Skip to content

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.
  • Labs icon Lab
  • A Cloud Guru
Google Cloud Platform icon
Labs

Encrypt the Elasticsearch Transport Network

No matter what technology we are working with, we always need to be mindful of security. Big data platforms are certainly no exception, as they can contain massive amounts of sensitive data that must be protected. Elasticsearch has made securing your cluster very easy with native security configurations and tools to ensure that your data is only accessible to authorized users. In this hands-on lab, you will do the following: * Encrypt the transport network of an Elasticsearch cluster * Enable user authentication in Elasticsearch * Set built-in Elasticsearch user passwords

Try for free Contact sales
Google Cloud Platform icon
Labs

Path Info

Level
Clock icon Intermediate
Duration
Clock icon 1h 30m
Published
Clock icon Jul 17, 2020

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.

Table of Contents

  1. Challenge

    Configure transport network encryption.

    Using the Secure Shell (SSH), log in to each node as cloud_user via the public IP address.

    Become the root user with:

    sudo su -

    Add the following to /etc/elasticsearch/elasticsearch.yml on each node:

    # --------------------------------- Security -----------------------------------
#
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certificate.p12
xpack.security.transport.ssl.truststore.path: certificate.p12

  2. Challenge

    Restart Elasticsearch.

    Start Elasticsearch with:

    systemctl start elasticsearch

  3. Challenge

    Set the password for each built-in user.

    Set the built-in user passwords using the elasticsearch-setup-passwords utility on the master-1 node:

    /usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive

    Use the following passwords:

    User: elastic
Password: elastic_566

User: apm_system
Password: apm_system_566

User: kibana
Password: kibana_566

User: logstash_system
Password: logstash_system_566

User: beats_system
Password: beats_system_566

User: remote_monitoring_user
Password: remote_monitoring_user_566
A Cloud Guru - Labs - Encrypt the Elasticsearch Transport Network
Author
A Cloud Guru

The Cloud Content team comprises subject matter experts hyper focused on services offered by the leading cloud vendors (AWS, GCP, and Azure), as well as cloud-related technologies such as Linux and DevOps. The team is thrilled to share their knowledge to help you build modern tech solutions from the ground up, secure and optimize your environments, and so much more!

What's a lab?

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Provided environment for hands-on practice

We will provide the credentials and environment necessary for you to practice right within your browser.

Guided walkthrough

Follow along with the author’s guided walkthrough and build something new in your provided environment!

Did you know?

On average, you retain 75% more of your learning if you get time for practice.

Start learning by doing today

View Plans