Elastic.co announcement : xpack security core becomes free, but .

Users Feedback
1

Hi Simone,

today elastic.co published the security core feature as free , starting from 6.8.
https://link.elastic.co/GyA0MR30mS0CM0pe0020ABu

by luck, I checked their comparison chart, and RoR still not affected by this : several element are still missing form their “free core”.

Elasticsearch

image
image1134×883 45.2 KB

Kibana

image
image765×489 19.9 KB

but they still have one advantage : TLS on transport

image
image774×266 22.1 KB

https://www.elastic.co/guide/en/elasticsearch/reference/current/configuring-tls.html

Well I have one question :
Do you plan to go to a RoR Transport security module, or will you let the elasticsearch xpack module to handle this point?

Regards,

frederic

2

Hi @ld57,

Yes, good that Elastic finally is rising the bar on free security.

ReadonlyREST will keep developing in parallel SSL and all the other features, because in ES and in Kibana, ROR and XPack security are not compatible: you either activate the one or the other.

To recap, what you get with ReadonlyREST Free edition that you don’t get with X-pack Free:

  • LDAP
  • Field level security
  • Document level security

What you get with ReadonlyREST Enterprise:

  • SAML
  • (soon OpenID Connect)
  • SLA support
  • Tweak/Augment Kibana UI with custom Javascript and CSS
  • Hide Kibana Apps for certain users/groups
3

You get all this for free and open source licensed with Amazon Open Distro for Elasticsearch https://opendistro.github.io/for-elasticsearch/ (including docker and kubernetes support and a lot more features like alerting)

4

@tom in my experience, the people I talked to have mixed feelings about Opendistro. On our side, since Opendistro launched, we did lose 3 old contracts to it, but we keep on growing nevertheless.

5

Bah, If i go with opendistro here, i will meet real issue, as most of our engineers are proSoft…
the stack here is full windows.

6

Another thing none of the competitors have is the custom CSS/JS injection. That is, the ability to tweak the Kibana look and feel without messing with the ephemeral “optimized” files or forking Kibana).

7

I prepared an updated table for anyone interested:

Elastic stack features VS ReadonlyREST
ROR Free ROR PRO ROR Enterprise
Elastic Stack - Basic (Free)
Encrypted communications :white_check_mark: :white_check_mark: :white_check_mark:
Role-based access control :white_check_mark: :white_check_mark: :white_check_mark:
File and native authentication :white_check_mark: :white_check_mark: :white_check_mark:
Kibana Spaces :white_check_mark: (multi-tenancy)
Kibana feature control :white_check_mark: :white_check_mark:
Elastic Stack - Gold ($$)
Audit logging :white_check_mark: :white_check_mark: :white_check_mark:
IP filtering :white_check_mark: :white_check_mark: :white_check_mark:
LDAP, PKI*, Active Directory authentication :white_check_mark: :white_check_mark: :white_check_mark:
Elasticsearch Token Service
Elastic Stack - Platinum ($$$)
Single sign-on (SAML, OpenID Connect, Kerberos*) :white_check_mark: (SAML, OIDC)
Attribute-based access control
Field- and document-level security :white_check_mark: :white_check_mark: :white_check_mark:
Custom authentication & authorization realms :white_check_mark: :white_check_mark: :white_check_mark:
FIPS 140-2 mode
ROR Exclusive Features
Kibana load custom CSS/JS files :white_check_mark:
JWT deep-linking for Kibana embedding :white_check_mark: :white_check_mark:
2 Likes
8

Hi Simone,

In the table, you mention Elastic Static - Basic (Free). But do you also support the OSS variant?

9

Great question @laurens!

All ReadonlyREST deliverables (for all the available versions of ES and Kibana) work identically on OSS and non-OSS editions of the Elastic Stack.