CSS integrates shared load balancers and allows you to bind public network access and enable the VPC Endpoint service. Dedicated load balancers provide more functions and higher performance than shared load balancers. This section describes how to connect a cluster to a dedicated load balancer.
- A non-security cluster can also use capabilities of the Elastic Load Balance (ELB) service.
- You can use customized certificates for HTTPS bidirectional authentication.
- Seven-layer traffic monitoring and alarm configuration are supported, allowing you to view the cluster status at any time.
There are eight service forms for clusters in different security modes to connect to dedicated load balancers. Table 1 describes the ELB capabilities for the eight service forms. Table 2 describes the configurations for the eight service forms.
You are not advised connecting a load balancer that has been bound to a public IP address to a non-security cluster. Access from the public network using such a load balancer may bring security risks because non-security clusters can be accessed over HTTP without security authentication.
Security Mode |
Service Form Provided by ELB for External Systems |
ELB Load Balancing |
ELB Traffic Monitoring |
ELB Two-way Authentication |
|---|---|---|---|---|
Non-security |
No authentication |
Supported |
Supported |
Not supported |
One-way authentication Two-way authentication |
Supported |
Supported |
Supported |
|
Security mode + HTTP |
Password authentication |
Supported |
Supported |
Not supported |
One-way authentication + Password authentication Two-way authentication + Password authentication |
Supported |
Supported |
Supported |
|
Security mode + HTTPS |
One-way authentication + Password authentication Two-way authentication + Password authentication |
Supported |
Supported |
Supported |
Security Mode |
Service Form Provided by ELB for External Systems |
ELB Listener |
Backend Server Group |
||||
Frontend Protocol |
Port |
SSL Parsing Mode |
Backend Protocol |
Health Check Port |
Health Check Path |
||
Non-security |
No authentication |
HTTP |
9200 |
No authentication |
HTTP |
9200 |
/ |
One-way authentication |
HTTPS |
9200 |
One-way authentication |
HTTP |
9200 |
||
Two-way authentication |
HTTPS |
9200 |
Two-way authentication |
HTTP |
9200 |
||
Security mode + HTTP |
Password authentication |
HTTP |
9200 |
No authentication |
HTTP |
9200 |
/_opendistro/_security/health |
One-way authentication + Password authentication |
HTTPS |
9200 |
One-way authentication |
HTTP |
9200 |
||
Two-way authentication + Password authentication |
HTTPS |
9200 |
Two-way authentication |
HTTP |
9200 |
||
Security mode + HTTPS |
One-way authentication + Password authentication |
HTTPS |
9200 |
One-way authentication |
HTTPS |
9200 |
|
Two-way authentication + Password authentication |
HTTPS |
9200 |
Two-way authentication |
HTTPS |
9200 |
||