The console overview

Gen 2

Overview

The Overview page shows you information about your IBM Cloud® Databases for MongoDB deployment. The overview includes essential identifying information.

Deployment details

  • Type: The type of database that is offered by the service, and the database version that your service uses.
  • Version: Displays the current version of your deployed database.
  • Encryption details: Shows the encryption configuration for your backup and disk. These settings are fixed and cannot be changed after deployment.
  • Location: Specifies the region where your database is deployed.
  • Platform: Displays the deployment generation. For more information, see Overview of Gen 1 and Gen 2.
  • Hosting model: Displays the hosting model used for your database (for example, Isolated compute on Gen 2).
  • Resource group: Shows the resource group selected during deployment.
  • CRN (deployment ID): The ID is a CRN (Cloud Resource Name) that uniquely identifies the database deployment. The CRN is used to refer to the database in the API and can be used with the CLI. The Overview panel shows details of your service.

Resources

The resources tab contains information and configuration options on the size and resource usage of your deployment. You can scale disk, memory, and CPU.

Most recent tasks

Every time you make administrative changes to your service (such as scaling, or taking a manual backup), a task starts up. The Most recent tasks panel shows only the latest task, including its name and progress bar. After completion, the most recent task remains visible for a short period of time.

To view more than the latest task, you can configure an IBM® Cloud Logs instance to capture and retain logs from your deployment.

A historical record of tasks from any time period is available through IBM Cloud® Activity Tracker Event Routing. Tasks can also be retrieved programmatically from the Cloud Databases API and CLI plug-in.

Observability

The Observability tab provides access to the IBM Cloud® Monitoring, logging, and event tracking integrations available for your deployment.

Service endpoints

The Service endpoints pane within the Overview pane contains connection strings for your deployment.

For Gen 2 deployments, endpoints are private only, ensuring that your database is accessible exclusively within your IBM Cloud® private network.

The information displayed includes:

  • Endpoint string for connection.
  • The hostname and port values for direct connections to the database members.
  • The default database for your service.
  • SSL mode parameters. Gen 2 uses certificates from Let’s Encrypt instead of proprietary TLS certificates. The recommended setting is verify-full for secure connections.

Gen 2 deployments do not include a pre-provisioned database admin password. To begin working with your instance, you must create a service credential, which provides the authentication details and connection strings required for your applications. For more information on reference tables for the different connection types, see Getting credentials and connection strings.

NAKUL! (should we merge the above two and they become one link? need confirmation)

You can manage your Databases for MongoDB service through the Cloud Databases API.

Connect page

In Gen 2 deployments, only private endpoints are used to enhance security. This page provides multiple connection options, accessible via tabs:

  • How-to tab: Learn how to set up a secure connection to your database from scratch. This guide walks you through connecting via an IBM Cloud® Virtual Private Cloud (VPC) using a Virtual Server Instance (VSI) with a mongosh install, and accessing the database through an IBM Cloud® VPN (Virtual Private Network gateway). You can use any VSI in your account and need to create or use a service credential. You use the service endpoint details from the Overview page.

  • Manage connections tab: Find links to documentation on how to manage or delete existing connections from your IBM Cloud® database instance.

For detailed ways of connecting, go to the connect docs or open the console's (UI) Connect page.

Backups and restore

The Backups and restore tab is the UI for managing your deployments backups. All of the available backups are listed with their timestamps. Click a backup to copy its ID or to restore it into a new deployment. For more information, see Managing backups.

Settings

The Settings tab contains the UI for many of the tunable settings for your deployment.

  • View encryption details: All Databases for MongoDB deployments are automatically encrypted at rest. Disks and backups are encrypted, and the encryption keys are managed automatically by IBM Cloud®. If you brought your own encryption key from Key Protect, the panel provides a link to your Key Protect instance and displays the key name in the Encryption key field.
  • Service endpoints: View and manage network access to your deployment. By default, only private endpoints are enabled to restrict access. For more information, see Private endpoints on Gen 2.
  • Context-based restrictions (CBR): You can create context-based restriction rules to control access to your deployment. .
  • Disconnect all active connections: You can disconnect all client connections to your database. This action immediately ends all active sessions and can cause service interruptions. Use this option with caution when you need to revoke access or apply configuration changes.

Service credentials

Service credentials provide the authentication details that you need to connect your applications to a Databases for MongoDB deployment.

For Gen 2 deployments, you must create a service credential before you can begin working with your instance. Unlike Gen 1, there is no pre-provisioned database admin password. On first use (or if a credential has been deleted), the Overview page prompts you to create a credential in order to connect.

Creating a service credential

  1. Go to the Service credentials tab.
  2. Click Create credential.
  3. (Optional) Enable Control by Secrets Manager to integrate the credential with your IBM Cloud® Secrets Manager instance.
  4. Provide a name for the credential.
  5. (Optional) Expand Advanced options to upload a JSON file or add inline configuration parameters.
  6. Click Create.

The new credential appears in the list and can be copied into your applications. Credentials are generated as one-time view only, so be sure to store them securely after creation.

Using service credentials

In Gen 2 deployments, service credentials are required as the first step to connect. Unlike Gen 1, an admin password is not provided by default. If no credential exists, you are prompted to create one on the Overview page before you can establish any database connection.

  • A service credential contains the username, password, and connection strings needed to connect to your database.
  • The credentials can be used directly in your application, or integrated with IBM Cloud® Secrets Manager for centralized key management.
  • If you delete a credential, you must create a new one to continue connecting.

For more information, see Managing service credentials.