Gain alerting, SSO, RBAC via Open Distro for Elasticsearch

[mogul]

In order to reduce the bespoke parts in logsearch-for-cloudfoundry and get more out-of-the-box features, it may be worth ~switching from plain old Elasticsearch to the~ adding the plugins from "Open Distro for Elasticsearch" which includes many features formerly only available in proprietary Elastic/X-pack extensions.

---

AWS, Netflix, and Expedia have released an open source "distro" for Elasticsearch which adds many features: https://aws.amazon.com/blogs/opensource/keeping-open-source-open-open-distro-for-elasticsearch/

In the first release, we will include many new advanced but completely open source features including encryption-in-transit, user authentication, detailed auditing, granular roles-based access control, event monitoring and alerting, deep performance analysis, and SQL support. [...] The security features available in this initial release include encryption-in-transit, native Active Directory, LDAP, and OpenID authentication, roles-based and granular access control, and audit logging. Other key features include integrated event monitoring and alerting that opens up the full flexibility of the Elasticsearch query language to notify you of changes in your data, SQL support including REST and JDBC support, and an advanced performance analyzer.

Notable for logsearch-for-cloudfoundry use-cases:

• SAML/SSO

  With Open Distro for Elasticsearch, you can leverage your existing authentication infrastructure such as LDAP/Active Directory, SAML, Kerberos, JSON web tokens, TLS certificates, and Proxy authentication/SSO for user authentication.

• multi-tenant support:

  Open Distro for Elasticsearch also supports multi-tenant environments, allowing multiple teams to share the same cluster while only being able to access their team's data and dashboards.

• monitoring and alerting

  With Open Distro for Elastisearch, you can easily create monitors using the Kibana UI with a simple visual editor or with an Elasticsearch query. This gives you the flexibility to query the data most interesting to you and receive alerts on it. Open Distro for Elasticsearch provides multiple alerting options with built-in integrations for webhook and Slack. Webhook support integrates with your existing monitoring infrastructure or any third-party system.

• an alert manager

  A complete history of all alert executions are indexed in Elasticsearch for easy tracking and visualization in Kibana. What are my active alerts? How frequently has this monitor been in alert? Are my alerts executing? What actions were taken? All of this information is easily accessible from the user interface.

[axelaris]

Hi @mogul, thank you for heads up! That's probably make sense, are you going to submit a PR? ;-)

[mogul]

I wish. :) Maybe once my team staffs back up, but we're barebones on cloud.gov at the moment.

[Infra-Red]

Is it possible to upgrade existing clusters from Elastic distribution to Open Distro?

Sent from my iPhone

On Mar 12, 2019, at 09:21, Bret Mogilefsky notifications@github.com wrote:

I wish. :) Maybe once my team staffs back up, but we're barebones on cloud.gov at the moment.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

[mogul]

No idea, it will definitely take some investigation. However given that "Open Distro" is trying to stay compatible and ship patches to the upstream distribution, it seems likely.

On Mon, Mar 11, 2019 at 11:36 PM Andrei Krasnitski notifications@github.com wrote:

Is it possible to upgrade existing clusters from Elastic distribution to Open Distro?

Sent from my iPhone

On Mar 12, 2019, at 09:21, Bret Mogilefsky notifications@github.com wrote:

I wish. :) Maybe once my team staffs back up, but we're barebones on cloud.gov at the moment.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/cloudfoundry-community/logsearch-for-cloudfoundry/issues/315#issuecomment-471875469, or mute the thread https://github.com/notifications/unsubscribe-auth/AAC6kjo6G5coNAAPMY7zpv2f38bf-Rleks5vV0r8gaJpZM4bptZI .

[mogul]

ODfE can now easily be installed plugin-by-plugin in any existing ELK: https://discuss.opendistrocommunity.dev/t/download-and-install-your-plugin-of-choice-from-open-distro-for-elasticsearch-0-8-0/492

[Infra-Red]

Elastic just announced that security features are now free for everyone. https://www.elastic.co/blog/security-for-elasticsearch-is-now-free Probably we all know why 😄

[mogul]

It's not all of their security features, though, and not in the open source version: https://www.elastic.co/subscriptions

[bengerman13]

@axelaris I see this is in progress and I also see the new tls-related ODfE features. Is someone already working on setting up document-level security using ODfE? If not, is that something that would be welcome in a PR? I think this could effectively replace the existing auth plugin.