Elastic
Loading

Post-installation steps

ECE

After your Elastic Cloud Enterprise installation is up, some additional steps might be required. For a complete list of configurable features in ECE, refer to Configure ECE.

Tip

To start creating Elasticsearch deployments directly, refer to Working with deployments.

  • Add your own load balancer. Load balancers are user supplied and we do not currently provide configuration steps for you.

  • In production systems, add your own Cloud UI and Proxy certificates to enable secure connections over HTTPS. The proxy certificate must be a wildcard certificate signed for the needed DNS records of your domain.

    Note

    The default DNS resolution provided by Elastic is not intended for production use. Refer to Wildcard DNS record for more information.

    If you intend to use custom endpoint aliases functionality, ensure you add the necessary Subject Alternative Name (SAN) entries to the proxy certificate.

  • Optionally, if you want the deployment endpoint links and Single-sign on to work with your domain name, configure it as the deployment domain name in the Platform > Settings section of the Cloud UI. The domain name is used to generate the endpoint URLs and must align with your proxy certificate and DNS record.

    Tip

    For example, if your proxy certificate is signed for *.elastic-cloud-enterprise.example.com and you have a wildcard DNS register pointing *.elastic-cloud-enterprise.example.com to your load balancer, you should configure elastic-cloud-enterprise.example.com as the deployment domain name in Platform → Settings. Refer to Change endpoint URLs for more details.

  • If you received a license from Elastic, manage the licenses for your Elastic Cloud Enterprise installation.

  • Add more platform users with role-based access control.

  • Add a snapshot repository to enable regular backups of your Elasticsearch clusters.

  • Consider enabling encryption-at-rest (EAR) on your hosts.

    Note

    Encryption-at-rest is not implemented out of the box in Elastic Cloud Enterprise. Learn more.

  • Learn about common maintenance activities—such as adding capacity, applying OS patches, and addressing host failures--at ECE maintenance.

Warning

During installation, the system generates secrets that are placed into the /mnt/data/elastic/bootstrap-state/bootstrap-secrets.json secrets file, unless you passed in a different path with the --host-storage-path parameter. Keep the information in the bootstrap-secrets.json file secure by removing it from its default location and placing it into a secure storage location.