Scenario

CSS integrates shared load balancers and allows you to bind public network access and enable the VPC Endpoint service. Dedicated load balancers provide more functions and higher performance than shared load balancers. This section describes how to connect a cluster to a dedicated load balancer.

Advantages of connecting a cluster to a dedicated load balancer:

A non-security cluster can also use capabilities of the Elastic Load Balance (ELB) service.
You can use customized certificates for HTTPS bidirectional authentication.
Seven-layer traffic monitoring and alarm configuration are supported, allowing you to view the cluster status at any time.

There are eight service forms for clusters in different security modes to connect to dedicated load balancers. Table 1 describes the load balancer capabilities for the eight service forms. Table 2 describes the configurations for the eight service forms.

You are not advised to connect an ELB that has bound the public network to a non-security cluster. Non-security clusters can be accessed over HTTP without security authentication. A load balancer with an EIP allows access to such clusters over the Internet, which may bring security risks.

**Table 1** ELB capabilities for different clusters
Security Mode	Service Form Provided by ELB for External Systems	ELB Load Balancing	ELB Traffic Monitoring	ELB Two-way Authentication
Non-security	No authentication	Yes	Yes	No
Non-security	One-way authentication Two-way authentication	Yes	Yes	Yes
Security mode + HTTP	Password authentication	Yes	Yes	No
Security mode + HTTP	One-way authentication + Password authentication Two-way authentication + Password authentication	Yes	Yes	Yes
Security mode + HTTPS	One-way authentication + Password authentication Two-way authentication + Password authentication	Yes	Yes	Yes

**Table 2** Configuration for interconnecting different clusters with ELB
Security Mode	Service Form Provided by ELB for External Systems	ELB Listener			Backend Server Group
Security Mode	Service Form Provided by ELB for External Systems	Frontend Protocol	Port	SSL Parsing Mode	Backend Protocol	Health Check Port	Health Check Path
Non-security	No authentication	HTTP	9200	No authentication	HTTP	9200	/
	One-way authentication	HTTPS	9200	One-way authentication	HTTP	9200
	Two-way authentication	HTTPS	9200	Two-way authentication	HTTP	9200
Security mode + HTTP	Password authentication	HTTP	9200	No authentication	HTTP	9200	/_opendistro/_security/health
	One-way authentication + Password authentication	HTTPS	9200	One-way authentication	HTTP	9200
	Two-way authentication + Password authentication	HTTPS	9200	Two-way authentication	HTTP	9200
Security mode + HTTPS	One-way authentication + Password authentication	HTTPS	9200	One-way authentication	HTTPS	9200
Security mode + HTTPS	Two-way authentication + Password authentication	HTTPS	9200	Two-way authentication	HTTPS	9200

Parent topic: Connecting a Cluster to a Dedicated Load Balancer

Previous topic: Connecting a Cluster to a Dedicated Load Balancer

Next topic: Connecting to a Dedicated Load Balancer

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel