Our team plans to develop a product that is similar to a security situational awareness platform, and we will sell this product to customers as a commodity. However, customers cannot directly interact with Elasticsearch. They can only access some pages on our platform, such as log search. This page will be developed by ourselves, but the bottom layer calls Elasticsearch to search and return the results to the user.
What I want to ask is, in order to ensure security, we are about to use x-pack's basic security authentication and encrypted communication features. Will this violate the Elastic License 2.0? We do not sell Elasticsearch as a service to customers, but use the basic-level features of x-pack in customers' services.
Looking forward to your professional answer.
Note: I have sent relevant content to elastic_license@elastic.co, but there is still no reply after 22 hours, so I try to contact the elastic team here. Thank you.
And to be clear no one on this site can you give you an official answer to your question, this is a community forum, we do not provide commercial and legal answers or advice.
Like @stephenb I am not a lawyer, so this isn't legal advice. But AIUI whether you use the security features or not doesn't affect any licensing considerations. If you're using a distribution of Elasticsearch downloaded from Elastic (e.g. Download Elasticsearch | Elastic) then my understanding is that you are already using the software under Elastic License 2.0. A subset of the source code is dual-licensed under both Elastic License 2.0 and the SSPL, but in order for your usage to be covered by the SSPL I think you'd have to be building a distribution from the SSPL-only source code yourself.
However the Elastic License 2.0 is very permissive so I wouldn't expect this to be a problem. The FAQ seems to cover your situation:
I am a Managed Service Provider (MSP) running Elasticsearch and Kibana for my customers.
If your customers do not access Elasticsearch and Kibana, this is permitted under ELv2.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.