From 2262e81388236610e7a75d17ef7738ca6488142a Mon Sep 17 00:00:00 2001 From: stayseesong Date: Wed, 20 Oct 2021 12:05:55 -0700 Subject: [PATCH 1/4] warehouses require SSL [netlify-build] (cherry picked from commit 02aafd2597be5c871a1aca7db692f6a7abae81a7) --- src/connections/storage/catalog/db2/index.md | 7 +++++-- src/connections/storage/catalog/postgres/index.md | 11 ++++++----- src/connections/storage/catalog/redshift/index.md | 5 +++++ 3 files changed, 16 insertions(+), 7 deletions(-) diff --git a/src/connections/storage/catalog/db2/index.md b/src/connections/storage/catalog/db2/index.md index 27e2913d17..d1407c0df0 100644 --- a/src/connections/storage/catalog/db2/index.md +++ b/src/connections/storage/catalog/db2/index.md @@ -87,10 +87,13 @@ database shortly. If your Db2 Warehouse is in a private network, be sure to [whitelist Segment's IP address](https://segment.com/docs/connections/storage/warehouses/faq/#which-ips-should-i-whitelist). -Otherwise, we will not be able to load your data. +Otherwise, Segment won't be able to load your data. ### Unique User -We strongly recommend creating a unique User for the Segment Db2 Warehouse +Segment recommends you to create a unique User for the Segment Db2 Warehouse connection to your Db2 Warehouse instance so that you can manage permissions separately. + +### SSL +Always require SSL and make sure your data warehouse can only accept secure connections. Segment only connects to your data warehouse using SSL. diff --git a/src/connections/storage/catalog/postgres/index.md b/src/connections/storage/catalog/postgres/index.md index ff434cabb9..2e539a6173 100644 --- a/src/connections/storage/catalog/postgres/index.md +++ b/src/connections/storage/catalog/postgres/index.md @@ -4,7 +4,7 @@ rewite: true redirect_from: - '/connections/warehouses/catalog/postgres/' --- -PostgreSQL, or Postgres, is an object-relational database management system (ORDBMS) with an emphasis on extensibility and standards compliance. As a database server, its primary functions are to store data securely and return that data in response to requests from other software applications. +PostgreSQL, or Postgres, is an object-relational database management system (ORDBMS) with an emphasis on extensibility and standards compliance. As a database server, its primary functions are to store data securely and return that data in response to requests from other software applications. PostgreSQL is ACID-compliant and transactional. PostgreSQL has updatable views and materialized views, triggers, foreign keys; supports functions and stored procedures, and other expandability. Developed by the PostgreSQL Global Development Group, free and open-source. @@ -45,7 +45,7 @@ This guide explains how to set up a Postgres database with Heroku. Heroku is a c When you click **Create Database**, a modal appears with your plan choices. Depending on your needs, some plans may be more suitable than others - for example, more expensive plans generally have better performance and more storage. Segment recommends that new customers start with the "Standard 4" plan. - For the fastest sync times, choose the US East region. + For the fastest sync times, choose the US East region. After you configure these settings, click "Login to Install" and/or "Visit Heroku Dashboard to create your first app". @@ -354,10 +354,11 @@ GRANT CREATE, TEMPORARY ON DATABASE TO segment; ## Security -Make sure you're logging in with a user that has read and write permissions so that we can write to your database. - -- Whitelist the Segment IP (`52.25.130.38/32`) +To make sure your Postgres database is secure: +- Log in with a user that has read and write permissions so that Segment can write to your database. +- Whitelist the Segment IP (`52.25.130.38/32`). Otherwise, Segment won't be able to load your data. - Create a service user that has `read/write` permissions. +- Always require SSL and make sure your data warehouse can only accept secure connections. Segment only connects to your data warehouse using SSL. ## Best Practices diff --git a/src/connections/storage/catalog/redshift/index.md b/src/connections/storage/catalog/redshift/index.md index fed04da688..74744b62dd 100644 --- a/src/connections/storage/catalog/redshift/index.md +++ b/src/connections/storage/catalog/redshift/index.md @@ -65,8 +65,13 @@ After creating a Redshift warehouse, the next step is to connect Segment: 4. Select which sources and collections/properties will sync to this Warehouse ## Security + +### VPC VPCs keep servers inaccessible to traffic from the internet. With VPC, you're able to designate specific web servers access to your servers. In this case, you will be whitelisting the [Segment IPs](/docs/connections/storage/warehouses/faq#which-ips-should-i-whitelist) to write to your data warehouse. +### SSL +Always require SSL and make sure your data warehouse can only accept secure connections. Segment only connects to your data warehouse using SSL. + ## Best practices ### Networking From c7a849ad6d74fc80c9923a7dc1cc88c7af06b153 Mon Sep 17 00:00:00 2001 From: stayseesong Date: Thu, 21 Oct 2021 15:22:04 -0700 Subject: [PATCH 2/4] changed to SSL/TLS (cherry picked from commit 9d15b641a625efa59907bc0f1e193f9e4e3b4648) --- src/connections/storage/catalog/db2/index.md | 4 ++-- src/connections/storage/catalog/postgres/index.md | 2 +- src/connections/storage/catalog/redshift/index.md | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/connections/storage/catalog/db2/index.md b/src/connections/storage/catalog/db2/index.md index d1407c0df0..08ee19767d 100644 --- a/src/connections/storage/catalog/db2/index.md +++ b/src/connections/storage/catalog/db2/index.md @@ -95,5 +95,5 @@ Segment recommends you to create a unique User for the Segment Db2 Warehouse connection to your Db2 Warehouse instance so that you can manage permissions separately. -### SSL -Always require SSL and make sure your data warehouse can only accept secure connections. Segment only connects to your data warehouse using SSL. +### SSL/TLS +Always require SSL/TLS and make sure your data warehouse can only accept secure connections. Segment only connects to your data warehouse using SSL/TLS. diff --git a/src/connections/storage/catalog/postgres/index.md b/src/connections/storage/catalog/postgres/index.md index 2e539a6173..e7773706a2 100644 --- a/src/connections/storage/catalog/postgres/index.md +++ b/src/connections/storage/catalog/postgres/index.md @@ -358,7 +358,7 @@ To make sure your Postgres database is secure: - Log in with a user that has read and write permissions so that Segment can write to your database. - Whitelist the Segment IP (`52.25.130.38/32`). Otherwise, Segment won't be able to load your data. - Create a service user that has `read/write` permissions. -- Always require SSL and make sure your data warehouse can only accept secure connections. Segment only connects to your data warehouse using SSL. +- Always require SSL/TLS and make sure your data warehouse can only accept secure connections. Segment only connects to your data warehouse using SSL/TLS. ## Best Practices diff --git a/src/connections/storage/catalog/redshift/index.md b/src/connections/storage/catalog/redshift/index.md index 74744b62dd..1eca0a7fde 100644 --- a/src/connections/storage/catalog/redshift/index.md +++ b/src/connections/storage/catalog/redshift/index.md @@ -69,8 +69,8 @@ After creating a Redshift warehouse, the next step is to connect Segment: ### VPC VPCs keep servers inaccessible to traffic from the internet. With VPC, you're able to designate specific web servers access to your servers. In this case, you will be whitelisting the [Segment IPs](/docs/connections/storage/warehouses/faq#which-ips-should-i-whitelist) to write to your data warehouse. -### SSL -Always require SSL and make sure your data warehouse can only accept secure connections. Segment only connects to your data warehouse using SSL. +### SSL/TLS +Always require SSL/TLS and make sure your data warehouse can only accept secure connections. Segment only connects to your data warehouse using SSL/TLS. ## Best practices From cec49f74b3f88d6edd5979e9dfe4bed3ee2ce533 Mon Sep 17 00:00:00 2001 From: stayseesong <83784848+stayseesong@users.noreply.github.com> Date: Thu, 21 Oct 2021 16:47:22 -0700 Subject: [PATCH 3/4] Apply suggestions from code review Co-authored-by: markzegarelli (cherry picked from commit 99b3db915e974284b865c309898c9b33948613cd) --- src/connections/storage/catalog/db2/index.md | 2 +- src/connections/storage/catalog/postgres/index.md | 2 +- src/connections/storage/catalog/redshift/index.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/connections/storage/catalog/db2/index.md b/src/connections/storage/catalog/db2/index.md index 08ee19767d..0ab8c6b641 100644 --- a/src/connections/storage/catalog/db2/index.md +++ b/src/connections/storage/catalog/db2/index.md @@ -87,7 +87,7 @@ database shortly. If your Db2 Warehouse is in a private network, be sure to [whitelist Segment's IP address](https://segment.com/docs/connections/storage/warehouses/faq/#which-ips-should-i-whitelist). -Otherwise, Segment won't be able to load your data. +Otherwise, Segment can't load your data. ### Unique User diff --git a/src/connections/storage/catalog/postgres/index.md b/src/connections/storage/catalog/postgres/index.md index e7773706a2..a8988f0ffc 100644 --- a/src/connections/storage/catalog/postgres/index.md +++ b/src/connections/storage/catalog/postgres/index.md @@ -356,7 +356,7 @@ GRANT CREATE, TEMPORARY ON DATABASE TO segment; ## Security To make sure your Postgres database is secure: - Log in with a user that has read and write permissions so that Segment can write to your database. -- Whitelist the Segment IP (`52.25.130.38/32`). Otherwise, Segment won't be able to load your data. +- Whitelist the Segment IP (`52.25.130.38/32`). Otherwise, Segment can't load your data. - Create a service user that has `read/write` permissions. - Always require SSL/TLS and make sure your data warehouse can only accept secure connections. Segment only connects to your data warehouse using SSL/TLS. diff --git a/src/connections/storage/catalog/redshift/index.md b/src/connections/storage/catalog/redshift/index.md index 1eca0a7fde..e311ff1ba6 100644 --- a/src/connections/storage/catalog/redshift/index.md +++ b/src/connections/storage/catalog/redshift/index.md @@ -70,7 +70,7 @@ After creating a Redshift warehouse, the next step is to connect Segment: VPCs keep servers inaccessible to traffic from the internet. With VPC, you're able to designate specific web servers access to your servers. In this case, you will be whitelisting the [Segment IPs](/docs/connections/storage/warehouses/faq#which-ips-should-i-whitelist) to write to your data warehouse. ### SSL/TLS -Always require SSL/TLS and make sure your data warehouse can only accept secure connections. Segment only connects to your data warehouse using SSL/TLS. +Always require SSL/TLS and make sure your data warehouse accepts only secure connections. Segment only connects to your data warehouse using SSL/TLS. ## Best practices From deb10ed2d897428c9d6d5ed5dd77bf41ae931edd Mon Sep 17 00:00:00 2001 From: Jennifer Skene Date: Mon, 1 Nov 2021 22:11:33 -0700 Subject: [PATCH 4/4] Update add-destination.md Clarify language around what we support re: connecting mobile and project sources to multiple instances of destinations --- src/connections/destinations/add-destination.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/connections/destinations/add-destination.md b/src/connections/destinations/add-destination.md index 6dc179e854..c5f53058ab 100644 --- a/src/connections/destinations/add-destination.md +++ b/src/connections/destinations/add-destination.md @@ -122,7 +122,7 @@ You can add multiple instances of a destination using the Segment Config API. Se ### Multi-instance destinations and Device-mode - **You can connect a source to up to 25 instances of a destination if all of the instances use cloud-mode.** Destinations using cloud-mode receive data directly from the Segment servers. -- **Mobile sources, and the legacy Project source, can connect to multiple instances of cloud-mode only destinations.** Mobile and Project sources cannot connect to multiple instances of cloud-mode and device-mode destinations. +- **Mobile sources, and the legacy Project source, can connect to multiple instances of destinations that operate only in cloud-mode.** Mobile and Project sources cannot connect to multiple instances of destinations that operate in both cloud-mode and device-mode. - **Warning**: If you bundle one instance of a destination in a mobile source but have other instances of that destination connected to that source you might see unexpected and inconsistent data. - **Non-mobile sources can only connect to one *device-mode* instance of a destination, in addition to up to 25 cloud-mode instances.** A web browser sending to a destination in device-mode sends data directly from the user’s browser (instead of through the Segment servers), by bundling a copy of destination’s code with the Segment SDK. Segment can’t bundle multiple copies of the destination SDK and so it can’t send data to multiple instances of the destination from the browser. - **You cannot connect a source to more than one instance of a destination that operates in device-mode only**. These destinations can only accept data from code directly on the user’s device, and Segment cannot include duplicates of that code for a single source.