We are happy to announce the release of version 2.2 of Elastic Cloud Enterprise (ECE). This release focuses on bringing many of the recent stack features in a native way to ECE, and providing better security and management in multitenant environments. Some of the new features in ECE 2.2 include:
- Cross-cluster search UI
- Role-based access control (beta)
- Integration with index lifecycle management
- Elasticsearch keystore support
- All new Ansible playbooks to install and manage ECE
Cross-Cluster Search UI
ECE makes it easy to centrally provision and manage many clusters, which simplifies the best practice of having a cluster per tenant or use case, rather than large multitenant clusters. While this is clearly better for each user — they have their own environment that can be easily upgraded on their schedule, no noisy neighbor effects, etc. — there are often benefits to being able to look across all users and clusters. To address this, ECE has included a dedicated API since version 2.1.
Version 2.2 takes this further by providing a slick UI to manage this workflow supporting cross-cluster search (CCS) as a native, first-class deployment template. This lets users easily configure a CCS deployment that can search across several or even all of the deployments managed by ECE in a secure and efficient way. Once the CCS deployment is defined, ECE takes care of all the underlying plumbing to make sure your deployments are configured securely and efficiently for CCS.
Role-based access control (beta)
This is a highly anticipated feature of ECE. In version 2.1 and earlier, ECE had only two predefined users: admin (or root in ECE 1.x) and read-only. The admin user is a super user that can basically do everything in the platform, and the read-only user can view everything but cannot operate on any resource.
Many ECE admins require more fine-grained control over their ECE environment and the ability to create multiple users and audit their interactions with the platform, instead of having to share the root ECE credentials.
ECE 2.2 role-based access control (RBAC) is the first release that supports additional users and roles. With version 2.2, ECE now provides the ability to create multiple users and assign them to one or more of the following pre-configured roles:
- Platform admin: the almighty super user; identical permission to the admin user in previous ECE versions
- Platform viewer: view-only permissions for the entire platform and hosted deployments; identical permissions to the read-only user in previous ECE versions
- Deployments manager: allows users to create and manage deployments on the platform, but does not allow them to access any platform-level operations and resources such as deployment templates, instance configurations, allocators, etc.
- Deployments viewer: allows users to view only deployments, without the ability to operate on them in any way
In addition, you’re also able to configure ECE to authenticate users against a SAML identity provider or an LDAP server, and map users in these user registries to the above roles.
This is the first step in making ECE more secure. As it’s still in beta, we advise ECE users to take that into consideration when enabling this feature. Future versions will include support for custom roles and the ability to define teams and segregate resources across these teams.
Integration with index lifecycle management
Version 6.7 of the Elastic Stack includes a much-awaited feature: index lifecycle management (ILM). With ILM, users can automate the management of indices over their lifetime and automatically apply operations such as index relocation to a different node, force merging and shrinking an index, or deleting it at a different phase in its lifecycle.
Previous versions of ECE baked a more rudimentary index curation functionality into the relevant deployment templates such as hot-warm. In version 2.2, new clusters now leverage the more sophisticated and feature-rich index lifecycle management provided by the Elastic Stack, and implement things like index shrinking, force merging, and even deletion.
The ILM feature relies on node attributes to apply operations such as index relocation. ECE allows admins to assign node attributes to Elasticsearch nodes when defining a deployment template, making these attributes available to cluster owners building ILM policies.
Elasticsearch Keystore support
Keystore is an Elasticsearch tool that allows users to securely store sensitive settings such as credentials for blob store repositories accessed from within Elasticsearch. These include AWS S3, Azure Blob Storage, and Google Cloud Storage.
Since ECE users do not typically have direct access to the Elasticsearch nodes of clusters managed by ECE, they could not take advantage of the Keystore tool in previous ECE versions. Furthermore, secure settings are stored on disk, and ECE may move cluster nodes around in cases of relocation and allocator failure.
With ECE 2.2, users now have API and UI access to create and store secure settings, and ECE makes sure that these settings are always available to cluster nodes, regardless of their location.
All new Ansible playbooks
One of the more common requests from ECE users was the ability to install and manage ECE installation with popular configuration management and infrastructure-as-code tools. With version 2.2, we’re also releasing a number of Ansible playbooks to install and manage ECE more easily.
Ready for 7.0
ECE 2.2 is ready for the Elastic Stack version 7.0, which has also been released today. Greenfield ECE installations will include version 7.0 of the stack automatically, and ECE users who upgraded from earlier versions can simply add the 7.0 stack pack to their environment and upgrade their clusters to 7.0. Another important improvement is that ECE 2.2 will support rolling upgrades from 6.7 to 7.0 without incurring any downtime. That’s right: major version upgrade with zero downtime!
In addition to all the above, we’ve also worked hard on improving the scalability and usability of ECE. Version 2.2 includes a number of important changes on that front, including:
- Performance and stability improvements due to more efficient use of ZooKeeper, which is the heart of the ECE distributed state and coordination layer. This is achieved by significantly reducing the number of connections to ZooKeeper. Clusters from version 6.7 onward will no longer connect directly to ZooKeeper for any purpose, effectively making the platform much more scalable.
- System clusters have been upgraded to version 6.6, which allows users to use the new infrastructure monitoring and logging apps in Kibana to monitor and view logs and metrics of ECE hosts and containers.