This page provides important recommendations for CockroachDB Cloud production deployments.
Follow the SQL Best Practices
To ensure optimal SQL performance for your CockroachDB Cloud cluster, follow the best practices described in the SQL Performance Best Practices guide.
Use a pool of persistent connections
Creating the appropriate size pool of connections is critical to gaining maximum performance in an application. Too few connections in the pool will result in high latency as each operation waits for a connection to open up. But adding too many connections to the pool can also result in high latency as each connection thread is being run in parallel by the system. The time it takes for many threads to complete in parallel is typically higher than the time it takes a smaller number of threads to run sequentially.
For guidance on sizing, validating, and using connection pools with CockroachDB, see Use Connection Pools.
Keeping connections current
After an application establishes a connection to CockroachDB Cloud, those connections can occasionally become invalid. This could be due to changes in the cluster topography, rolling upgrades and restarts, network disruptions, or cloud infrastructure unavailability.
Make sure connection validation and retry logic is used by your application. Validating and retrying connections is typically handled by the driver, framework, or the connection pool used by an application. For guidance on connection pool sizing, connection validation, and connection retry logic, see Use Connection Pools.
Transaction retries
When several transactions try to modify the same underlying data concurrently, they may experience contention that leads to transaction retries. To avoid failures in production, your application should be engineered to handle transaction retries using client-side retry handling.
Authorize the right network (Dedicated)
CockroachDB Dedicated requires you to authorize the networks that can access the cluster to prevent denial-of-service and brute force password attacks. During the application development phase, you might have authorized only your local machine’s network. To move into production, you need to authorize your application server’s network.
To verify that you have authorized the application server's network, navigate to the Networking page on the CockroachDB Cloud Console and check if you see the application server network in the list of authorized networks. If you do not see the application server network in the list, authorize the network.
Configure PCI ready features (Dedicated advanced)
CockroachDB Dedicated advanced has access to all features required for PCI readiness. You should configure these settings to make your cluster PCI ready:
- Audit logs
- Customer-Managed Encryption Keys (CMEK)
- Egress Perimeter Controls
- Single Sign-On (SSO) for your CockroachDB Cloud organization and your clusters
- Network security
You can check the status of these features on the PCI ready page of the CockroachDB Cloud Console.
Was this helpful?
