diff --git a/deploy-manage/images/cloud-ce-copy-remote-cluster-parameters.png b/deploy-manage/images/cloud-ce-copy-remote-cluster-parameters.png deleted file mode 100644 index 325cf3750..000000000 Binary files a/deploy-manage/images/cloud-ce-copy-remote-cluster-parameters.png and /dev/null differ diff --git a/deploy-manage/remote-clusters/ec-remote-cluster-ece.md b/deploy-manage/remote-clusters/ec-remote-cluster-ece.md index 0a8e98187..3b8430349 100644 --- a/deploy-manage/remote-clusters/ec-remote-cluster-ece.md +++ b/deploy-manage/remote-clusters/ec-remote-cluster-ece.md @@ -139,14 +139,16 @@ A deployment can be configured to trust all or specific deployments in a remote 5. Upload the Certificate Authority of the ECE environment. You can download it from Platform > Trust Management in your ECE administration UI. 6. Choose one of following options to configure the level of trust with the ECE environment: - * All deployments - This deployment trusts all deployments in the ECE environment, including new deployments when they are created. - * Specific deployments - Specify which of the existing deployments you want to trust in the ECE environment. The full {{es}} cluster ID must be entered for each remote cluster. The {{es}} `Cluster ID` can be found in the deployment overview page under **Applications**. + * **All deployments** - This deployment trusts all deployments in the ECE environment, including new deployments when they are created. + * **Specific deployments** - Specify which of the existing deployments you want to trust in the ECE environment. The full {{es}} cluster ID must be entered for each remote cluster. The {{es}} `Cluster ID` can be found in the deployment overview page under **Applications**. 7. Provide a name for the trusted environment. That name will appear in the trust summary of your deployment’s **Security** page. 8. Select **Create trust** to complete the configuration. -9. Configure the corresponding deployments of the ECE environment to [trust this deployment](/deploy-manage/remote-clusters/ece-enable-ccs.md). You will only be able to connect 2 deployments successfully when both of them trust each other. +9. Configure the corresponding deployments of the ECE environment to [trust this deployment](/deploy-manage/remote-clusters/ece-enable-ccs.md). You will only be able to connect two deployments successfully when both of them trust each other. -Note that the environment ID and cluster IDs must be entered fully and correctly. For security reasons, no verification of the IDs is possible. If cross-environment trust does not appear to be working, double-checking the IDs is a good place to start. +::::{note} +The environment ID and cluster IDs must be entered fully and correctly. For security reasons, verification of the IDs is not possible. If cross-environment trust does not appear to be working, double-checking the IDs is a good place to start. +:::: ::::{dropdown} Using the API You can update a deployment using the appropriate trust settings for the {{es}} payload. @@ -209,11 +211,6 @@ On the local cluster, add the remote cluster using {{kib}} or the {{es}} API. * **Server name**: This value can be found on the **Security** page of the {{ech}} deployment you want to use as a remote. - :::{image} /deploy-manage/images/cloud-ce-copy-remote-cluster-parameters.png - :alt: Remote Cluster Parameters in Deployment - :screenshot: - ::: - ::::{note} If you’re having issues establishing the connection and the remote cluster is part of an {{ece}} environment with a private certificate, make sure that the proxy address and server name match with the the certificate information. For more information, refer to [Administering endpoints in {{ece}}](/deploy-manage/deploy/cloud-enterprise/change-endpoint-urls.md). :::: diff --git a/deploy-manage/remote-clusters/ec-remote-cluster-other-ess.md b/deploy-manage/remote-clusters/ec-remote-cluster-other-ess.md index 4a4ee9579..d63b9e7db 100644 --- a/deploy-manage/remote-clusters/ec-remote-cluster-other-ess.md +++ b/deploy-manage/remote-clusters/ec-remote-cluster-other-ess.md @@ -86,19 +86,21 @@ If you later need to update the remote connection with different permissions, yo A deployment can be configured to trust all or specific deployments in another {{ech}} [organization](../users-roles/cloud-organization.md). To add cross-organization trust: -1. From the **Security** menu, select **Remote Connections > Add trusted environment** and select **{{ecloud}}**. Then click **Next**. +1. From the **Security** page, select **Remote Connections > Add trusted environment** and select **{{ecloud}}**. Then click **Next**. 2. Select **Certificates** as authentication mechanism and click **Next**. -3. Enter the ID of the deployment’s organization which you want to establish trust with. You can find that ID on the Organization page. It is usually made of 10 digits. +3. Enter the ID of the deployment’s organization which you want to establish trust with. You can find that ID on the **Organization** page. It is usually made of 10 digits. 4. Choose one of following options to configure the level of trust with the other organization: - * All deployments - This deployment trusts all deployments in the other organization, including new deployments when they are created. - * Specific deployments - Specify which of the existing deployments you want to trust in the other organization. The full {{es}} cluster ID must be entered for each remote cluster. The {{es}} `Cluster ID` can be found in the deployment overview page under **Applications**. + * **All deployments** - This deployment trusts all deployments in the other organization, including new deployments when they are created. + * **Specific deployments** - Specify which of the existing deployments you want to trust in the other organization. The full {{es}} cluster ID must be entered for each remote cluster. The {{es}} `Cluster ID` can be found in the deployment overview page under **Applications**. 5. Provide a name for the trusted environment. That name will appear in the trust summary of your deployment’s **Security** page. 6. Select **Create trust** to complete the configuration. -7. Repeat these steps from each of the deployments you want to use for CCS or CCR in both organizations. You will only be able to connect 2 deployments successfully when both of them trust each other. +7. Repeat these steps from each of the deployments you want to use for CCS or CCR in both organizations. You will only be able to connect two deployments successfully when both of them trust each other. -Note that the organization ID and cluster IDs must be entered fully and correctly. For security reasons, no verification of the IDs is possible. If cross-organization trust does not appear to be working, double-checking the IDs is a good place to start. +::::{note} +The organization ID and cluster IDs must be entered fully and correctly. For security reasons, verification of the IDs is not possible. If cross-organization trust does not appear to be working, double-checking the IDs is a good place to start. +:::: ::::{dropdown} Using the API You can update a deployment using the appropriate trust settings for the {{es}} payload. @@ -151,11 +153,6 @@ On the local cluster, add the remote cluster using {{kib}} or the {{es}} API. * **Server name**: This value can be found on the **Security** page of the {{ech}} deployment you want to use as a remote. - :::{image} /deploy-manage/images/cloud-ce-copy-remote-cluster-parameters.png - :alt: Remote Cluster Parameters in Deployment - :screenshot: - ::: - ::::{note} If you’re having issues establishing the connection and the remote cluster is part of an {{ece}} environment with a private certificate, make sure that the proxy address and server name match with the the certificate information. For more information, refer to [Administering endpoints in {{ece}}](/deploy-manage/deploy/cloud-enterprise/change-endpoint-urls.md). :::: diff --git a/deploy-manage/remote-clusters/ec-remote-cluster-same-ess.md b/deploy-manage/remote-clusters/ec-remote-cluster-same-ess.md index 9c9932293..890228c36 100644 --- a/deploy-manage/remote-clusters/ec-remote-cluster-same-ess.md +++ b/deploy-manage/remote-clusters/ec-remote-cluster-same-ess.md @@ -84,13 +84,13 @@ If you later need to update the remote connection with different permissions, yo ::::::{tab-item} TLS certificate (deprecated) ### Set the default trust with other clusters in the same {{ecloud}} organization [ec_set_the_default_trust_with_other_clusters_in_the_same_elasticsearch_service_organization] -By default, any deployment that you create trusts all other deployments in the same organization. To manage this behavior in the [{{ecloud}} Console](https://cloud.elastic.co?page=docs&placement=docs-body), go to **Trust management** from the lower navigation menu. You can choose one of the following options: +To configure this behavior in the [{{ecloud}} Console](https://cloud.elastic.co?page=docs&placement=docs-body), go to **Trust management** from the lower navigation menu. The **Trust all deployments** option is switched on by default. You can keep it switched on or switch it off. -* Trust all my deployments - All of your organization’s deployments created while this option is selected already trust each other. If you keep this option, that includes any deployments you’ll create in the future. You can directly jump to [Connect to the remote cluster](/deploy-manage/remote-clusters/ec-remote-cluster-same-ess.md#ec_connect_to_the_remote_cluster) to finalize the CCS or CCR configuration. -* Trust no deployment - New deployments won’t trust any other deployment when they are created. You can instead configure trust individually for each of them in their security settings, as described in the next section. +* When **Trust all deployments** is switched on - All deployments trust all other deployments in the same organization, including new deployments when they are created. If you keep this setting switched on, you can jump to [Connect to the remote cluster](/deploy-manage/remote-clusters/ec-remote-cluster-same-ess.md#ec_connect_to_the_remote_cluster) to finalize the CCS or CCR configuration. +* When **Trust all deployments** is switched off - New deployments won’t trust any other deployments. Instead, you can configure trust for each of them in their security settings, as described in the next section. ::::{note} -* The level of trust of existing deployments is not modified when you change this setting. You must instead update the trust settings individually for each deployment you wish to change. +* The level of trust of existing deployments is not modified when you change this setting. Instead, you must update the individual trust settings for each deployment you wish to change. * Deployments created before the {{ecloud}} February 2021 release trust only themselves. You have to update the trust setting for each deployment that you want to either use as a remote cluster or configure to work with a remote cluster. :::: @@ -99,22 +99,22 @@ By default, any deployment that you create trusts all other deployments in the s ### Specify the deployments trusted to be used as remote clusters [ec_specify_the_deployments_trusted_to_be_used_as_remote_clusters] -If your organization’s deployments already trust each other by default, you can skip this section. If that’s not the case, follow these steps to configure which are the specific deployments that should be trusted. +If your organization’s deployments already trust each other by default, you can skip this section. If that’s not the case, follow these steps to configure which specific deployments should be trusted. 1. Go to the **Security** page of your deployment. 2. From the list of existing trust configurations, edit the one labeled as your organization. 3. Choose one of following options to configure the level of trust on each of your deployments: - * Trust all deployments - This deployment trusts all other deployments in this environment, including new deployments when they are created. - * Trust specific deployments - Choose which of the existing deployments from your environment you want to trust. - * Trust no deployment - No deployment in this {{ech}} environment is trusted. + * **All deployments** - This deployment trusts all other deployments in this environment, including new deployments when they are created. + * **Specific deployments** - Choose which of the existing deployments from your environment you want to trust. + * **None** - No deployment in this environment is trusted. ::::{note} When trusting specific deployments, the more restrictive [CCS](/deploy-manage/remote-clusters/remote-clusters-self-managed.md#sniff-mode) version policy is used (even if you only want to use [CCR](/deploy-manage/tools/cross-cluster-replication.md)). To work around this restriction for CCR-only trust, it is necessary to use the API as described below. :::: -1. Repeat these steps from each of the deployments you want to use for CCS or CCR. You will only be able to connect 2 deployments successfully when both of them trust each other. +1. Repeat these steps from each of the deployments you want to use for CCS or CCR. You will only be able to connect two deployments successfully when both of them trust each other. ::::{dropdown} Using the API You can update a deployment using the appropriate trust settings for the {{es}} payload. @@ -182,11 +182,6 @@ On the local cluster, add the remote cluster using {{kib}} or the {{es}} API. * **Server name**: This value can be found on the **Security** page of the {{ech}} deployment you want to use as a remote. - :::{image} /deploy-manage/images/cloud-ce-copy-remote-cluster-parameters.png - :alt: Remote Cluster Parameters in Deployment - :screenshot: - ::: - ::::{note} If you’re having issues establishing the connection and the remote cluster is part of an {{ece}} environment with a private certificate, make sure that the proxy address and server name match with the the certificate information. For more information, refer to [Administering endpoints in {{ece}}](/deploy-manage/deploy/cloud-enterprise/change-endpoint-urls.md). :::: diff --git a/deploy-manage/remote-clusters/ec-remote-cluster-self-managed.md b/deploy-manage/remote-clusters/ec-remote-cluster-self-managed.md index a6172ca5f..c8bb000df 100644 --- a/deploy-manage/remote-clusters/ec-remote-cluster-self-managed.md +++ b/deploy-manage/remote-clusters/ec-remote-cluster-self-managed.md @@ -122,7 +122,7 @@ If you later need to update the remote connection with different permissions, yo A deployment can be configured to trust all or specific deployments in any environment: -1. From the **Security** menu, select **Remote Connections > Add trusted environment** and choose **Self-managed**, then click **Next**. +1. From the **Security** page, select **Remote Connections > Add trusted environment** and choose **Self-managed**. Then click **Next**. 2. Select **Certificates** as authentication mechanism and click **Next**. 3. Upload the public certificate for the Certificate Authority of the self-managed environment (the one used to sign all the cluster certificates). The certificate needs to be in PEM format and should not contain the private key. If you only have the key in p12 format, then you can create the necessary file like this: `openssl pkcs12 -in elastic-stack-ca.p12 -out newfile.crt.pem -clcerts -nokeys` 4. Select the clusters to trust. There are two options here depending on the subject name of the certificates presented by the nodes in your self managed cluster: @@ -235,11 +235,6 @@ On the local cluster, add the remote cluster using {{kib}} or the {{es}} API. * **Server name**: This value can be found on the **Security** page of the {{ech}} deployment you want to use as a remote. - :::{image} /deploy-manage/images/cloud-ce-copy-remote-cluster-parameters.png - :alt: Remote Cluster Parameters in Deployment - :screenshot: - ::: - ::::{note} If you’re having issues establishing the connection and the remote cluster is part of an {{ece}} environment with a private certificate, make sure that the proxy address and server name match with the the certificate information. For more information, refer to [Administering endpoints in {{ece}}](/deploy-manage/deploy/cloud-enterprise/change-endpoint-urls.md). ::::