This social media management platform supports social network integrations for Twitter, Facebook, Instagram, LinkedIn and YouTube. With more than 15 million users, the organization needed to ensure maximum security and performance for its MySQL authentication processes. These improvements would allow the client to minimize downtime and expand the feature set available to its developers. They would also ensure the company’s compliance with Europe’s new General Data Protection Regulation (GDPR).
Pythian had been providing maintenance and upgrade support to the company since 2015. This established history of service made Pythian the obvious choice to assist with the client’s new and more demanding requirements.
Addressing the client’s growing need for security and performance meant automating its database user management. That task called for Pythian’s deep knowledge of MySQL security and DevOps-structured environments.
Pythian’s work began with a proof of concept. This was followed by a MySQL Bastion proxy for a testing and staging environment to automate access control and administration tasks. Rather than allowing users to connect directly to database servers, this proxy limits access to a single port. Restricting access to one port increases security because of the limited number of connections allowed directly into the database.
The bastion enables the use of existing LDAP accounts, removing the need for shared or individual database user accounts. This, too, improves the security of the system, as user accounts can be managed and cleaned up automatically, thus avoiding the hours and errors associated with manual administration. Automating access management has the added benefits of increasing productivity, prioritizing task execution and improving resource availability for the company.
Pythian used a combination of software to carry out this work. HashiCorp Vault was chosen to check users’ LDAP accounts and grant temporary access via an auto-generated MySQL account. Typically, Vault works only to create accounts in MySQL, but the Pythian team wanted to implement ProxySQL for auditing logins and queries. To meet this need, Pythian customized code to integrate Vault with ProxySQL. Throughout the implementation process, Pythian remained involved to provide troubleshooting and general support as needed.
The client’s internal processes are now fully automated, with greatly improved security between users and their databases. The company now enjoys the highest levels of MySQL scalability, reliability and uptime.
PYTHIAN®, LOVE YOUR DATA®, and ADMINISCOPE® are trademarks and registered trademarks owned by Pythian in North America and certain other countries, and are valuable assets of our company. Other brands, product and company names on this website may be trademarks or registered trademarks of Pythian or of third parties. Use of trademarks without permission is strictly prohibited.