Is it needed a paid license to use the Java Transport Client in Elasticsearch 7.4?

Hi, we are using the Java Transport Client against an Elasticsearch 6.8.
But we are going to install a new cluster with an Elasticsearch 7.4 and are going to connect the application to it.
We know that the Java High Level REST Client is recommended instead, we will migrate the code, but in a 2nd phase.

As the X-Pack changed I have some important doubts about licenses.
I have checked the Elastic subscriptions but it is in some cases too general regarding security.
My questions are the following:

  1. Is the Java Transport Client supported in Open Source version?
  2. Is the Java Transport Client supported in Basic license version?
  3. If it is supported in Open Source version, then what are the elasticsearch.yml configuration properties I should configure to enable it?
  4. Is there any other more detailed documentation about the options supported by each License/Subscription type and also Open Source?

Thanks

Yes, but it is being deprecated. I believe it will no longer be available with Elasticsearch 8.x.

Yes.

It is enabled by default on port 9300 as it is the protocol used by nodes to communicate internally within the cluster.

1 Like

Thanks @Christian_Dahlqvist.

However I found several parts in the documentation that are confusing me.

As far as I know, to be able to use the Java Transport Client, the cluster must have the security enabled.

  • In the "Enable Elasticsearch security features" docu there are 2 sentences that confuse me:
    • At the beginning:
      • When you use the basic and trial licenses, the Elasticsearch security features are disabled by default.

    • Regarding setting the property xpack.security.enabled to true in the elasticsearch.yml. This make me doubt if it is supported in Open Source and Basic versions to set the value to true:
      • If you have a basic or trial license, the default value for this setting is false. If you have a gold or higher license, the default value is true. Therefore, it is a good idea to explicitly add this setting to avoid confusion about whether security features are enabled.

  • In the " Security settings in Elasticsearch" docu I can find similar notes:
    • By default, the Elasticsearch security features are disabled when you have a basic or trial license.

    • If you have gold or higher licenses, the default value is true

Maybe all of those sentences are just meaning "remember to set the true value if you are not using a paid license" but for me it is confusing not seeing anywhere in the documentation if Transport is supported or not in Open Source and Basic license.

Actually the option Open Source does not appear in none of those sentences.
So:

  1. My doubts make sense or the sentences just mean what I say at the end?
  2. In 2nd case, what about Open Source? Will it support the Java Transport Client?
  3. If it does, would it also support having a different port (actually a profile) for the Java Transport Client? Explained in the " Separating node-to-node and client traffic" docu.

It seems you are mixing two concepts, use of transport client and whether the Elasticsearch cluster can be secured or not.

The transport client works against secured and unsecured Elasticsearch clusters. It therefore works against open-source clusters where security features are not included and clusters that use the default distribution where security features are now included and available with the free Basic license.

1 Like

I don't think so.

But anyway. Don't use the TransportClient. Use the rest client.

Thanks both.

We need to keep the Java Transport Client in a 1st phase, then we will migrate the new REST one.
That is not the point of this question. We know about its deprecation in v8, but we cannot do it now.

@Christian_Dahlqvist, thanks, you are true, in the Java Transport Client documentation it is described how to connect to an unsecured cluster (without SSL). I didn't remember as we do connect to a secured cluster.

We exactlly connect as it is described here in the official docu, so against a secured cluster but without client authentication.

In this context

  1. is it possible to connect the Java Transport Client to a secured cluster that is version Open Source?
    • I understand the answer for this is NO, right?
  2. and if the cluster has Basic license?
    • I understand the answer for this is YES, right?

Th transport client can communicate with open-source clusters, but there is no security included in the open-source distribution.

Yes, that is correct.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.