to start with the VPC ID. We're going to need this to actually pure the connections in a moment. Then, we're going to want to get the CIDR block range and this is important for when we do the peering connection to make sure that the right network traffic goes over the wire. We're just doing a really big one here, the whole 16 block for the 10 range.

The other thing we're going to need is the route table ID. What we're doing here is we're setting up these to run these scripts later. If you go into the application or into Astra, these are all of the steps in the documentation we have today. We're just filling out these environmental variables to make it quick and easy. Let's go back to Astra here. Inside of Astra, we have a new button at the bottom to add the VPC peering connection. We got our account ID that we copied. We're going to put that in, VPC ID, CIDR range and finally our region, so USC is the one. It's key to know you can pretty much put in any VPC region at this point.

Jim McCollom:
We're going to initiate the peering connection. This sends something back to AWS and says, "Let's initiate this connection. This is the next piece of our little puzzle here of environmental variables. We're going to put that in. Then, we're going to go back here and we can actually go down to the peering connections. This usually takes a few seconds for it to show up. We're going to mash on this button a few times. Make sure that the connection is still there. Yes, it got set up. Let's go back. There we go. Pending acceptance. This is where our scripts come in.

We're going to pop open a terminal window here. This is all of the commands you need to run. We're just going to run the first one here. We're going to export all these variables so we have them for the remainder of the session here. We're going to run this first command here. This first one actually is what does the peering. Once we run this, we'll get this big Json block back. Go in here and peer off and make sure that we have the right route tables in place.

Jim McCollom:
If you're noticing, I forgot to add the correct. I'm going to go back in here. I forgot to get the CIDR range arrange for the other side of the connection. This is actually the CIDR range that the Astra database lives in. We need both sides of this equation. I'm just going to export this variable real quick. Now, we'll rerun this command. Perfect. True means we're good. We're going to go back and copy out the rest here.

This next set is going to peer off or set up the trust between the DNS. This is already, it's coming back with an exit status of 254 because I actually ran this before and everything was already associated. We don't have to do that again.

Jim McCollom:
Now, the final one here, again, these have to do with DNS and making sure the DNS entries resolve across the two different VPCs that we have. This should be everything that we need to get started here. We're going to go in. We go back to Astra. We're going to refresh the Astra. The secure connect bundle URL lasts for five minutes. Again, that's for your security that makes sure that that bundle, the URL for that bundle is time limited so that it's not just floating around out there and sitting in your history.

We're going to do is download this bundle and call it SCB dot zip. Now, I have that and see it there. I've also installed on this instance this is an instance running inside of the peered VPC. Until now, I had no access back. We're going to run CQLSH, which I installed before the demo, just set up the username. I'm not afraid about showing you my password because you can't use it without the secure Connect bundle. It does add to security at this point.

Jim McCollom:
We are in, "So no URLs, no long strings, no anything else. We're able to get in, describe our keyspaces. See what's there. You can see all the keyspaces that I set up before. That's it. I'll also just show you, we can select star from one of our system dot peers tables. What this actually shows us is all the nodes actually running in the other region here. No magic. It's precisely what we added from the one that 72 region. That's it for VPC peering.

Matt Kennedy:
Awesome. All right. As you should all be seeing at this point, we have a couple of links to resources up and we do have a few more questions that we will go through.

Audience Questions

Matt Kennedy:
The question is, "What if I'm using DSE 5.1, can I use a secure connect bundle?" The answer there is with a little creativity, yes. All you would need to do is sign up for an Astra account, make an Astra database and pull down the secure connect bundle and then just take a look at what's inside there. I think most people that are familiar with Cassandra would have a relatively straightforward time decoding what's in the bundle. It's all plain text in there. If you know how to set up the certificates for whatever driver you're using, then you just replace the search that are in there with the ones you're going to create and you can zip everything back up and use the driver code again.

It does take a little bit of extra work. There's nothing that's going to sort of automagically generate a secure connect bundle for you for DSE 5.1 but if it's a format you like using for Astra or you want to use it for other work, yeah, absolutely.

Matt Kennedy:
Other questions that we have, "Can I use NoSQL bench to get an idea of how my app will perform?" Jim, you want to take that one?

Jim McCollom:
Yes, very much. NoSQL bench, it does have a bulk of documentation around it but it really allows you to build synthetic workloads and really test out any version of CQL. Whether it's DSE or Astra and test it with workloads that you expect to see in production. We use it all the time. It's literally one of the most used tools by our SRE Team. When we make a change, we can figure out very quickly have we regressed or progressed on our performance. Yeah, it's an incredibly useful tool for benchmarking your application and making your data model fit your application and get the full set of performance you need there.

Matt Kennedy:
Awesome. Yeah, definitely recommend checking out that tool. It really serves a purpose for anytime you need to generate a workload with a NoSQL database. It has some really sophisticated data generation capabilities and performance measurement capabilities. Okay, next question, "Are there any restrictions or prerequisites for VPC peering?"

Jim McCollom:
At the moment, the only prereq is that you are on AWS. We're currently working this week on porting it over to GCP. As we get Azure up in the next couple of weeks here, we'll be working on putting it into there as well but there is no, you can go across regions on AWS, same region, as long as you can accept the peering request and then you are good to go.

Conclusion

Matt Kennedy:
All right and we're right at the top of the hour. It looks like that is all the time we have for questions. With that, we want to thank you for joining us today and we want to invite you to future DataStax events at datastax.com/webinars and of course sign up for astra.datastax.com/register. Alright, thanks very much.

 

Share

One-stop Data API for Production GenAI

Astra DB gives JavaScript developers a complete data API and out-of-the-box integrations that make it easier to build production RAG apps with high relevancy and low latency.