Still creating a new cluster for each project? 😱
Effortlessly fit 1000+ fully isolated tenants inside one Elasticsearch cluster.
Security? Second to none.
👮🏻♂️ Granular access control on indices, documents, and fields
🌥️ Interoperable with Elastic cloud managed service
🛳️ Works great with Kubernetes using ECK
🏛️ Advanced Enterprise integrations (LDAP, SAML, OIDC, etc)
Physicist, IT department
CERN
“Our largest shared cluster [...] consolidates about 17 different use cases on the same hardware, lowering the total cost.”
Solution Architect
Top French network operator
“ReadonlyREST Enterprise is one of the few software I use or used professionally, and I would recommend it 200%.”
GSE, SANS Instructor, CEO
H/A Security Solutions
“I baked ReadonlyREST Free into SEC455 SIEM Design and Implementation. I'm openly recommending it to students and highlighting its features.”
Responsible of Platforms and Automation
Creos S.A.
“ReadonlyREST was quick and easy to implement, that gave us more time to spend on other important tasks.”
Since 2017, hundreds of remarkable organisations trusted us.
Customers that make us extra proud:
📈 2x in the S&P 500 top 5
🧸 2x Charities protecting children
⚛️ 3x Nuclear research institutions
🇪🇺 2x European Union institutions
👮♀️ Various government institutions
Logos appearing on this site are the property of their respective owners. Their presence does not imply any endorsement, sponsorship, or affiliation between ReadonlyREST and the owners of these trademarks. They are used merely to represent our customer base and the broad range of clients we serve.
Tweak the Look & Feel in Kibana
Make Kibana blend in with your company branding. Use ReadonlyREST Kibana plugin to overlay custom CSS stylesheet and Javascript.Styles and behaviour of every page will be cleanly overridden.
Gone are the days of unreliably patching source files every time you updated Kibana. Now, our custom assets get dynamically loaded in every page.
Offsite auditing & Monitoring
Keep an eye on accesses, failed logins, data access, with single-user granularity. Spot what users and what queries are the hogging resources the most.
Optionally, audit logs can be shipped to a dedicated, remote ES cluster for further analysis and better security.
Efficient Data segregation
Stop creating a new cluster for each new project. Save tons of computing resources by using a single Elasticsearch cluster, and a single Kibana instance for virtually unlimited projects.
A new tenancy can be created and destroyed in 1 second.
With group mapping, creating a tenancy is as quick as creating a LDAP group.
NB: complete segregation is optional! Sometimes it’s useful and strategic that the same indices can be read by multiple groups, to avoid data duplication.
Bring your own Authentication
All the major Enterprise grade authentication and authorization protocols are supported out of the box: SAML, LDAP, OpenID Connect.
User impersonation and external auth mocking is supported in our GUI: no need to spin up a test LDAP server, or a SAML IdP.
Integrations of non-standard auth systems are super easy, using either:
Elastic Cloud integration
Keep all data in a cluster in the cheapest Elastic Cloud tier, enforce access control, and multi-tenancy with ReadonlyREST.
This is possible thanks to Elastic cloud’s “Trusted evironments” and “Cross Cluster Search (CCS)” features.
Only show the right Kibana apps
Should the sales team use the machine learning app?
Should the auditors see anything else than dashboards?
ReadonlyREST can disable any Kibana app for any Kibana user or group!
Reboot-less security settings editor
Add a user, modify permissions, tweak LDAP connectors, and just click SAVE. All the Elasticsearch nodes will pick up the changes in seconds. Goodbye rolling-restarts!
The reboot-less settings are available in GUI and API mode (Enterprise edition only).
Testable Access Control
Our ACL is testable with code.
It’s easy to write tests that use simple HTTP headers to impersonate users, groups.
Add mock users to LDAP/SAML connectors in the impersonation GUI, and use them in your tests without depending on dummy authentication servers
Try it now with Docker
Build a container with our all-in-one Dockerfile. You will be interacting with the minimal “free” Kibana environment. You will need to enter the trial activation key to see the multi-tenant Kibana demo in action.
docker build -t ror --rm \ https://readonlyrest.com/docker-demo
Run the container:
docker run -p 9200:9200 -p 5601:5601 -ti --rm ror
Head to
http://localhost:5601
Login as “admin”, password is “passwd”
NB: If you are using Linux, you might need to run
sudo sysctl -w vm.max_map_count=300000
in the host machine.Kubernetes Ready
Works great with Elastic Cloud on Kubernetes (ECK) operator
Take advantage of the official Kubernetes operator designed by Elastic
- Trivial software updates
- Simplified maintenance
- Easy provisioning
For Kibana
Enterprise Kibana plugin
1000 Kibanas in one cluster. With modern enterprise authentication.
- Multi-Tenancy (virtual ELK clusters)
- Email support (SLA)
Our values
Security through simplicity
Since 2013, ReadonlyREST is a reference in Elasticsearch and Kibana security.
We understand that the weakest link in security is human error. That’s why ReadonlyREST embraces the “convention over configuration” principle.
As a side effect, our solution can be integrated in hours, as opposed to days or weeks.
Performance
Performant by design: forged by the experience in extra large clusters (banking, ad-tech), but also with wildly fast write rates (CERN), our software can surely take the challenge.
Accountability
Our support service is the best in its league: the same engineers that wrote the software will answer your SLA support tickets.
Years of continuous improvements
Since we entered the market in 2017, we have never stopped updating our product:
- Monthly releases: for Bug fixes, and improvements.
- Extra releases: when a new Elastic version is out, or security fixes.
Layer after layer, year after year, progressive refinements take to excellence.
🙋♂️ FAQ - commercial
Why a subscription?
- Because security is a process, not a product. New builds with fixed vulnerabilities and new features keep coming every 3-4 weeks.
Is there a free trial?
- Yes: four weeks. We can extend this period, no problem. Just ask. We are happy to provide free-of-charge solution architecture, and technical assistance during the whole validation process.
The Elasticsearch plugin has GPLv3 license, is this intentional?
- Yes. If it’s too restrictive, just go for the Embed contract.If you depend on an OSS security tool commercially, it’s in your best interest to keep it well maintained and existing. See it as a mandatory sponsorship to the project.
🙋♀️ FAQ - product
Do I need to install both Elasticsearch and Kibana plugins?
- If you use Kibana, or you want to use the authentication, multi-user or multi-tenancy features, YES. You need to install our universal Kibana plugin. You don’t strictly need to use the PRO or Enterprise editions if you don’t need the advanced features, but you can test them using a trial activation key that you can generate in our portal.
Do you support older versions (Elastic stack < 7.0.0) ?
- Yes, but only for paying customers. The oldest version supported is 6.0.0.
- Remember to keep plugin versions aligned in Kibana and Elasticsearch!
Do all the latest Kibana apps work?
- The majority. A few of the latest ones don’t work yet, we are improving compatibility in time.
Will new features work in older Elastic stack versions?
- YES! New features will work on all Elasticsearch ≥ 6.0.0 and all Kibana ≥ 7.9.0