OpenSearch - Features

Topologies

OpenSearch cluster is available as:

• 3 nodes cluster - not recommended for Production use

• 5 or more nodes cluster - recommended for Production use

3 nodes topology

In the 3 servers topology, all server are playing the master role, two of them are also used as data nodes. Each index are by default replicated on those two data nodes.

At least 5 nodes topology

With 5 to more servers, three node are used as masters only nodes and don't host any data. Depending of the Area, master nodes are dispatched across 2 or 3 Availability Zones. The remaining nodes host only data and are spread over two Availability Zones.

Resiliency

In an Area with 3 Availability Zones, the cluster is resilient against one AZ failure.

In an Area with 2 Availability Zones, the cluster might fail if the Availability Zone containing two masters is not available.

Features

This section lists which feature / capabilities are available to users, and how to request / perform them :

Security

Authentication

Authentication uses OpenSearch internal security system.

It can be configured on request to accept Active Directory as an authentication backend.

Authorizations

Authorizations is done using RBAC.

It can be configured on request to accept Active Directory as a backend role provider.

Secured Transport

TLS/SSL is activated by default for the incoming and internal network flows.

Passwords

This section explains how the password management is handled: