"With a fast-growing user base, we needed a significant upgrade in our performance and security. Pythian made it happen quickly and smoothly.”

Social media management platform benefits from upgraded security and performance

 

Critical Issues

This social media management platform supports social network integrations for Twitter, Facebook, Instagram, LinkedIn and YouTube. With more than 15 million users, the organization needed to ensure maximum security and performance for its MySQL authentication processes. These improvements would allow the client to minimize downtime and expand the feature set available to its developers. They would also ensure the company’s compliance with Europe’s new General Data Protection Regulation (GDPR). Pythian had been providing maintenance and upgrade support to the company since 2015. This established history of service made Pythian the obvious choice to assist with the client’s new and more demanding requirements.
 

We Provided

Addressing the client’s growing need for security and performance meant automating its database user management. That task called for Pythian’s deep knowledge of MySQL security and DevOps-structured environments. Pythian’s work began with a proof of concept. This was followed by a MySQL Bastion proxy for a testing and staging environment to automate access control and administration tasks. Rather than allowing users to connect directly to database servers, this proxy limits access to a single port. Restricting access to one port increases security because of the limited number of connections allowed directly into the database. The bastion enables the use of existing LDAP accounts, removing the need for shared or individual database user accounts. This, too, improves the security of the system, as user accounts can be managed and cleaned up automatically, thus avoiding the hours and errors associated with manual administration. Automating access management has the added benefits of increasing productivity, prioritizing task execution and improving resource availability for the company. Pythian used a combination of software to carry out this work. HashiCorp Vault was chosen to check users’ LDAP accounts and grant temporary access via an auto-generated MySQL account. Typically, Vault works only to create accounts in MySQL, but the Pythian team wanted to implement ProxySQL for auditing logins and queries. To meet this need, Pythian customized code to integrate Vault with ProxySQL. Throughout the implementation process, Pythian remained involved to provide troubleshooting and general support as needed.
 

Result

The client’s internal processes are now fully automated, with greatly improved security between users and their databases. The company now enjoys the highest levels of MySQL scalability, reliability and uptime.
 

Technologies

  • MySQL
  • ProxySQL
  • HashiCorp Vault
Share: