yexinru/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
Files
93d856d5c56dc6a5b27380fe001d75f16fabcfb6
doc-exports/docs/css/umn/css_01_0092.html
zhengxiu 93d856d5c5 css umn 25.6.0 version 
Reviewed-by: Pruthi, Vineet <vineet.pruthi@t-systems.com>
Co-authored-by: zhengxiu <zhengxiu@huawei.com>
Co-committed-by: zhengxiu <zhengxiu@huawei.com>
2025-11-25 11:34:43 +00:00

138 lines
20 KiB
HTML
Raw Blame History

<a name="EN-US_TOPIC_0000002353138321"></a><a name="EN-US_TOPIC_0000002353138321"></a>
<h1 class="topictitle1">Planning the Cluster Version and Security Mode</h1>
<div id="body0000002353138321"><p id="EN-US_TOPIC_0000002353138321__p1977120916591">This topic introduces different OpenSearch cluster versions, including features supported by each version and its application scenarios. It also describes the characteristics and application scenarios of different cluster security modes (including different application-layer protocols).</p>
<div class="section" id="EN-US_TOPIC_0000002353138321__section5809152013345"><h4 class="sectiontitle">Introduction to Different Cluster Versions</h4><p id="EN-US_TOPIC_0000002353138321__p737448103516">When selecting an OpenSearch cluster version, consider factors such as service requirements, available features, performance, security updates, and long-term support, ensuring that the selected version can meet both current and future needs and provide a stable, secure environment for your data.</p>
<ul id="EN-US_TOPIC_0000002353138321__ul144321744132212"><li id="EN-US_TOPIC_0000002353138321__li1143284432217">If you are deploying CSS OpenSearch clusters for the first time, you are advised to use the latest version.</li><li id="EN-US_TOPIC_0000002353138321__li20432244112212">If you are migrating an in-house built or third-party OpenSearch cluster to CSS without altering the cluster, keep the version of the source cluster.</li><li id="EN-US_TOPIC_0000002353138321__li6432134482219">If you are migrating an in-house built or third-party OpenSearch cluster to CSS while recoding it, choose OpenSearch 2.19.0.</li></ul>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="EN-US_TOPIC_0000002353138321__table25351046105517" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Features supported by different versions</caption><thead align="left"><tr id="EN-US_TOPIC_0000002353138321__row1753644610558"><th align="left" class="cellrowborder" valign="top" width="18.091809180918094%" id="mcps1.3.2.4.2.6.1.1"><p id="EN-US_TOPIC_0000002353138321__p1853618461554">Feature</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="16.581658165816584%" id="mcps1.3.2.4.2.6.1.2"><p id="EN-US_TOPIC_0000002353138321__p491331274612">OpenSearch 1.3.6</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="16.581658165816584%" id="mcps1.3.2.4.2.6.1.3"><p id="EN-US_TOPIC_0000002353138321__p1191311126461">OpenSearch 2.17.1</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="16.581658165816584%" id="mcps1.3.2.4.2.6.1.4"><p id="EN-US_TOPIC_0000002353138321__p12421181613917">OpenSearch 2.19.0</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="32.16321632163216%" id="mcps1.3.2.4.2.6.1.5"><p id="EN-US_TOPIC_0000002353138321__p153684614555">Related Documents</p>
</th>
</tr>
</thead>
<tbody><tr id="EN-US_TOPIC_0000002353138321__row431716492010"><td class="cellrowborder" valign="top" width="18.091809180918094%" headers="mcps1.3.2.4.2.6.1.1 "><p id="EN-US_TOPIC_0000002353138321__p331716491702">Open-source vector search</p>
</td>
<td class="cellrowborder" valign="top" width="16.581658165816584%" headers="mcps1.3.2.4.2.6.1.2 "><p id="EN-US_TOPIC_0000002353138321__p156689211216"></p>
</td>
<td class="cellrowborder" valign="top" width="16.581658165816584%" headers="mcps1.3.2.4.2.6.1.3 "><p id="EN-US_TOPIC_0000002353138321__p13668102625"></p>
</td>
<td class="cellrowborder" valign="top" width="16.581658165816584%" headers="mcps1.3.2.4.2.6.1.4 "><p id="EN-US_TOPIC_0000002353138321__p1042119161799"></p>
</td>
<td class="cellrowborder" valign="top" width="32.16321632163216%" headers="mcps1.3.2.4.2.6.1.5 "><p id="EN-US_TOPIC_0000002353138321__p1531810491608"><a href="https://docs.opensearch.org/docs/latest/query-dsl/specialized/k-nn/index/" target="_blank" rel="noopener noreferrer">k-NN query</a></p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000002353138321__row18536746175519"><td class="cellrowborder" valign="top" width="18.091809180918094%" headers="mcps1.3.2.4.2.6.1.1 "><p id="EN-US_TOPIC_0000002353138321__p353674615553">CSS vector search</p>
</td>
<td class="cellrowborder" valign="top" width="16.581658165816584%" headers="mcps1.3.2.4.2.6.1.2 "><p id="EN-US_TOPIC_0000002353138321__p1481122725615"></p>
</td>
<td class="cellrowborder" valign="top" width="16.581658165816584%" headers="mcps1.3.2.4.2.6.1.3 "><p id="EN-US_TOPIC_0000002353138321__p4825276564">x</p>
</td>
<td class="cellrowborder" valign="top" width="16.581658165816584%" headers="mcps1.3.2.4.2.6.1.4 "><p id="EN-US_TOPIC_0000002353138321__p1242116161919"></p>
</td>
<td class="cellrowborder" valign="top" width="32.16321632163216%" headers="mcps1.3.2.4.2.6.1.5 "><p id="EN-US_TOPIC_0000002353138321__p68210276561"><a href="css_01_0101.html">Configuring Vector Search for OpenSearch Clusters</a></p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000002353138321__row145361046115514"><td class="cellrowborder" valign="top" width="18.091809180918094%" headers="mcps1.3.2.4.2.6.1.1 "><p id="EN-US_TOPIC_0000002353138321__p1353613460553">Decoupled storage and compute</p>
</td>
<td class="cellrowborder" valign="top" width="16.581658165816584%" headers="mcps1.3.2.4.2.6.1.2 "><p id="EN-US_TOPIC_0000002353138321__p1374536135610"></p>
</td>
<td class="cellrowborder" valign="top" width="16.581658165816584%" headers="mcps1.3.2.4.2.6.1.3 "><p id="EN-US_TOPIC_0000002353138321__p474143675620">x</p>
</td>
<td class="cellrowborder" valign="top" width="16.581658165816584%" headers="mcps1.3.2.4.2.6.1.4 "><p id="EN-US_TOPIC_0000002353138321__p114210169915"></p>
</td>
<td class="cellrowborder" valign="top" width="32.16321632163216%" headers="mcps1.3.2.4.2.6.1.5 "><p id="EN-US_TOPIC_0000002353138321__p197413369560"><a href="css_01_0180.html">Configuring Decoupled Storage and Compute for an OpenSearch Cluster</a></p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000002353138321__row1838312223614"><td class="cellrowborder" valign="top" width="18.091809180918094%" headers="mcps1.3.2.4.2.6.1.1 "><p id="EN-US_TOPIC_0000002353138321__p138482211617">Switching between hot and cold storage</p>
</td>
<td class="cellrowborder" valign="top" width="16.581658165816584%" headers="mcps1.3.2.4.2.6.1.2 "><p id="EN-US_TOPIC_0000002353138321__p267655865616"></p>
</td>
<td class="cellrowborder" valign="top" width="16.581658165816584%" headers="mcps1.3.2.4.2.6.1.3 "><p id="EN-US_TOPIC_0000002353138321__p136761581561"></p>
</td>
<td class="cellrowborder" valign="top" width="16.581658165816584%" headers="mcps1.3.2.4.2.6.1.4 "><p id="EN-US_TOPIC_0000002353138321__p24223163915"></p>
</td>
<td class="cellrowborder" valign="top" width="32.16321632163216%" headers="mcps1.3.2.4.2.6.1.5 "><p id="EN-US_TOPIC_0000002353138321__p1967618587565"><a href="css_01_0200.html">Switching Between Hot and Cold Storage for an OpenSearch Cluster</a></p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000002353138321__row153821359152914"><td class="cellrowborder" valign="top" width="18.091809180918094%" headers="mcps1.3.2.4.2.6.1.1 "><p id="EN-US_TOPIC_0000002353138321__p15382559182910">Enhanced data ingestion performance</p>
</td>
<td class="cellrowborder" valign="top" width="16.581658165816584%" headers="mcps1.3.2.4.2.6.1.2 "><p id="EN-US_TOPIC_0000002353138321__p15401467571"></p>
</td>
<td class="cellrowborder" valign="top" width="16.581658165816584%" headers="mcps1.3.2.4.2.6.1.3 "><p id="EN-US_TOPIC_0000002353138321__p34086175714">x</p>
</td>
<td class="cellrowborder" valign="top" width="16.581658165816584%" headers="mcps1.3.2.4.2.6.1.4 "><p id="EN-US_TOPIC_0000002353138321__p1442217162910"></p>
</td>
<td class="cellrowborder" valign="top" width="32.16321632163216%" headers="mcps1.3.2.4.2.6.1.5 "><p id="EN-US_TOPIC_0000002353138321__p204046195710"><a href="css_01_0090.html">Enhancing the Data Ingestion Performance of OpenSearch Clusters</a></p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="section" id="EN-US_TOPIC_0000002353138321__section1997018319358"><h4 class="sectiontitle">Cluster Security Modes</h4><div class="p" id="EN-US_TOPIC_0000002353138321__p883172115487">Configure the security mode based on the security needs of your cluster.<div class="caution" id="EN-US_TOPIC_0000002353138321__en-us_topic_0000002322259906_note794713619218"><span class="cautiontitle"><img src="public_sys-resources/caution_3.0-en-us.png"> </span><div class="cautionbody"><p id="EN-US_TOPIC_0000002353138321__en-us_topic_0000002322259906_p8274433284">HTTPS access can be disabled only for OpenSearch 1.3.6 and 2.19.0 security-mode clusters. For other versions, HTTPS access is forcibly enabled and cannot be disabled.</p>
</div></div>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="EN-US_TOPIC_0000002353138321__en-us_topic_0000002322259906_en-us_topic_0000002287417308_en-us_topic_0000001410060261_table198661437165914" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Cluster security modes</caption><thead align="left"><tr id="EN-US_TOPIC_0000002353138321__en-us_topic_0000002322259906_en-us_topic_0000002287417308_en-us_topic_0000001973113041_en-us_topic_0000001938218212_row1882494514112"><th align="left" class="cellrowborder" valign="top" width="10%" id="mcps1.3.3.2.2.2.5.1.1"><p id="EN-US_TOPIC_0000002353138321__en-us_topic_0000002322259906_en-us_topic_0000002287417308_en-us_topic_0000001973113041_en-us_topic_0000001938218212_p0824145101119">Cluster Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.3.2.2.2.5.1.2"><p id="EN-US_TOPIC_0000002353138321__en-us_topic_0000002322259906_en-us_topic_0000002287417308_p10508852201018">Key Settings</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="35%" id="mcps1.3.3.2.2.2.5.1.3"><p id="EN-US_TOPIC_0000002353138321__en-us_topic_0000002322259906_en-us_topic_0000002287417308_en-us_topic_0000001973113041_en-us_topic_0000001938218212_p3824545161116">Description</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="35%" id="mcps1.3.3.2.2.2.5.1.4"><p id="EN-US_TOPIC_0000002353138321__en-us_topic_0000002322259906_en-us_topic_0000002287417308_en-us_topic_0000001973113041_en-us_topic_0000001938218212_p19824184571117">Applicable Scenario</p>
</th>
</tr>
</thead>
<tbody><tr id="EN-US_TOPIC_0000002353138321__en-us_topic_0000002322259906_en-us_topic_0000002287417308_en-us_topic_0000001973113041_en-us_topic_0000001938218212_row382415456118"><td class="cellrowborder" valign="top" width="10%" headers="mcps1.3.3.2.2.2.5.1.1 "><p id="EN-US_TOPIC_0000002353138321__en-us_topic_0000002322259906_en-us_topic_0000002287417308_en-us_topic_0000001973113041_p154179414203">Non-security mode cluster</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.2.2.2.5.1.2 "><p id="EN-US_TOPIC_0000002353138321__en-us_topic_0000002322259906_en-us_topic_0000002287417308_p942612473568"><span class="parmname" id="EN-US_TOPIC_0000002353138321__en-us_topic_0000002322259906_en-us_topic_0000002287417308_parmname6214191113579"><b>Security Mode</b></span>: disabled</p>
</td>
<td class="cellrowborder" valign="top" width="35%" headers="mcps1.3.3.2.2.2.5.1.3 "><p id="EN-US_TOPIC_0000002353138321__en-us_topic_0000002322259906_en-us_topic_0000002287417308_en-us_topic_0000001973113041_en-us_topic_0000001938218212_p12824114561119">Access to such a cluster requires no user authentication, and data will be transmitted in plaintext using HTTP.</p>
</td>
<td class="cellrowborder" valign="top" width="35%" headers="mcps1.3.3.2.2.2.5.1.4 "><p id="EN-US_TOPIC_0000002353138321__en-us_topic_0000002322259906_en-us_topic_0000002287417308_p2083415404719">Use when creating a cluster for internal testing or workloads that have a low security standard.</p>
<ul id="EN-US_TOPIC_0000002353138321__en-us_topic_0000002322259906_en-us_topic_0000002287417308_en-us_topic_0000001973113041_en-us_topic_0000001938218212_ul87801447174218"><li id="EN-US_TOPIC_0000002353138321__en-us_topic_0000002322259906_en-us_topic_0000002287417308_en-us_topic_0000001973113041_en-us_topic_0000001938218212_li978074716423">Advantage: easy to access the cluster.</li><li id="EN-US_TOPIC_0000002353138321__en-us_topic_0000002322259906_en-us_topic_0000002287417308_en-us_topic_0000001973113041_en-us_topic_0000001938218212_li1878011473427">Disadvantage: poor security, as anyone can access the cluster. When the security mode is disabled, public network access and Kibana public network access cannot be enabled.</li></ul>
<p id="EN-US_TOPIC_0000002353138321__en-us_topic_0000002322259906_en-us_topic_0000002287417308_p270504914715">Make sure the cluster is deployed in a secure environment. Do not expose the cluster's network interface to the public network.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000002353138321__en-us_topic_0000002322259906_en-us_topic_0000002287417308_en-us_topic_0000001973113041_en-us_topic_0000001938218212_row1382494518113"><td class="cellrowborder" rowspan="2" valign="top" width="10%" headers="mcps1.3.3.2.2.2.5.1.1 "><p id="EN-US_TOPIC_0000002353138321__en-us_topic_0000002322259906_en-us_topic_0000002287417308_en-us_topic_0000001973113041_p136722051122012">Security-mode cluster</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.3.2.2.2.5.1.2 "><p id="EN-US_TOPIC_0000002353138321__en-us_topic_0000002322259906_en-us_topic_0000002287417308_en-us_topic_0000001973113041_en-us_topic_0000001938218212_p1482494513117">Security-mode cluster + HTTP:</p>
<ul id="EN-US_TOPIC_0000002353138321__en-us_topic_0000002322259906_en-us_topic_0000002287417308_ul1487604825720"><li id="EN-US_TOPIC_0000002353138321__en-us_topic_0000002322259906_en-us_topic_0000002287417308_li187664814571"><span class="parmname" id="EN-US_TOPIC_0000002353138321__en-us_topic_0000002322259906_en-us_topic_0000002287417308_parmname14706172613573"><b>Security Mode</b></span>: enabled</li><li id="EN-US_TOPIC_0000002353138321__en-us_topic_0000002322259906_en-us_topic_0000002287417308_li187654895714"><span class="parmname" id="EN-US_TOPIC_0000002353138321__en-us_topic_0000002322259906_en-us_topic_0000002287417308_parmname17212164685716"><b>HTTPS Access</b></span>: disabled</li></ul>
</td>
<td class="cellrowborder" valign="top" width="35%" headers="mcps1.3.3.2.2.2.5.1.3 "><p id="EN-US_TOPIC_0000002353138321__en-us_topic_0000002322259906_en-us_topic_0000002287417308_en-us_topic_0000001973113041_en-us_topic_0000001938218212_p1282404517113">Such a cluster requires user authentication. It supports access control and data encryption, and it uses HTTP to transmit data in plaintext.</p>
</td>
<td class="cellrowborder" valign="top" width="35%" headers="mcps1.3.3.2.2.2.5.1.4 "><p id="EN-US_TOPIC_0000002353138321__en-us_topic_0000002322259906_en-us_topic_0000002287417308_p546915126488">Use to balance security and performance.</p>
<ul id="EN-US_TOPIC_0000002353138321__en-us_topic_0000002322259906_en-us_topic_0000002287417308_en-us_topic_0000001973113041_en-us_topic_0000001938218212_ul149328416439"><li id="EN-US_TOPIC_0000002353138321__en-us_topic_0000002322259906_en-us_topic_0000002287417308_en-us_topic_0000001973113041_en-us_topic_0000001938218212_li993294134314">Advantage: User authentication improves cluster security. HTTP-based access ensures high performance of the cluster. User permissions can be configured to ensure proper isolation.</li><li id="EN-US_TOPIC_0000002353138321__en-us_topic_0000002322259906_en-us_topic_0000002287417308_en-us_topic_0000001973113041_en-us_topic_0000001938218212_li109325434320">Disadvantage: Public network access is not supported.</li></ul>
<p id="EN-US_TOPIC_0000002353138321__en-us_topic_0000002322259906_en-us_topic_0000002287417308_p1228104918483">Make sure the cluster is deployed in a secure environment. Do not expose the cluster's network interface to the public network.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000002353138321__en-us_topic_0000002322259906_en-us_topic_0000002287417308_en-us_topic_0000001973113041_en-us_topic_0000001938218212_row182416454111"><td class="cellrowborder" valign="top" headers="mcps1.3.3.2.2.2.5.1.1 "><p id="EN-US_TOPIC_0000002353138321__en-us_topic_0000002322259906_en-us_topic_0000002287417308_en-us_topic_0000001973113041_en-us_topic_0000001938218212_p3824445111118">Security-mode cluster + HTTPS:</p>
<ul id="EN-US_TOPIC_0000002353138321__en-us_topic_0000002322259906_en-us_topic_0000002287417308_ul19715045814"><li id="EN-US_TOPIC_0000002353138321__en-us_topic_0000002322259906_en-us_topic_0000002287417308_li19718015816"><span class="parmname" id="EN-US_TOPIC_0000002353138321__en-us_topic_0000002322259906_en-us_topic_0000002287417308_parmname177112014589"><b>Security Mode</b></span>: enabled</li><li id="EN-US_TOPIC_0000002353138321__en-us_topic_0000002322259906_en-us_topic_0000002287417308_li27130185818"><strong id="EN-US_TOPIC_0000002353138321__en-us_topic_0000002322259906_b84737176915">HTTPS Access</strong>: enabled</li></ul>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.3.2.2.2.5.1.2 "><p id="EN-US_TOPIC_0000002353138321__en-us_topic_0000002322259906_en-us_topic_0000002287417308_en-us_topic_0000001973113041_en-us_topic_0000001938218212_p1375182731616">Such a cluster requires user authentication. It supports access control and data encryption, and it uses HTTPS to encrypt communication and enhance data security.</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.3.2.2.2.5.1.3 "><p id="EN-US_TOPIC_0000002353138321__en-us_topic_0000002322259906_en-us_topic_0000002287417308_p15344951195119">Use when security takes precedence over performance and public network access is required.</p>
<ul id="EN-US_TOPIC_0000002353138321__en-us_topic_0000002322259906_en-us_topic_0000002287417308_en-us_topic_0000001973113041_en-us_topic_0000001938218212_ul1151712715437"><li id="EN-US_TOPIC_0000002353138321__en-us_topic_0000002322259906_en-us_topic_0000002287417308_en-us_topic_0000001973113041_en-us_topic_0000001938218212_li19517167144318">Advantage: User authentication improves cluster security. HTTPS enhances cluster security by encrypting all communication over the public network. User permissions can be configured to ensure proper isolation.</li><li id="EN-US_TOPIC_0000002353138321__en-us_topic_0000002322259906_en-us_topic_0000002287417308_en-us_topic_0000001973113041_en-us_topic_0000001938218212_li551713774316">Disadvantage: When HTTPS is used, data encryption and decryption introduce computational overhead and impact the cluster's read and write performance.</li></ul>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="p" id="EN-US_TOPIC_0000002353138321__en-us_topic_0000001478234873_p16118653165913">To access a security-mode cluster, a username and password need to be provided. CSS supports authentication for the following two types of users:<ul id="EN-US_TOPIC_0000002353138321__en-us_topic_0000002347885305_en-us_topic_0000001478234873_ul15961822191016"><li id="EN-US_TOPIC_0000002353138321__en-us_topic_0000002347885305_en-us_topic_0000001478234873_li496622131020">Administrator: The default administrator username is <strong id="EN-US_TOPIC_0000002353138321__en-us_topic_0000002347885305_en-us_topic_0000001478234873_b1882413620149">admin</strong>, and the password is the one specified during cluster creation.</li><li id="EN-US_TOPIC_0000002353138321__en-us_topic_0000002347885305_en-us_topic_0000001478234873_li111651241101219">Cluster user: created by the cluster administrator on OpenSearch Dashboards. User permissions can be configured to ensure proper isolation. For details, see <a href="css_01_0329.html">Creating Users for an OpenSearch Cluster and Granting Cluster Access</a>.</li></ul>
</div>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="css_01_0028.html">OpenSearch Cluster Planning Suggestions</a></div>
</div>
</div>
View Git Blame Copy Permalink