Remote clusters on Elastic Cloud Enterprise

ECE

You can configure an Elastic Cloud Enterprise deployment to either connect to remote clusters or accept connections from:

• Another deployment of your ECE installation
• A deployment running on a different ECE installation
• An Elastic Cloud Hosted deployment
• A deployment running on an Elastic Cloud on Kubernetes installation
• A self-managed installation

To use CCS or CCR, your environment must meet the following criteria:

• The local and remote clusters must run on compatible versions of Elasticsearch. Review the version compatibility table.

  Version compatibility table

  • Any node can communicate with another node on the same major version. For example, 9.0 can talk to any 9.x node.
  • Version compatibility is symmetric, meaning that if 7.16 can communicate with 8.0, 8.0 can also communicate with 7.16. The following table depicts version compatibility between local and remote nodes.

  Note

  Version 8.19 is the final minor release in the 8.x series. Unlike past releases, 8.18 was launched simultaneously with 9.0, allowing cross-version compatibility between them. Hence, as shown in the compatibility table, 8.18 can search 9.0 clusters, but only 8.19 supports searching 9.1 and later.

  	Remote cluster version
  Local cluster version	7.17	8.0	8.1	8.2	8.3	8.4	8.5	8.6	8.7	8.8	8.9	8.10	8.11	8.12	8.13	8.14	8.15	8.16	8.17	8.18	8.19	9.0	9.1	9.2
  7.17
  8.0
  8.1
  8.2
  8.3
  8.4
  8.5
  8.6
  8.7
  8.8
  8.9
  8.10
  8.11
  8.12
  8.13
  8.14
  8.15
  8.16
  8.17
  8.18
  8.19
  9.0
  9.1
  9.2

• ECE proxies must answer TCP requests on the port used by the selected security model:

  • 9400 when using TLS certificate–based authentication (deprecated).
  • 9443 when using API key–based authentication.

  For details, refer to the remote cluster security models documentation and ECE networking prerequisites.

• Load balancers must pass through TCP requests on the port that corresponds to the security model:

  • 9400 for TLS certificate–based authentication (deprecated).
  • 9443 for API key–based authentication.

  For configuration details, refer to the ECE load balancer requirements.

• If your deployment was created before ECE version 2.9.0, the Remote clusters page in Kibana must be enabled manually from the Security page of your deployment, by selecting Enable CCR under Trust management.

The steps, information, and authentication method required to configure CCS and CCR can vary depending on where the clusters you want to use as remote are hosted.

• Connect remotely to other clusters from your Elastic Cloud Enterprise deployments

  • Access other deployments of the same Elastic Cloud Enterprise environment
  • Access deployments of a different Elastic Cloud Enterprise environment
  • Access deployments of an Elastic Cloud environment
  • Access clusters of a self-managed environment
  • Access deployments of an ECK environment

• Use clusters from your Elastic Cloud Enterprise deployments as remote

  • From another deployment of the same Elastic Cloud Enterprise environment
  • From a deployment of another Elastic Cloud Enterprise environment
  • From an Elastic Cloud Hosted deployment
  • From a self-managed cluster
  • From an ECK environment

If you have network security policies applied to the remote cluster, you might need to take extra steps on the remote side to allow traffic from the local cluster. Some remote cluster configurations have limited compatibility with network security. To learn more, refer to Remote clusters and network security.