You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
* Any node can communicate with another node on the same major version. For example, 9.0 can talk to any 9.x node.
4
+
* Version compatibility is symmetric, meaning that if 7.16 can communicate with 8.0, 8.0 can also communicate with 7.16. The following table depicts version compatibility between local and remote nodes.
Elastic only supports {{ccs}} on a subset of these configurations. See [Supported {{ccs}} configurations](../../../solutions/search/cross-cluster-search.md#ccs-supported-configurations).
Copy file name to clipboardExpand all lines: deploy-manage/remote-clusters/ec-edit-remove-trusted-environment.md
+16-18Lines changed: 16 additions & 18 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -12,7 +12,7 @@ From a deployment’s **Security** page, you can manage trusted environments tha
12
12
* You want to remove or update the access level granted by a cross-cluster API key.
13
13
14
14
15
-
## Remove a trusted environment [ec_remove_a_trusted_environment]
15
+
## Remove a certificate-based trusted environment [ec_remove_a_trusted_environment]
16
16
17
17
By removing a trusted environment, this deployment will no longer be able to establish remote connections using certificate trust to clusters of that environment. The remote environment will also no longer be able to connect to this deployment using certificate trust.
18
18
@@ -25,9 +25,9 @@ With this method, you can only remove trusted environments relying exclusively o
25
25
2. In the list of trusted environments, locate the one you want to remove.
26
26
3. Remove it using the corresponding `delete` icon.
4. Edit the trust configuration for that environment:
47
47
48
-
* From the **Trust level** tab, you can add or remove trusted deployments.
49
-
* From the **Environment settings** tab, you can manage the certificates and the label of the environment.
48
+
* From the **Trust level** tab, you can add or remove trusted deployments.
49
+
* From the **Environment settings** tab, you can manage the certificates and the label of the environment.
50
50
51
51
5. Save your changes.
52
52
@@ -68,16 +68,14 @@ If you need to update the permissions granted by a cross-cluster API key for a r
68
68
69
69
* For the **Setting name**, enter the same alias that was used for the previous key.
70
70
71
-
::::{note}
72
-
If you use a different alias, you also need to re-create the remote cluster in {{kib}} with a **Name** that matches the new alias.
73
-
::::
71
+
::::{note}
72
+
If you use a different alias, you also need to re-create the remote cluster in {{kib}} with a **Name** that matches the new alias.
73
+
::::
74
74
75
-
* For the **Secret**, paste the encoded cross-cluster API key.
76
-
77
-
1. Click **Add** to save the API key to the keystore.
75
+
* For the **Secret**, paste the encoded cross-cluster API key, then click **Add** to save the API key to the keystore.
78
76
79
77
6. Restart the local deployment to reload the keystore with its new setting. To do that, go to the deployment’s main page (named after your deployment’s name), locate the **Actions** menu, and select **Restart {{es}}**.<br>
80
78
81
-
::::{note}
82
-
If the local deployment runs on version 8.13 or greater, you no longer need to perform this step because the keystore is reloaded automatically with the new API keys.
83
-
::::
79
+
::::{note}
80
+
If the local deployment runs on version 8.14 or greater, you no longer need to perform this step because the keystore is reloaded automatically with the new API keys.
Copy file name to clipboardExpand all lines: deploy-manage/remote-clusters/ec-enable-ccs.md
+11-8Lines changed: 11 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -21,7 +21,15 @@ You can configure an {{ech}} deployment to remotely access or (be accessed by) a
21
21
22
22
To use CCS or CCR, your deployments must meet the following criteria:
23
23
24
-
* The local and remote clusters must run on compatible versions of {{es}}. Review the [version compatibility](https://www.elastic.co/guide/en/elasticsearch/reference/current/remote-clusters-cert.html#remote-clusters-prerequisites-cert) table.
24
+
* The local and remote clusters must run on compatible versions of {{es}}. Review the version compatibility table.
* If your deployment was created before February 2021, the Remote clusters page in {{kib}} must be enabled manually from the **Security** page of your deployment, by selecting **Enable CCR** under **Trust management**.
30
+
* To use a remote cluster for {{ccr}} or {{ccs}}, you need to create user roles with [remote indices privileges](../users-roles/cluster-or-deployment-auth/defining-roles.md#roles-remote-indices-priv) on the local cluster. Refer to [Configure roles and users](remote-clusters-api-key.md#remote-clusters-privileges-api-key).
31
+
32
+
## Set up remote clusters with {{ech}}
25
33
26
34
The steps, information, and authentication method required to configure CCS and CCR can vary depending on where the clusters you want to use as remote are hosted.
27
35
@@ -39,12 +47,7 @@ The steps, information, and authentication method required to configure CCS and
39
47
*[From a deployment of another {{ecloud}} organization](ec-remote-cluster-other-ess.md)
40
48
*[From an ECE deployment](https://www.elastic.co/guide/en/cloud-enterprise/{{ece-version-link}}/ece-enable-ccs.html)
41
49
*[From a self-managed cluster](https://www.elastic.co/guide/en/elasticsearch/reference/current/remote-clusters.html)
42
-
43
-
44
-
45
-
## Enable Remote clusters in {{kib}} [ec-enable-ccr]
46
-
47
-
If your deployment was created before February 2021, the Remote clusters page in {kib} must be enabled manually from the **Security** page of your deployment, by selecting **Enable CCR** under **Trust management**.
50
+
*[From an ECK environment](ec-enable-ccs-for-eck.md)
48
51
49
52
50
53
## Remote clusters and traffic filtering [ec-ccs-ccr-traffic-filtering]
* Filtering by Organization or {{es}} cluster ID with a Remote cluster type filter. You can configure this type of filter from the **Features** > **Traffic filters** page of your organization or using the [{{ecloud}} RESTful API](https://www.elastic.co/docs/api/doc/cloud) and apply it from each deployment’s **Security** page.
63
66
64
67
::::{note}
65
-
When setting up traffic filters for a remote connection to an {{ece}} environment, you also need to upload the region’s TLS certificate of the local cluster to the {{ece}} environment’s proxy. You can find that region’s TLS certificate in the Security page of any deployment of the environment initiating the remote connection.
68
+
When setting up traffic filters for a remote connection to an {{ece}} environment, you also need to upload the region’s TLS certificate of the local cluster to the {{ece}} environment’s proxy. You can find that region’s TLS certificate in the **Security** page of any deployment of the environment initiating the remote connection.
0 commit comments