Given the following use case:
Filebeat and Metricbeat installed on 10 centos. Each centos location represents a different customer (tenant):
Topology and authentication
Can we authenticate each feed and make sure that each connection is identified and tied back to a tenant ?
In an ideal world they all talk back to a single connection point in the cloud. Let's say it's something like this...
i. DNS Name: Telemetry.mysecure.com
ii. PORT: 443
Does each device register with the system and identify itself so we can track its information independently?
I guess, each Customer will register with a separate node (=tenant), correct?
Does Elastic Search make sure one device can't impersonate another and hijack their data slot?
Does Elastic Search make sure one device cant contaminate another's data feed, that would be bad?
Infrastructure
Can we host multiple customers with multiple systems on a single node?
Or is one node dedicated to one Customer with multiple systems?
Is TLS encryption included, in case we buy 3 or more nodes per year?
I'm not sure what you are asking. Assuming you authenticate each feed with a unique user account, then the security would be controlled as to what indices they could read and write. The monitoring interface could be configured to include the beats from each feed.
However, it's sometimes better to use a common index for like data, in the case of common indices, the agent.hostname would be unique for each sending host.
Control this with unique account security.
Elasticsearch is best as a multi node redundant service. Maybe this will help.
TLS is included and recommended. There is a setup for node-to-node communication and a seperate setup for client communication. If you add nodes, you need to add them to the certificates for node-to-node communication.
How many nodes are required for 10-12 of our Customers (segregated by unique API key), each having between 2-10 Filebeat and Metricbeat Agents installed on Linux servers?
I understand that:
Each customer devices would share a unique API key –feeds coming from the same API key (whether 1 or 20 devices ) can be aggregated in a) the main index or b) dedicated customer specific index or c) both
Feeds are TLS encrypted end to end.
Feeds can talk to the same DNS hostname: COMMS.mysecure.com:443 behind this DNS hostname the Logstash component identity API keys, filter and forward to Elastic index/indexes
Nodes depend on amount of data – possibly Elastic have a Sizing document to help calculate this
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.