Xpack setting up security

security

(Leonid Ilyevsky) #1

I am just starting with Elasticsearch 6.5.1 (our current version is 5.6).
Need to use XPack for users, passwords, etc.

Question: Do I necessarily need to setup encryption between nodes? Or I can have authentication for users, encryption for user and Kibana access, but without node-to-node encryption?

I tried to start Elasticsearch without TLS, but then I could not install the XPack license, it gave me an error:

Cannot install a [PLATINUM] license unless TLS is configured or security is disabled

But if i disable security, then I cannot use XPack at all.


(Ioannis Kakavas) #2

Hi Leonid,

Yes, you must setup TLS for the transport layer (node-to-node encryption) in order to enable security. As mentioned in the documentation:

Clusters that do not have encryption enabled send all data in plain text including passwords and will not be able to install a license that enables X-Pack security.