What’s new in Elastic Cloud for 7.9: AWS PrivateLink and FedRAMP
There’s a lot that’s new across our managed and self-managed cloud technology in the Elastic Stack 7.9 timeframe, which is nicely summarized in the 7.9 release blog. Onward to the cloud!
Elastic Cloud security and compliance
Network Security: AWS PrivateLink support and IP filtering
Network security is a critical component of Elastic Cloud’s security posture. We launched support for AWS PrivateLink, which securely connects a customer Virtual Private Cloud (VPC) to private AWS services endpoints, and to your Elastic Cloud deployments. We also launched support for IP filtering across all supported public cloud providers, enabling you to specify network access to your Elastic Cloud deployment based on IP addresses, address blocks, and ranges. This ensures restricted access to trusted connections, networks, organizations, and more. IP filters are deployable in combination with AWS PrivateLink endpoints for additional security on your Amazon Web Services deployment(s). To learn more, watch this seven-minute demonstration to learn about how PrivateLink integration works.
FedRAMP authorization
Elastic Cloud is generally available in the AWS GovCloud (US-East) environment, and is authorized for FedRAMP Moderate impact level. FedRAMP provides standardized security requirements for cloud products, services assessments, and monitoring used in federal agencies. It standardizes security requirements across federal agencies, allowing those agencies to choose authorized cloud solutions. Today, many government agencies are required by law to buy only FedRAMP-authorized solutions for handling information in the cloud. Non-federal organizations also appreciate the certification, because it makes it easier to decide where and how a solution can meet their security needs.
Elastic Cloud implemented more than 325 required security controls specified by the FedRAMP certification process. Some of the controls and technologies used by Elastic Cloud include encryption algorithms, upgraded VPN, Content Delivery Network (CDN), SSH, Proxy, Vulnerability Management and Identity solutions, as well as a robust logging environment. These improvements are now part of Elastic Cloud, included to help you protect your data.
Of course, achieving Moderate Impact level means Elastic can also accommodate data needing a Low Impact level. Moderate is the baseline from which we will pursue higher security certifications and FedRAMP compliance on other cloud providers like Azure and Google Cloud. Federal, state, and local governments — as well as higher education institutions and organizations storing government data — can sign up for a free 30-day trial today.
Sign up with your Google Account
We also added support for Google Accounts, so that you can sign up for Elastic Cloud using your existing Google Account credentials. By using your Google identity to access your Elastic Cloud account there is no need to maintain another set of credentials. It's just one less thing for you to manage.
Streamlined purchasing
New self-service monthly subscriptions
You can now purchase Gold and Platinum monthly subscriptions directly within the Elastic Cloud console. With just a few clicks, you’ll get access to the exclusive capabilities of the Elastic Stack, including our solutions for enterprise search, observability, and security as well as business-critical, SLA-backed technical support.
Monthly billing allows you to analyze and adjust your subscription usage without entering into a long-term commitment. This flexibility can be useful as you determine which subscription makes the most sense for your use case and how much of the service you need to consume. When your deployment size and feature requirements become clear, you can switch and commit to an annual subscription with deeper discounts.
Improving service performance
In-place configuration changes allow for faster and more reliable configuration updates. Their speed and reliability come from applying changes to the cluster (like settings, upgrades, and resizing) in place, which is followed by a rolling restart of its nodes. This avoids potentially long-running data migration operations inherent with the grow-and-shrink approach.
While there are still some changes that will always require the grow-and-shrink approach, we’re improving Elastic Cloud to use in-place configuration changes wherever possible. When you change your deployment’s configuration, Elastic Cloud will choose the right way to apply the changes, using either the grow-and-shrink approach or in-place configuration changes as appropriate.
Plus, Amazon EC2 M5d general purpose and R5d memory-optimized instances are now used in all supported AWS regions to improve performance.
These instance types offer improved disk performance via locally attached NVMe SSD. These drives offer higher throughput and lower latency when compared to Elastic Block Storage (EBS) General Purpose GP2 SSD volumes from the previous m5 and r4 instances. You can learn more about these new instances in our blog post.
Deploy anywhere
You can access Elastic Cloud in more regions. We recently added AWS Canada (Central), AWS EU (Paris), and AWS Asia Pacific (Seoul). But we aren’t just in the public cloud: Our self-managed options are designed to bring the cloud to you.
Elastic Cloud Enterprise 2.6
We are pleased to announce the general availability of Elastic Cloud Enterprise (ECE) 2.6. ECE lets you centrally orchestrate a fleet of Elasticsearch clusters using the same software that Elastic uses to run Elastic Cloud. The latest version includes support for Elastic Enterprise Search, allowing you to create Workplace Search or App Search deployments on ECE.
ECE 2.6 also marks the general availability of the Elastic Cloud Control (ecctl) command-line interface (CLI). The CLI provides a unified experience for both ECE and Elastic Cloud’s API in a single tool. This offers a convenient alternative to programming language SDKs when using shell scripting, CI-CD tools, or infrastructure as code tools like Terraform. In addition to viewing and listing deployment templates, the release adds functionality to create deployments with command-line switches versus supplying a JSON file to the command.
ECE 2.6 also inherits the in-place configuration changes introduced to Elastic Cloud in the same way just described, for faster and more reliable configuration updates.
Elastic Cloud on Kubernetes 1.2
We are also pleased to announce the general availability of Elastic Cloud on Kubernetes (ECK) 1.2. You can now use the Elastic Enterprise Search Custom Resource Definition (CRD), which makes launching an instance of App Search or Workplace Search simple.
The new 1.2 version also lets you take advantage of the new Beats Custom Resource Definition (CRD) to deploy and manage data shippers such as Filebeat, Metricbeat, Auditbeat, and others using ECK.
Getting started
Log in to the Elastic Cloud console to get started. If you’re new to Elastic Cloud, it’s easy to sign up for a free 14-day trial with your Google Account and try it out. If you are self-managing, download ECE or ECK to get started on-premises or on your favorite IaaS provider.