How Elastic Stack (Elasticsearch) licenses are licensed and different

In this article, we will tell you how Elastic Stack is licensed, what licenses are there, what is included in it (key features), let's compare Elastic a little with OpenDistro from AWS and other well-known distributions.







As you can see in the picture above, there are 5 types, relatively speaking, subscriptions by which you can use the system. For details on what is written below, you can find out on the dedicated Elastic page . Everything written in this article applies to Elastic Stack hosted on its own infrastructure (on-premise).



Open Source. This is the Elastic Stack version that is freely available in the Elastic Github repository . Basically, you can take it and make the killer of Arcsight, QRadar, Splunk and other direct competitors of Elastic. You don't have to pay anything for this.



Basic... This type of license includes the capabilities of the previous license, but is supplemented by functionality that is not open source, but, nevertheless, is available free of charge. These are, for example, SIEM, access to the role model, some types of visualizations in Kibana, Index Lifecycle Management, some built-in integrations and other capabilities.



This concludes the free licenses and it's time to deal with paid licenses. The Elastic Stack is licensed per Elasticsearch node. There may be at least a million Kibana and Logstash (or Fluentd, if you like) nearby, but licenses will be counted precisely by the hosts on which Elasticsearch is deployed. The calculation of licenses also does not include nodes with Ingest, Client / Coordinating roles. The number of nodes included in the calculation is directly influenced by the volume of incoming traffic and data storage requirements. Recall that to ensure the reliability of the cluster, it must have at least 3 nodes. We calculate sizing based on the method described in one of the previous articles... When purchasing Elasticsearch licenses, only the subscription format is available with a duration of 1 year or more in 1 year increments (2, 3, and so on). Now let's go back to license types.



Gold . The Elasticsearch Gold license adds support for authorization via LDAP / AD, extended logging for internal audit, expanded alert capabilities and vendor technical support during business hours. It is the Gold subscription that is very similar to AWS OpenDistro.



Platinum . The most popular type of subscription. in addition to Gold-level capabilities, machine learning built into Elastic appears here, cross-cluster replication, ODBC / JDBC client support, granular document-level access control, 24/7/365 vendor support, and a few other features. They can also release Emergency patches as part of this subscription.



Enterprise . Highest subscription level. In addition to all the Platinum-level features, this includes the Elastic Cloud Enterprise orchestrator, Elastic Cloud on Kubernetes, Endgame endpoint security solution (with all its capabilities), vendor support for an unlimited number of Elastic-based projects, and other features. Typically used in large to very large installations.



Elastic has many forks already, the most famous of which is OpenDistro from AWS... Its key benefit is support for some of the original Elastic features available on paid subscriptions. The main ones are integration with LDAP / AD (as well as SAML, Kerberos and others), built-in alerting (on free Elastic, this is implemented through Elast Alert), logging user actions and support for JDBC drivers.



We also mention about HELK and Logz.io . The first is a project on Github, which gives Elasticsearch additional software for threat analytics (they write that while this is all in alpha), and the second is a cloud service based on Elastic and adding some nice features. In the comments, you can share other forks that you know about.



For more information about Elasticsearch sizing, licensing and other issues, you can leave a request in the feedback form on the website or in another convenient way .



You can also read:



Elasticsearch sizing Dealing



with Machine Learning in Elastic Stack (aka Elasticsearch, aka ELK)



Elastic under lock and key: enable security options for the Elasticsearch cluster for access from the inside and outside



What can be useful from the logs of a Windows workstation



All Articles