You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: deploy-manage/security/secure-cluster-communications.md
+5-4Lines changed: 5 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -43,8 +43,8 @@ Your {{stack}} deployment includes several distinct communication channels that
43
43
The transport layer is used for communication between {{es}} nodes in a cluster. Securing this layer prevents unauthorized nodes from joining your cluster and protects internode data.
44
44
45
45
**Deployment type notes:**
46
-
-**Elastic Cloud & Serverless**: Transport security is fully managed by Elastic. No configuration is required.
47
-
-**ECE/ECK**: Transport security is automatically configured by the operator. No direct user configuration is required.
46
+
-**Elastic Cloud, ECE, and Serverless**: Transport security is fully managed by Elastic. No configuration is required.
47
+
-**ECK**: Transport security is automatically configured by the operator, but you can [customize its service and SSL certificates](/deploy-manage/deploy/cloud-on-k8s/transport-settings.md).
48
48
-**Self-managed**: Transport security must be manually configured following the steps in [Set up basic security](set-up-basic-security.md).
49
49
50
50
## HTTP layer security
@@ -53,7 +53,8 @@ The HTTP layer secures client communication with your {{es}} cluster via its RES
53
53
54
54
**Deployment type notes:**
55
55
-**Elastic Cloud & Serverless**: HTTP security is fully managed by Elastic. No configuration is required.
56
-
-**ECE/ECK**: HTTP security is automatically configured with self-signed certificates. Custom certificates can be configured.
56
+
-**ECE**: HTTP security is automatically enforced at ECE proxies using self-signed certificates and a default [wildcard DNS record](/deploy-manage/deploy/cloud-enterprise/ece-wildcard-dns.md). However, it's recommended to [configure your own certificates](/deploy-manage/security/secure-your-elastic-cloud-enterprise-installation/manage-security-certificates.md).
57
+
-**ECK**: HTTP security is automatically configured with self-signed certificates. Custom certificates and domain names can be configured.
57
58
-**Self-managed**: HTTP security must be manually configured following [Secure HTTP communications](secure-http-communications.md).
58
59
59
60
## {{kib}}-to-{{es}} communications
@@ -73,7 +74,7 @@ Managing certificates is critical for secure communications. Certificates have l
73
74
-**Elastic Cloud & Serverless**: Certificate management is fully automated by Elastic.
74
75
-**ECE**: ECE generates certificates for you. Refer to [](/deploy-manage/security/secure-your-elastic-cloud-enterprise-installation/manage-security-certificates.md).
75
76
76
-
ECK**: Certificate generation and basic rotation is handled by the operator. Custom HTTP certificates require manual management.
77
+
**ECK**: ECK provides flexible options for managing SSL certificates in your deployments, including automatic certificate generation and rotation, integration with external tools like `cert-manager`, or using your own custom certificates. Custom HTTP certificates require manual management.
77
78
-**Self-managed**: Certificate management is your responsibility. See [Security certificates and keys](security-certificates-keys.md).
0 commit comments