Encrypt the Elasticsearch Transport Network

1.5 hours
  • 3 Learning Objectives

About this Hands-on Lab

No matter what technology we are working with, we always need to be mindful of security. Big data platforms are certainly no exception, as they can contain massive amounts of sensitive data that must be protected. Elasticsearch has made securing your cluster very easy with native security configurations and tools to ensure that your data is only accessible to authorized users. In this hands-on lab, you will do the following:

* Encrypt the transport network of an Elasticsearch cluster
* Enable user authentication in Elasticsearch
* Set built-in Elasticsearch user passwords

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Configure transport network encryption.

Using the Secure Shell (SSH), log in to each node as cloud_user via the public IP address.

Become the root user with:

sudo su -

Add the following to /etc/elasticsearch/elasticsearch.yml on each node:

# --------------------------------- Security -----------------------------------
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certificate.p12
xpack.security.transport.ssl.truststore.path: certificate.p12
Restart Elasticsearch.

Start Elasticsearch with:

systemctl start elasticsearch
Set the password for each built-in user.

Set the built-in user passwords using the elasticsearch-setup-passwords utility on the master-1 node:

/usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive

Use the following passwords:

User: elastic
Password: elastic_566

User: apm_system
Password: apm_system_566

User: kibana
Password: kibana_566

User: logstash_system
Password: logstash_system_566

User: beats_system
Password: beats_system_566

User: remote_monitoring_user
Password: remote_monitoring_user_566

Additional Resources

You are the administrator for a 3-node Elasticsearch cluster that has been used so far for ad-hoc, non-sensitive data analysis. However, the organization would like to leverage the analysis capabilities of Elasticsearch with some more sensitive data. Therefore, you will need to secure the cluster by encrypting the transport network and enabling user authentication so that any sensitive data will not be publicly available to anyone with network access.

The security team has already created a PKCS#12 certificate package for you to use with your Elasticsearch cluster. This package has already been deployed at /etc/elasticsearch/certificate.p12 and should be used to encrypt the transport network with certificate-level verification. Once the transport network is encrypted, you will need to set the built-in user passwords, using the elasticsearch-setup-passwords utility, to the following:

| User                   | Password                   |
| elastic                | elastic_566                |
| apm_system             | apm_system_566             |
| kibana                 | kibana_566                 |
| logstash_system        | logstash_system_566        |
| beats_system           | beats_system_566           |
| remote_monitoring_user | remote_monitoring_user_566 |

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?