Can we use the free ElasticSearch encryption for production environments?

strouja · September 30, 2019, 4:12pm

Hi I read this

"Elasticsearch now includes free security features by default, which will help ensure you don’t need to run an unprotected cluster." Which is in in https://www.elastic.co/blog/dear-search-guard-users
We have the ELK stack version 6.8.2 and want to know if we can use the newly released free encryption for production use and not just proof of concepts of demonstration environments? We want to encrypt the communication to and from ElasticSearch

Just let me know, thanks
James

PS When I read your blog posts they do not mention any restrictions but I think the license for it is the "commercial" license which requires the purchase of xpack licenses

DavidTurner · September 30, 2019, 4:23pm

The free security features are covered by the basic level of the Elastic license which does not require you to purchase anything and does permit many production uses. You should read the whole license to be sure whether your case is permitted or not -- it's quite short and readable as these things go -- or consult a lawyer if you are unsure.

strouja · September 30, 2019, 4:47pm

David, thanks I read this and I interpret this differently than our lawyers do.

github.com

elastic/elasticsearch/blob/v6.8.2/licenses/ELASTIC-LICENSE.txt

ELASTIC LICENSE AGREEMENT

PLEASE READ CAREFULLY THIS ELASTIC LICENSE AGREEMENT (THIS "AGREEMENT"), WHICH
CONSTITUTES A LEGALLY BINDING AGREEMENT AND GOVERNS ALL OF YOUR USE OF ALL OF
THE ELASTIC SOFTWARE WITH WHICH THIS AGREEMENT IS INCLUDED ("ELASTIC SOFTWARE")
THAT IS PROVIDED IN OBJECT CODE FORMAT, AND, IN ACCORDANCE WITH SECTION 2 BELOW,
CERTAIN OF THE ELASTIC SOFTWARE THAT IS PROVIDED IN SOURCE CODE FORMAT. BY
INSTALLING OR USING ANY OF THE ELASTIC SOFTWARE GOVERNED BY THIS AGREEMENT, YOU
ARE ASSENTING TO THE TERMS AND CONDITIONS OF THIS AGREEMENT. IF YOU DO NOT AGREE
WITH SUCH TERMS AND CONDITIONS, YOU MAY NOT INSTALL OR USE THE ELASTIC SOFTWARE
GOVERNED BY THIS AGREEMENT. IF YOU ARE INSTALLING OR USING THE SOFTWARE ON
BEHALF OF A LEGAL ENTITY, YOU REPRESENT AND WARRANT THAT YOU HAVE THE ACTUAL
AUTHORITY TO AGREE TO THE TERMS AND CONDITIONS OF THIS AGREEMENT ON BEHALF OF
SUCH ENTITY.

Posted Date: April 20, 2018

This Agreement is entered into by and between Elasticsearch BV ("Elastic") and
You, or the legal entity on behalf of whom You are acting (as applicable,
"You").

This file has been truncated. show original

Our lawyers think this " However, upon closer examination this code is partially licensed under Apache 2.0 while the x-pack code is under an Elastic License which only permits use for internal business purposes"

I read your license as allowing us to use the free ssl encryption with our customers for both our customers taht will deploy our software on-site and in our hosted cloud (SaaS) offering. We would like to ship our product to customers using elastic.co search and use the free encryption and also host our product using elastic.co free ssl encryption. The elastic search is just a small part of our solution, the primary feature of our software is to detect financial fraud.

The only possible issue is this
(iv) use Elastic Software

Object Code for providing time-sharing services, any software-as-a-service,
service bureau services or as part of an application services provider or
other service offering (collectively, "SaaS Offering") where obtaining access
to the Elastic Software or the features and functions of the Elastic Software
is a primary reason or substantial motivation for users of the SaaS Offering
to access and/or use the SaaS Offering ("Prohibited SaaS Offering");

I claim that using Elastic.co is NOT "is a primary reason or substantial motivation for users of the SaaS Offering to access and/or use the SaaS Offering " as the primary reason for using our software is to detect fraud and elastic.co search is not the primary reason for using our software.

Sorry to bother you but do you think my interpretation is correct?

DavidTurner · September 30, 2019, 4:58pm

I'm not a lawyer, and certainly not your lawyer, so I'm afraid I cannot answer that. Fortunately the license covers this eventuality in the last sentence of paragraph 1.2:

github.com

elastic/elasticsearch/blob/v6.8.2/licenses/ELASTIC-LICENSE.txt#L52-L56


alter or remove any Marks and Notices in the Elastic Software. If You have any
question as to whether a specific SaaS Offering constitutes a Prohibited SaaS
Offering, or are interested in obtaining Elastic's permission to engage in
commercial or non-commercial distribution of the Elastic Software, please
contact elastic_license@elastic.co.

I suggest you email that address for clarification.

system · October 28, 2019, 4:58pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.