Not sure if this idea is going to be offensive or not, but hear me out.
We have a pretty standard log searching setup internally, spread across 40 nodes. It's kind of a pet project for some of our analysts. This setup is using a Basic license, with local accounts.
Recently one of our auditors took offense to the fact the local auth system has no built-in password policies. I know there is a 6 char minimum but he wanted more
Unfortunately there is no way I can business-justify a commercial license for this setup. It's just too much $$$ and the use case isn't one I can sell internally.
I've been trying to figure out if there was a good, inexpensive way to just tick this one checkbox. I looked at ReadOnlyREST and SearchGuard, but don't really like them.
I then came up with this idea: What if I built a 1-node Elastic cluster, licensed it with Gold or Platinum licensing (giving it the ability to tie into Active Directory, which would check my auditor's checkbox), point Kibana to that cluster, and configure Cross Cluster search into the Basic licensed Cluster?
Off the top of my head I can't see any reason this wouldn't work technically. Obv to address the auditor's headspace I'd have to do some firewalling to make sure users couldn't hit the basic cluster directly anymore, but that's not hard.
Question: Does anyone see any reason a commercial cluster wouldn't work doing CCS to a Basic cluster?