This section provides an overview of the features available for the Elasticsearch offering for the ObjectRocket cloud platform.
All ObjectRocket Elasticsearch offerings include a dedicated Kibana instance that ObjectRocket automatically configures to connect to your Elasticsearch cluster. Kibana lets you use charts and graphs to build rich visualizations of your Elasticsearch data.
This section includes information about security.
All clusters run on dedicated, single-tenant containers to give isolation at the process and filesystem level. In addition, ObjectRocket completely isolates the network of each instance from other instances on the service.
Secure Socket Layer (SSL)/Transport Layer Security (TLS) is enabled on all Elasticsearch clusters and includes https connection strings for the following:
- Elasticsearch REST API
ACLs and IP whitelisting¶
Access Control Lists (ACLs) gate all access to Elasticsearch clusters, so only the specified IPs or IP ranges will have access to the cluster. ObjectRocket allows separate ACLs for the Elasticsearch REST API, Cerebro, and Kibana.
ObjectRocket for Elasticsearch clusters require user authentication for all communications. This platform has the following different user roles:
- Admin: Full read/write access to Elasticsearch and Kibana
- Read only: Read-only access to Elasticsearch
- Kibana: Similar to read only, but with added permissions to change Kibana dashboards
Encryption at rest¶
ObjectRocket enables encryption at rest by default on all instances, which provides the following functionality:
- Volume-level encryption secures storage volumes on the cluster by encrypting them on the disk.
- ObjectRocket manages your encryption keys, so you don’t have to.
- All backups and snapshots of that cluster are also encrypted.