Can we use the free ElasticSearch encryption for production environments?

Hi I read this

"Elasticsearch now includes free security features by default, which will help ensure you don’t need to run an unprotected cluster." Which is in in https://www.elastic.co/blog/dear-search-guard-users
We have the ELK stack version 6.8.2 and want to know if we can use the newly released free encryption for production use and not just proof of concepts of demonstration environments? We want to encrypt the communication to and from ElasticSearch

Just let me know, thanks
James

PS When I read your blog posts they do not mention any restrictions but I think the license for it is the "commercial" license which requires the purchase of xpack licenses

The free security features are covered by the basic level of the Elastic license which does not require you to purchase anything and does permit many production uses. You should read the whole license to be sure whether your case is permitted or not -- it's quite short and readable as these things go -- or consult a lawyer if you are unsure.

David, thanks I read this and I interpret this differently than our lawyers do.


Our lawyers think this " However, upon closer examination this code is partially licensed under Apache 2.0 while the x-pack code is under an Elastic License which only permits use for internal business purposes"

I read your license as allowing us to use the free ssl encryption with our customers for both our customers taht will deploy our software on-site and in our hosted cloud (SaaS) offering. We would like to ship our product to customers using elastic.co search and use the free encryption and also host our product using elastic.co free ssl encryption. The elastic search is just a small part of our solution, the primary feature of our software is to detect financial fraud.

The only possible issue is this
(iv) use Elastic Software

Object Code for providing time-sharing services, any software-as-a-service,
service bureau services or as part of an application services provider or
other service offering (collectively, "SaaS Offering") where obtaining access
to the Elastic Software or the features and functions of the Elastic Software
is a primary reason or substantial motivation for users of the SaaS Offering
to access and/or use the SaaS Offering ("Prohibited SaaS Offering");

I claim that using Elastic.co is NOT "is a primary reason or substantial motivation for users of the SaaS Offering to access and/or use the SaaS Offering " as the primary reason for using our software is to detect fraud and elastic.co search is not the primary reason for using our software.

Sorry to bother you but do you think my interpretation is correct?

I'm not a lawyer, and certainly not your lawyer, so I'm afraid I cannot answer that. Fortunately the license covers this eventuality in the last sentence of paragraph 1.2:

I suggest you email that address for clarification.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.