Advisories

Discover LinuxSecurity Features

RavenDB: Pioneering Data Management with an Innovative Open-Source Approach

RavenDB: Pioneering Data Management with an Innovative Open-Source Approach

When it comes to using a NoSQL document database to store, manage and retrieve documents, reliability, privacy, efficiency and ease-of-use are essential in optimizing productivity and ensuring data security. However, the unfortunate reality is that many NoSQL document databases fail to embody these important characteristics, leaving users frustrated - and often at risk. 

Ranked among the top 10 Document Databases Worldwide by DB-Engines, RavenDB is an impressive NoSQL database that is pioneering document management with a unique, innovative open-source approach - providing users with an all-in one platform that is fast, scalable, integrated, fully-automated and secure. To gain insight into how RavenDB has been able to surpass the majority of other NoSQL databases available in these regards, we spoke with RavenDB Founder, CEO and Lead Developer Oren Eini about the project’s history and evolution, the unique set of benefits that RavenDB offers users and how the use of open-source development has helped give RavenDB a winning edge over its competitors.

 

From Inspiration to Reality: The History and Evolution of RavenDB

After years of working as a database performance consultant, software developer, programmer and entrepreneur, Oren Eini recognized the same mistakes being made in many of the projects he analyzed - plaguing all applications using these relational databases and resulting in unstructured data. The issues he noticed were most often not with the way the database was set up, but instead could be attributed to the complexity of the model and the impedance mismatch between the way the data was stored in a relational database and the way the application modeled the data. ravendb5 timeseries

Beyond the relational world, there existed a host of databases under the NoSQL umbrella that had varying data models and use cases. Within this realm, Eini recognized the value of document databases for business applications, but was appalled at the state of these databases at the time. In particular, the lack of transactions and the kind of interface users were presented with were decidedly not user friendly - putting the burden of transactions on the user while providing minimal insight into the data in the database.

Convinced that there had to be a better way to process the critical information powering modern applications, Eini began envisioning a solution to this problem. He recalls: “I started thinking about the kind of database that I wanted to create. Thinking about it wasn’t enough at some point. I remember being woken at the middle of night and looking at the ceiling, seeing how the different components of the database would be put together.”

In 2009 Eini began his work designing a NoSQL document database ahead of its time. His goal was to create the first transactional document database, prioritizing seamless integration and ease-of-use for both developers and operating teams. The first version of RavenDB was built using C#, and focused on providing a user-friendly database for business applications - which RavenDB continues to excel at today.

Once coding began, the project made quick progress, and secured its first client - a Norwegian institution for wildlife preservation - in 2010. By 2015, one million developers worldwide had downloaded RavenDB and by 2018, with the releases of RavenDB 4.0 and 4.1, the database had a remarkable three million downloads. The following year, RavenDB Cloud was launched, offering a Database as a Service to AWS, Azure and Google Cloud users.

The current release, RavenDB 5.0.2 (which can be downloaded here), is the most comprehensive update to date, offering a robust set of features that made it easy for developers to integrate the document database into their applications. All of the components that comprise RavenDB 5.0.2 were built entirely from scratch to work harmoniously, resulting in a database that is  simple to operate, fast, integrated and widely available. The release of version 5.0.2 introduced two key features: time series support  and document compression. Time series support enables users to track time series data such as stock price, heart rate or location and document compression analyzes documents to identify commonalities between them, creating a dictionary that is used to compress data efficiently between documents. The new document compression feature has cut cloud storage costs in version 5.0.2 by an impressive 50%. 

 

RavenDB looks forward to the release of version 5.1 in Q4 of 2020, which will introduce the filtered replication feature. RavenDB is a distributed database with support for multiple concurrent writers in the cluster. A common deployment pattern is to deploy RavenDB instances on the edge, araven dashboards well as a RavenDB cluster in a central location. This pattern allows users to share data among many locations, providing the benefit of a local database with the ability to work in disconnected mode. At the same time, when there is connectivity between the edge and the central cluster, RavenDB will automatically sync the data between them. The filtered replication mode in version 5.1 extends this support even further, allowing users to define fine-grained security rules for data flows between the edge instances and the central cluster by controlling which edge machine will see what kind of data.

 

Achieving Excellence through the Use of Open-Source Development 

RavenDB is an open-source database released under an OSI approved license (the AGPL for the server and MIT for the clients), a factor that Eini feels has both contributed to the adoption of the database and greatly enhanced its feature set. RavenDB’s automatic indexing support, for instance, was created by the open-source community and now stands out as one of the database’s central features.

RavenDB is the epitome of an open-source success story - a testament to the power of community involvement and the benefits associated with source code transparency. Eini explains how the project’s open-source approach has impacted RavenDB’s success: “Being open-source has allowed us to create a community around the project - one that has enriched the project significantly. Code contributions are only a part of this.” He elaborates: “Feedback provided by the community has been crucial in improving RavenDB. It really helps when you can have a proper discussion with a customer, and the fact that our entire codebase is open-source and available in our code repository has made it easy to get to the root cause of issues quickly.”

 

Enhanced Security through Usability

Along with the project’s unique and beneficial open-source philosophy, RavenDB’s impressive usability sets the database apart - especially when it comes to security. Unlike many vendors, the company considers support to be a cost center, not a revenue center. In other words, insight gained through support calls is used to modify the product to make such calls unnecessary in the future. 

Viewing support as a revenue center disincentivizes vendors to create user-friendly products - in this sense, it literally doesn’t pay to make software easy to use. This philosophy has drastic negative implications on security - which is closely tied with usability. Database breaches continually demonstrate that having complex security is equivalent to having no security at all. Eini compares this to a lock: “The best lock on the world isn’t going to be used if it takes too long to open and close. History has a wealth of examples of security measures that were awkward to use, and thus, ignored.”

In contrast, RavenDB’s approach to security embodies simplicity and automation. The database has a binary security property - it is either running in a secured mode, or it is not. There aren’t a ton of configuration options or compatibility matrices to go through. Eini explains: “We put a lot of emphasis on the usability of the secured setup and users can go through the entire process with no knowledge of security and still end up with a secured system. In addition, RavenDB will flat out resist if you try to put it in a potentially insecure position. We intentionally made it so it would be very easy to fall into the pit of success.” 

Arguably the most important aspect of RavenDB’s security is the fact that it is largely automated. By selecting the defaults during the initial setup, the following will occur:

  • RavenDB will assign a subdomain under “*.ravendb.community” to the user’s instance.
  • RavenDB will use this to answer the Let’s Encrypt DNS challenge and generate an HTTPS certificate which will serve as the server certificate.
  • RavenDB will update the DNS to point to the IP provided.
  • RavenDB will generate a client certificate which can be used to authenticate to the server.

None of the above require users to do anything more complex than select the name that they want their instance to have and the IP it should resolve to. The end result is that users can go to a URL such as: a.my-db.ravendb.community and authenticate immediately.

There is no complex security checklist to go through, and no multi-step commands that must be entered in order to achieve the right setup. RavenDB handles all of this to mitigate the risk of security issues and exploits due to users’ failure to ‘lock the barn doors’.

 

Key Takeaways

Transparency, usability and automation are essential to the security and success of a database. RavenDB excels in all of these areas. The NoSQL document database is pioneering data management through the use of open-source development and an intense focus on usability and automation. RavenDB is an excellent option for developers looking for a fast, secure and easy-to-use database for the development of business applications.

Ravendb Logotype

Visit ravendb.net to learn more about the database. RavenDB version 5.0.2 can be downloaded here.

Connect with RavenDB on social media:

Twitter | Facebook | LinkedIn

Comments (0)

There are no comments posted here yet
Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]