Is elasticsearch support subscription required to enable SSL

abhijat · June 7, 2017, 9:49pm

I would like to secure communication between my client app and elasticsearch. I would also like to do the same for elasticsearch's inter-node communication.

Question: Do I need to purchase elasticsearch's support subscription? The communication between my client app and elasticsearch is done using elasticsearch REST client.

Thanks,
Abhijat

ugosan · June 8, 2017, 6:53pm

You don't necessarily need to buy a subscription to enable SSL/TLS between nodes, but is much easier to set it up with x-pack, see: https://www.elastic.co/guide/en/x-pack/current/ssl-tls.html

Without a subscription you have to manage it all by yourself, using NGINX as a reverse proxy on every node, and serving the certificates through it.

abhijat · June 8, 2017, 7:06pm

Thanks @ugosan.

Does the same apply for communication between my client application and elasticsearch?

Referring to the link https://www.elastic.co/subscriptions, I see that x-pack basic license does not seem to support encryption.

ugosan · June 8, 2017, 7:25pm

It would be the same between client application and elasticsearch, yes.

The basic subscription doesn't support a lot of features, but you might want to take a look at https://cloud.elastic.co which is great - you have access to a Platinum license (with graph, alerts, etc.) for clusters under 64GB RAM.

abhijat · June 8, 2017, 7:31pm

Right... we will be evaluating elastic cloud but at present I am not there yet. Thus for my self-hosted elasticsearch cluster, do I need the platinum support subscription to enable encryption everywhere? (between nodes and between client and the cluster itself)

ugosan · June 8, 2017, 7:33pm

Well if you dont need document-level authentication, you might just go with a GOLD subscription and it would be enough.

abhijat · June 8, 2017, 9:33pm

So, I take two things out of this discussion

I need a support subscription.
I am using ES REST client for communication between my client app and ES cluster, I believe, I will need the platinum subscription because it is the one that provides that support (as far as I understand).

Let me know if I have missed anything.

Christian_Dahlqvist · June 9, 2017, 6:26am

Both Gold and Platinum offers encryption between Elasticsearch nodes as well as between clients and the cluster. This is covered under Native authentication, encrypted communications in the feature matrix on the subscriptions page.

abhijat · June 9, 2017, 7:42am

Thanks @Christian_Dahlqvist

What is "Encryption at rest support" under X-pack for Platinum package then?

Christian_Dahlqvist · June 9, 2017, 7:43am

That is related to encrypting data when it is stored ('resting') on disk.

abhijat · June 9, 2017, 7:56am

Thank you.

system · July 7, 2017, 7:56am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.