Remote clustersedit

You can connect a local cluster to other Elasticsearch clusters, known as remote clusters. Remote clusters can be located in different datacenters or geographic regions, and contain indices or data streams that can be replicated with cross-cluster replication or searched by a local cluster using cross-cluster search.

Cross-cluster replicationedit

With cross-cluster replication, you ingest data to an index on a remote cluster. This leader index is replicated to one or more read-only follower indices on your local cluster. Creating a multi-cluster architecture with cross-cluster replication enables you to configure disaster recovery, bring data closer to your users, or establish a centralized reporting cluster to process reports locally.

Cross-cluster searchedit

Cross-cluster search enables you to run a search request against one or more remote clusters. This capability provides each region with a global view of all clusters, allowing you to send a search request from a local cluster and return results from all connected remote clusters. For full cross-cluster search capabilities, the local and remote cluster must be on the same subscription level.

Add remote clustersedit

The instructions that follow describe how to create a remote connection from a self-managed cluster. You can also set up cross-cluster search and cross-cluster replication from an Elasticsearch Service deployment or from an Elastic Cloud Enterprise deployment.

To add remote clusters, you can choose between two security models and two connection modes. Both security models are compatible with either of the connection modes.

Security modelsedit

API key based security model
For clusters on version 8.14 or later, you can use an API key to authenticate and authorize cross-cluster operations to a remote cluster. This model offers administrators of both the local and the remote cluster fine-grained access controls. Add remote clusters using API key authentication.
Certificate based security model
Uses mutual TLS authentication for cross-cluster operations. User authentication is performed on the local cluster and a user’s role names are passed to the remote cluster. In this model, a superuser on the local cluster gains total read access to the remote cluster, so it is only suitable for clusters that are in the same security domain. Add remote clusters using TLS certificate authentication.

Connection modesedit

Sniff mode

In sniff mode, a cluster is created using a name and a list of seed nodes. When a remote cluster is registered, its cluster state is retrieved from one of the seed nodes and up to three gateway nodes are selected as part of remote cluster requests. This mode requires that the gateway node’s publish addresses are accessible by the local cluster.

Sniff mode is the default connection mode.

The gateway nodes selection depends on the following criteria:

  • version: Remote nodes must be compatible with the cluster they are registered to.
  • role: By default, any non-master-eligible node can act as a gateway node. Dedicated master nodes are never selected as gateway nodes.
  • attributes: You can define the gateway nodes for a cluster by setting cluster.remote.node.attr.gateway to true. However, such nodes still have to satisfy the two above requirements.
Proxy mode

In proxy mode, a cluster is created using a name and a single proxy address. When you register a remote cluster, a configurable number of socket connections are opened to the proxy address. The proxy is required to route those connections to the remote cluster. Proxy mode does not require remote cluster nodes to have accessible publish addresses.

The proxy mode is not the default connection mode and must be configured. Proxy mode has the same version compatibility requirements as sniff mode.