|
| 1 | +[[elastic-cloud-architecture]] |
| 2 | +== Elastic Cloud Hot-Frozen Architecture for Time Series Data |
| 3 | +++++ |
| 4 | +<titleabbrev>Architecture: Elastic Cloud hot-frozen</titleabbrev> |
| 5 | +++++ |
| 6 | + |
| 7 | +The Hot-Frozen Elasticsearch cluster architecture is cost optimized for large time-series datasets while keeping all of the data **fully searchable**. There is no need to "re-hydrate" archived data. In this architecture, the hot tier is primarily used for indexing and immediate searching (1-3 days) with a majority of the search being handled by the frozen tier. Since the data is moved to searchable snapshots in an object store, the cost of keeping all of the data searchable is dramatically reduced. |
| 8 | + |
| 9 | +TIP: This architecture includes all the essential components of the Elastic Stack. It's designed to ensure your deployment has a stable foundation, based on expert recommendations, but is not intended for sizing workloads. |
| 10 | + |
| 11 | +The most important foundational step to any architecture is designing your deployment to be responsive to production workloads. For more information on planning for production, see https://www.elastic.co/guide/en/elasticsearch/reference/current/scalability.html[Get ready for production]. |
| 12 | + |
| 13 | +[discrete] |
| 14 | +[[cloud-hot-use-case]] |
| 15 | +=== Use case |
| 16 | + |
| 17 | +This architecture is intended for organizations that need to do the following: |
| 18 | + |
| 19 | +* Monitor the performance and health of their applications in real time, including the creation and tracking of SLOs (Service Level Objectives). |
| 20 | +* Provide insights and alerts to ensure optimal performance and quick issue resolution for applications. |
| 21 | +* Apply machine learning and artificial intelligence to assist engineers and application teams in dealing with terabytes of new data per day. |
| 22 | + |
| 23 | + |
| 24 | +[discrete] |
| 25 | +[[cloud-hot-frozen-architecture]] |
| 26 | +=== Architecture |
| 27 | + |
| 28 | +image::images/elastic-cloud-architecture.png["An Elastic Cloud Architecture"] |
| 29 | + |
| 30 | +[discrete] |
| 31 | +[[cloud-hot-frozen-configuration]] |
| 32 | +=== Example configuration |
| 33 | + |
| 34 | +The following is a sample configuration with the following specifications: |
| 35 | + |
| 36 | +* An ingest rate of 1TB/day |
| 37 | +* 1 day in the hot tier |
| 38 | +* 89 days in the frozen tier |
| 39 | +* A total of 90 days of searchable data |
| 40 | + |
| 41 | +[discrete] |
| 42 | +[[cloud-hot-frozen-aws]] |
| 43 | +==== AWS |
| 44 | + |
| 45 | +* Hot tier: 120G RAM (2 60G RAM node x 3 pods x 2 availability zones) |
| 46 | +* Frozen tier: 120G RAM (1 60G RAM node x 3 pods x 2 availability zones) |
| 47 | +* Machine learning: 128G RAM (1 64G node x 3 pods x 2 availability zones) |
| 48 | +* Master nodes: 24G RAM (8G node x 3 pods x 2 availability zones) |
| 49 | +* Kibana: 16G RAM (16G node x 3 pods x 2 availability zones) |
| 50 | + |
| 51 | +[discrete] |
| 52 | +[[cloud-hot-frozen-azure]] |
| 53 | +==== Azure |
| 54 | + |
| 55 | +* Hot tier: 120G RAM (2 60G RAM node x 3 pods x 2 availability zones) |
| 56 | +* Frozen tier: 120G RAM (1 60G RAM node x 3 pods x 2 availability zones) |
| 57 | +* Machine learning: 128G RAM (1 64G node x 3 pods x 2 availability zones) |
| 58 | +* Master nodes: 24G RAM (8G node x 3 pods x 2 availability zones) |
| 59 | +* Kibana: 16G RAM (16G node x 3 pods x 2 availability zones) |
| 60 | + |
| 61 | +[discrete] |
| 62 | +[[cloud-hot-frozen-gcp]] |
| 63 | +==== GCP |
| 64 | + |
| 65 | +* Hot tier: 120G RAM (2 60G RAM node x 3 pods x 2 availability zones) |
| 66 | +* Frozen tier: 120G RAM (1 60G RAM node x 3 pods x 2 availability zones) |
| 67 | +* Machine learning: 128G RAM (1 64G node x 3 pods x 2 availability zones) |
| 68 | +* Master nodes: 24G RAM (8G node x 3 pods x 2 availability zones) |
| 69 | +* Kibana: 16G RAM (16G node x 3 pods x 2 availability zones) |
| 70 | + |
| 71 | +[discrete] |
| 72 | +[[cloud-hot-frozen-recommended-instance-types]] |
| 73 | +==== Recommended instance types per cloud provider |
| 74 | + |
| 75 | +The following table details our recommended node types for this architecture, based on the hardware configurations described previously. |
| 76 | + |
| 77 | +For more details on these instance types, see our documentation on Elastic Cloud hardware for https://www.elastic.co/guide/en/cloud/current/ec-default-aws-configurations.html[AWS], https://www.elastic.co/guide/en/cloud/current/ec-default-azure-configurations.html[Azure], and https://www.elastic.co/guide/en/cloud/current/ec-default-gcp-configurations.html[GCP]. |
| 78 | + |
| 79 | +[cols="10, 30, 30, 30"] |
| 80 | +|=== |
| 81 | +| *Type* | *AWS Instance/Type* | *Azure Instance/Type* | *GCP Instance/Type* |
| 82 | +|image:images/hot.png["An Elastic Cloud Architecture"] | aws.es.datahot.c6gd |
| 83 | +c6gd |azure.es.datahot.fsv2 |
| 84 | +f32sv2|gcp.es.datahot.n2.68x32x45 |
| 85 | + |
| 86 | + |
| 87 | +N2 |
| 88 | +|image:images/frozen.png["An Elastic Cloud Architecture"] |
| 89 | +| aws.es.datafrozen.i3en |
| 90 | + |
| 91 | + |
| 92 | +i3en |
| 93 | +| |
| 94 | +azure.es.datafrozen.edsv4 |
| 95 | + |
| 96 | + |
| 97 | +e8dsv4 |
| 98 | +| |
| 99 | +gcp.es.datafrozen.n2.68x10x95 |
| 100 | + |
| 101 | + |
| 102 | +N2 |
| 103 | +|image:images/machine-learning.png["An Elastic Cloud Architecture"] |
| 104 | +| aws.es.ml.m6gd |
| 105 | + |
| 106 | + |
| 107 | +m6gd |
| 108 | +| |
| 109 | +azure.es.ml.fsv2 |
| 110 | + |
| 111 | + |
| 112 | +f32sv2 |
| 113 | +| |
| 114 | +gcp.es.ml.n2.68x32x45 |
| 115 | + |
| 116 | + |
| 117 | +N2 |
| 118 | +|image:images/master.png["An Elastic Cloud Architecture"] |
| 119 | +| aws.es.master.c6gd |
| 120 | + |
| 121 | + |
| 122 | +c6gd |
| 123 | +| |
| 124 | +azure.es.master.fsv2 |
| 125 | + |
| 126 | + |
| 127 | +f32sv2 |
| 128 | +| |
| 129 | +gcp.es.master.n2.68x32x45 |
| 130 | + |
| 131 | + |
| 132 | +N2 |
| 133 | +|image:images/kibana.png["An Elastic Cloud Architecture"] |
| 134 | +| aws.kibana.c6gd |
| 135 | + |
| 136 | + |
| 137 | +c6gd |
| 138 | +| |
| 139 | +azure.kibana.fsv2 |
| 140 | + |
| 141 | + |
| 142 | +f32sv2 |
| 143 | +| |
| 144 | +gcp.kibana.n2.68x32x45 |
| 145 | + |
| 146 | + |
| 147 | +N2| |
| 148 | +|=== |
| 149 | + |
| 150 | +[discrete] |
| 151 | +[[cloud-hot-frozen-considerations]] |
| 152 | +=== Important considerations |
| 153 | + |
| 154 | +The following are important considerations for this architecture: |
| 155 | + |
| 156 | +* Frozen tiers are read-only. Once data rolls over to the frozen tier, documents can no longer be updated. If you need to update documents for some part of the data lifecycle, you will need either: |
| 157 | +** A larger https://www.elastic.co/guide/en/elasticsearch/reference/current/data-tiers.html#hot-tier[hot tier], or |
| 158 | + |
| 159 | +** A https://www.elastic.co/guide/en/elasticsearch/reference/current/data-tiers.html#warm-tier[warm tier] to cover the time period needed for document updates. |
| 160 | + |
| 161 | +* This architecture uses a Hot/Frozen architecture. If you require https://www.elastic.co/guide/en/security/current/about-rules.html[detection rule lookback] or complex dashboards you may need to leverage a https://www.elastic.co/guide/en/elasticsearch/reference/current/data-tiers.html#cold-tier[cold tier]. |
| 162 | + |
| 163 | +[discrete] |
| 164 | +[[cloud-architecture-limitations]] |
| 165 | +=== Limitations of this architecture |
| 166 | +* This architecture is not intended for Disaster Recovery, because it is deployed across Availability Zones in a single cloud region. To make this architecture disaster proof, add a second deployment in another cloud region. Learn more at, https://www.elastic.co/guide/en/elasticsearch/reference/current/xpack-ccr.html#ccr-disaster-recovery[disaster recovery]. |
| 167 | + |
| 168 | +[discrete] |
| 169 | +[[cloud-hot-frozen-resources]] |
| 170 | +=== Resources and references |
0 commit comments