Hi Guys from Elastic.
Could you help me to understand
Objective:
Use the security (X-pack) to connect Kibana with our G-SUITE users and inherit groups
We did a test using elastic and kibana ketstore and works fine [basic license without TLS], but as I read, this only will works in cluster mode if we use TLS implementation because we need elastic in production mode (and cluster mode, I think, enable the production mode).
The use of TLS between fluentd -> Elastic -> Kibana is not our idea as this flow will use internal transport. From Kibana to outside, yes SSL is mandatory.
Just 3 simple questions will help me to clarify my mind
Do I need a Platinum or Enterprise Licence if I want to integrate with Google Accounts, right?
If we still using a basic license, TSL must be enabled?
Is possible to turn off the TLS If we buy a Premium license?
If you're using SSO(like SAML) for Google Accounts, you will need platinum license. I am not aware of an LDAP like offering from Google. That would let you use the Gold license.
The requirement for TLS:
- You have a multi node cluster where nodes do not reside on the same host ( transport layer of elasticsearch is not bound on localhost )
- Security features are enabled ( xpack.security.enabled: true)
- You have any license other than trial
then
Transport layer TLS for elasticsearch needs to be enabled and configured, otherwise elasticsearch nodes will fail to start
So you need all 3 to be forced to use TLS for the ES nodes connections.
Just to get 100%
I'll need to configure TLS certificates between Elastic nodes and also for Kibana to Elastic and Fluent (in my case) to Elastic too, right ?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
