At Elastic, we're constantly engaged with our customers and users to learn more about how they're using our software stack. I recently had the opportunity to learn more about Viewpost, a leading provider of online invoice payment software, who uses Elasticsearch to power search for its financial application suite, allowing their customers to find specific business partners, look up invoice payables and receivables, and quickly navigate around the application.
Because of the sensitive nature of the invoice and payment data, Viewpost aims to meet and exceed security regulations such as ISO 9000 and SSAE 16. They had been trying to use a community-created Elasticsearch plugin to secure their data, but found it complicated to set up, maintain, and verify. After Shield, Elastic’s security plugin, was released, Viewpost was able to upgrade their deployment within a few weeks, leveraging tightly integrated authentication, encryption, and role-based access control to to meet their security requirements.
Here's a snippet from my conversation with Tommy Bollhofer – Viewpost's resident Database Architect – who gives a bit more insight into how Viewpost uses Elasticsearch and Shield to power their SaaS financial application:
What is your title and what are you/your team responsible for at Viewpost?
Database Architect. We are responsible for architecture, design, support, maintenance, administration, and optimization of relational and non-relational distributed database systems.
How did you find and first start using Elasticsearch?
Several uses cases for double wild card search functionality within the application lead us to review both Elasticsearch and Solr. We chose Elasticsearch for many reasons, including the speed at which Elasticsearch responds to user feedback and incorporates new features into the product, and that it's platform agnostic which allows us to run local instances of Elasticsearch on our development machines.
How has your Shield experience compared to using Jetty?
Security is the foundation to our product and we wanted to ensure we had both TLS and authentication enabled with our initial rollout of Elasticsearch. Prior to Shield, the only viable option was Jetty. The installation, configuration, maintenance, and integration of Elasticsearch using the Jetty plug-in was very cumbersome. It lacked support for LDAP integration, logging, etc. We started using the Shield plug-in during its initial beta release. It exceeded our expectations and we were able to quickly transition from Jetty to Shield with ease.
What has been the most fun, surprising, or satisfying moment in your Elastic journey so far?
Elasticsearch was one of the first non-relational distributed database systems in our environment which in and of itself was a big step forward. The rich feature set in Elasticsearch, in conjunction with the support we received, allowed us to move very quickly, delivering a rich, full-fledged search experience to our customers.
Interested in being part of our next Customer or Community Spotlight? Drop us a line at firstname.lastname@example.org.