Post-installation steps
ECE
After your Elastic Cloud Enterprise installation is up, some additional steps might be required. For a complete list of configurable features in ECE, refer to Configure ECE.
To start creating Elasticsearch deployments directly, refer to Manage deployments in Elastic Cloud Enterprise.
Add your own load balancer. Load balancers are user supplied and we do not currently provide configuration steps for you.
Add more capacity to your ECE installation, resize your deployment, upgrade to a newer Elasticsearch version, and add some plugins.
Configure ECE system deployments to ensure a highly available and resilient setup.
Configure ECE for deployment templates to indicate what kind of hardware you have available for Elastic Stack deployments.
In production systems, add your own Cloud UI and Proxy certificates to enable secure connections over HTTPS. The proxy certificate must be a wildcard certificate signed for the needed DNS records of your domain.
NoteThe default DNS resolution provided by Elastic is not intended for production use. Refer to Wildcard DNS record and certificates for more information.
If you intend to use custom endpoint aliases functionality, ensure you add the necessary Subject Alternative Name (SAN) entries to the proxy certificate.
Optionally, if you want the deployment endpoint links and Single-sign on to work with your domain name, configure it as the deployment domain name in the Platform > Settings section of the Cloud UI. The domain name is used to generate the endpoint URLs and must align with your proxy certificate and DNS record.
TipFor example, if your proxy certificate is signed for
*.elastic-cloud-enterprise.example.comand you have a wildcard DNS register pointing*.elastic-cloud-enterprise.example.comto your load balancer, you should configureelastic-cloud-enterprise.example.comas the deployment domain name in Platform → Settings. Refer to Change endpoint URLs for more details.Add a snapshot repository to enable regular backups of your Elasticsearch clusters.
Add more platform users with role-based access control.
Consider enabling encryption-at-rest (EAR) on your hosts.
NoteEncryption-at-rest is not implemented out of the box in Elastic Cloud Enterprise. Learn more.
Set up traffic filters to restrict traffic to your deployment to only trusted IP addresses or VPCs.
Learn how to work around host maintenance or a host failure by moving nodes off of an allocator. For an overview of common ECE maintenance activities, refer to ECE maintenance.
If you received a license from Elastic, manage the licenses for your Elastic Cloud Enterprise installation.
During installation, the system generates secrets that are placed into the /mnt/data/elastic/bootstrap-state/bootstrap-secrets.json secrets file, unless you passed in a different path with the --host-storage-path parameter. Keep the information in the bootstrap-secrets.json file secure by removing it from its default location and placing it into a secure storage location.