Configure Security Plugin to Access the Search Server

Configure the CA Security Plugin to authorize the hosts that access the search server.
casm173
Configure the CA Security Plugin to authorize the hosts that access the search server based on your environment requirements (Elastic Search Server 2.1.1 or Elastic Search Server 7.10.2).
Elastic Search Server 7.10.2 is supported on CA Service Management 17.3.0.6 and later versions.
The search server uses two ports, an HTTP port and a TCP port. The CA security plugin authorizes only the HTTP port.
Elastic Search Server 2.1.1
Perform the following steps if you have Elastic Search Server 2.1.1 in your environment:
  1. Navigate to where you have installed Elastic Search Server 2.1.1 and edit the edit the
    elasticsearch.yml
    file:
    For example: <install_home>\CASearchServer\elasticsearch-2.1.1\config
  2. Configure the IP address or the host names of the servers that can access the search servers.
    ca-es-security-plugin: enable: true enable-x-forwarded-for: true allowed-list-of-hosts: [host1, host2, ...]
    By default, the security is disabled for the search servers.
  3. Save and close the file.
  4. Restart the
    CA Search Server
    service.
    The security is enabled and only the hosts that you define in the
    allowed-list-of-hosts
    parameter can access the search server.
Elastic Search Server 7.10.2
Perform the following steps if you have Elastic Search Server 7.10.2 in your environment:
  1. Navigate to the where you have installed Elastic Search Server 7.10.2 and edit the elasticsearch.yml file:
    For example:
    <install_home>\CASearchServer\elasticsearch-7.10.2\config
    In case, if you do not have have elasticsearch-7.10.2 full license, add the below in the elasticsearch.yml file:
    xpack.security.enabled: false
  2. Configure the IP address or the host names of the servers that can access the search servers.
    ca-es-security-plugin: enable: true enable-x-forwarded-for: true allowed-list-of-hosts: [host1, host2, ...]
    By default, the security is disabled for the search servers.
  3. Save and close the file.
  4. Restart the
    CA Search Server
    service.
    The security is enabled and only the hosts that are specified in the
    allowed-list-of-hosts
    parameter can access the search server.