Replica Set across different Amazon Regions

[VJ]

Hello.  We're setting up a 3-node replica set with each node in a different Amazon region, and need secure communication between them.  The basic replica set setup is simple, my questions are related to the encrypted communication.

1) As I understand it, by default, each node communicates with the other nodes thru their elastic IP/port unencrypted -- correct?

2) Since Amazon's security groups or VPCs do not span regions, how do you recommend us to set this up?

We're considering SSH tunneling, but this seems brittle, or setting up a VPN.  Any ideas would be gladly welcomed.

Thanks in advance.

[Scott Hernandez]

Yes, the wire protocol is not encrypted (SSL support can be compiled
in but is all or nothing for now, better support due late this year)
and using a VPN is a good idea. You can even use things like IPSEC or
ssh tunnels. I have seen all of those solutions in action and they
work reasonably well -- best to use something like a OpenVPN IMHO.

> --
> You received this message because you are subscribed to the Google
> Groups "mongodb-user" group.
> To post to this group, send email to mongod...@googlegroups.com
> To unsubscribe from this group, send email to
> mongodb-user...@googlegroups.com
> See also the IRC channel -- freenode.net#mongodb

[VJ]

Scott, thanks for your response.

> mongodb-user+unsubscribe@googlegroups.com