Customers often ask us how do we ensure that their SolrCloud deployments have the security best practices applied on them. What levels of security does SearchStax provides, at transport level, at rest, etc. This post tries to capture how your SolrCloud clusters are highly secure through our Service and what options are available for you to tighten things up.
SSL/TLS for your SolrCloud Clusters (HTTPS)
All SearchStax SolrCloud deployments support HTTPS by default, whether that’s a single node SolrCloud deployment or a multi-node deployment. The provides transport level encryption of all traffic going over the network using the latest TLS encryption algorithms.
With SearchStax, you can restrict access to your SolrCloud deployments by which hosts have access to your deployments. One of the best practices around securing servers is to ensure communications from trusted sources have access to your services.
SearchStax provides granularity around specifying IP addresses or CIDR (IP address range) that have access to the Solr deployments. In addition, you can specify which IP address have access to Solr vs which IP addresses have access to Zookeeper ensemble.
Bring your own AWS Security Groups
Certain companies utilizing AWS have approved security groups that they’d want to apply to their deployments. Our premium customers have the ability to bring their own AWS security groups to their deployments, which ensures compliance requirements and tighter control is offered on their SolrCloud deployments..
Solr v5.x and above support Basic Authentication and Authorization for your SolrCloud deployments. SearchStax supports both Basic Authentication and Authorization for your Solr deployments for all our customers. SearchStax even takes that one step further by providing users with the ability to create users and assign basic roles via web dashboard.
SearchStax Dashboard to set Basic Authentication for SolrCloud
This ensures Solr Admin interface, read, write APIs are all secured via a username/password so you can decide which users within your team have access to what level of functionality.
Encryption at Rest
SearchStax supports a couple of ways to secure Solr indexes on disk. It provides disk encryption, so the data is always encrypted using keys when it’s stored on the filesystem. The enables anyone with access to the disks not been able to look at what’s stored in the indexes.
SearchStax has also integrated with Hitachi Credeon, that provides Searchable encryption technology to ensure the search index is secure. In this case, the keys are managed by our customers and even our support team don’t have access to your Solr data.
Both the options provide the team here to ensure the requirements around HIPPA and Safe Harbor are met, but more importantly provide a peace of mind for our customers that their data is highly secured.
If you’d like to learn more about any of the above or want to discuss with one of our search experts how we further protect your clusters from a security perspective, feel free to reach out to us at firstname.lastname@example.org