Skip to main content

Encrypt the Elasticsearch Client Network

Hands-On Lab

 

Photo of Myles Young

Myles Young

BigData Training Architect II in Content

Length

01:30:00

Difficulty

Intermediate

No matter what technology we are working with, we always need to be mindful of security. Big data platforms are certainly no exception, as they can contain massive amounts of sensitive data that must be protected. Elasticsearch has made securing your cluster very easy with native security configurations and tools to ensure that your data is only accessible to authorized users. In this hands-on lab, you will have the opportunity to encrypt the client network of an Elasticsearch cluster in order to protect the integrity and privacy of API requests between a client and an Elasticsearch node.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Encrypt the Elasticsearch Client Network

Introduction

No matter what technology we are working with, we always need to be mindful of security. Big data platforms are certainly no exception, as they can contain massive amounts of sensitive data that must be protected. Elasticsearch has made securing your cluster very easy with native security configurations and tools to ensure that your data is only accessible to authorized users. In this hands-on lab, you will have the opportunity to encrypt the client network of an Elasticsearch cluster in order to protect the integrity and privacy of API requests between a client and an Elasticsearch node.

Solution

Begin by logging in to the lab server using the credentials provided on the hands-on lab page:

  ssh cloud_user@PUBLIC_IP_ADDRESS

Configure client network encryption.

Using the Secure Shell (SSH), log in to each node as cloud_user via the public IP address.

Become the root user with:

sudo su -

Add the following to /etc/elasticsearch/elasticsearch.yml on each node:

xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: certificate.p12
xpack.security.http.ssl.truststore.path: certificate.p12

Restart Elasticsearch.

Restart Elasticsearch with:

systemctl restart elasticsearch

Conclusion

Congratulations — you've completed this hands-on lab!