Enable cross-cluster search and cross-cluster replication

Cross-cluster search (CCS) allows you to configure multiple remote clusters across different locations and to enable federated search queries across all of the configured remote clusters.

Cross-cluster replication (CCR) allows you to replicate indices across multiple remote clusters regardless of where they’re located. This provides tremendous benefit in scenarios of disaster recovery or data locality.

These remote clusters could be:

• Another Elasticsearch cluster of your ECE installation
• An Elasticsearch cluster in a remote ECE installation
• An Elasticsearch cluster hosted on {ecloud}
• Any other self-managed Elasticsearch cluster

Prerequisites

To use CCS or CCR, your environment must meet the following criteria:

• Local and remote clusters must be in compatible versions. Review the Elasticsearch version compatibility table.
  • System deployments cannot be used as remote clusters or have remote clusters.
• Proxies must answer TCP requests on the port 9400. Check the prerequisites for the ports that must permit outbound or inbound traffic.
• Load balancers must pass-through TCP requests on port 9400. Check the configuration details.

The steps, information, and authentication method required to configure CCS and CCR can vary depending on where the clusters you want to use as remote are hosted.

• Connect remotely to other clusters from your Elastic Cloud Enterprise deployments
  • Access other deployments of the same Elastic Cloud Enterprise environment
  • Access deployments of a different Elastic Cloud Enterprise environment
  • Access deployments of an Elasticsearch Service environment
  • Access clusters of a self-managed environment
  • Access deployments of an ECK environment
• Use clusters from your Elastic Cloud Enterprise deployments as remote
  • From another deployment of the same Elastic Cloud Enterprise environment
  • From a deployment of another Elastic Cloud Enterprise environment
  • From an Elasticsearch Service deployment
  • From a self-managed cluster

Enable CCR and the Remote Clusters UI in Kibana

If your deployment was created before ECE version 2.9.0, CCR won’t be enabled by default and you won’t find the Remote Clusters UI in Kibana even though your deployment meets all the criteria.

To enable these features, go to the Security page of your deployment and under Trust management select Enable CCR.

Note

CCR is not supported for indices used by Enterprise Search.

Remote clusters and traffic filtering

Note

Traffic filtering isn’t supported for cross-cluster operations initiated from an Elastic Cloud Enterprise environment to a remote Elasticsearch Service deployment.

For remote clusters configured using TLS certificate authentication, traffic filtering can be enabled to restrict access to deployments that are used as a local or remote cluster without any impact to cross-cluster search or cross-cluster replication.

Traffic filtering for remote clusters supports 2 methods:

• Filtering by IP addresses and Classless Inter-Domain Routing (CIDR) masks
• Filtering by Organization or Elasticsearch cluster ID with a Remote cluster type filter. You can configure this type of filter from the Platform > Security page of your environment or using the Elastic Cloud Enterprise API and apply it from each deployment’s Security page.

Note

When setting up traffic filters for a remote connection to an Elastic Cloud Enterprise environment, you also need to upload the region’s TLS certificate of the local cluster to the Elastic Cloud Enterprise environment’s proxy. You can find that region’s TLS certificate in the Security page of any deployment of the environment initiating the remote connection.