Solr Security

The following security features come out-of-the-box with SearchStax Managed Search:

• Encryption in Transit – SearchStax provides Transit Level Encryption (TLS) of all traffic going over the network using the latest TLS encryption algorithms.
• Encryption at Rest – Encryption at Rest converts sensitive data into another form of data that can only be read by someone else who has the matching encryption key. Using encryption at rest prevents the unauthorized users from accessing the unencrypted data by ensuring that all data is encrypted when it is on disk.
• Solr Basic Authentication – You have the option to enable the Solr Basic Authentication Plugin through the SearchStax dashboard to restrict access to your Solr dashboard, and demand authorization for query requests and index updates.
• Two-Factor Authentication – Two-Factor Authentication or 2FA is an optional security protocol available to all accounts and users, and adds an extra layer of protection to the account login.
• IP Filtering – SearchStax provides IP Filtering using the API methods or the SearchStax dashboard.
• User Roles – Each SearchStax account is restricted to the Owner of that account plus any SearchStax users who have been granted access to that account by the Owner.
• Audit Logs – Audit log provides you with a list of all user actions within your account, including those of the SearchStax Support team.
• Zookeeper Security – We lock down the Zookeeper ensemble so it cannot be reached from the Internet by using IP Filtering.
• Dashboard Security – All connections to the SearchStax dashboard use HTTPS, which encrypts your traffic in transit. We follow industry best practices for passwords.

The SearchStax Managed Search Security Pack includes:

• Single Sign-On (SSO) – SSO provides a frictionless user experience by allowing a user to sign on to SearchStax using the same credentials they use for other applications within the same company. The use of SSO enforces risk-based access policies and automates provisioning workflows and enables self-service tools to help companies reduce IT costs. Our SSO uses the Microsoft Azure Active Directory and open standard Security Assertion Markup Language (SAML) to pass authorization credentials to service providers.
• Monthly Vulnerability Scans – With the Security Pack, we increase the frequency of vulnerability scans from quarterly to monthly. We also provide priority patching which means that Security Pack customers will have their patches applied before other customers.
• Transport Layer Security – Transport Layer Security (TLS version 1.2) is a cryptographic protocol designed to provide communications security over a computer network. TLS protocol provides privacy and data integrity between two or more communicating applications. The Security Pack allows the customer to specify the TLS version and ciphers.

SearchStax Managed Search now offers the ability for customers to set up Single Sign-On (SSO) to let their users log into SearchStax apps with a single ID and password that works across multiple software systems.

We use the open standard Security Assertion Markup Language (SAML) to allow identity providers (IdP) to pass authorization credentials to service providers (SP). We use Microsoft Azure Active Directory to implement SSO for SearchStax.

SSO is an add-on SearchStax feature that is purchased separately as part of the Security Pack. If you are interested in the Security Pack, check with our sales team or your Account Manager for more information.

The following are best practices for managing security for your Solr deployments:

• Authentication and authorization to control who has access to your Solr instance
• Transport security to protect communication between the Solr service and client applications
• Secure configuration access to ensure configuration files are only accessible to authorized users
• Restrict API access to authorized users through firewalls, IP whitelisting and access control lists
• Monitor logs to regularly identify and respond to security incidents and suspicious events
• Keep Solr up-to-date with the latest security patches and updates so known vulnerabilities are addressed