Implementing shield in multi node cluster

security

(Sam) #1

We already have a cluster with 3 master nodes , 5 data nodes, 3 client nodes, 1 node for monitoring(kibana and marvel to monitor the cluster - not part of the cluster ). We currently don't have shield. We are planning to implement Shield. For now, we are planning to use only basic auth. Just create a admin and user role and share the user basic auth credentials to teams that consume the data in elastic search(so that they can make only GET calls). We will keep the admin credentials within a closed group. Can someone please me understand which nodes require shield installation and what are the factors / attributes that have to be considered?

Thanks,
Sam


(Steve Kearns) #2

Hi Sam,

Glad to hear youre planning to use Shield! You will need to install Shield
on all nodes in the cluster, amd set up the two users. Also, you can (and
should) enable SSL/TLS when you go to production. I suggest following our
getting started guide in the docs:

https://www.elastic.co/guide/en/shield/current/getting-started.html

If you have specific questions, feel free to ask in this forum, but if
you'd like to talk with a person, feel free to reach out to sales@elastic.co!

Thanks,
Steve


(system) #3