Deploying a production, air-gapped observability platform for critical compliance and visibility.
Client
The client is operating in the Critical Infrastructure industry needs deployment of a production, air-gapped observability platform for critical compliance and visibility of their systems.
Project Context
The project successfully deployed a production-grade, fully air-gapped Elastic Stack (v9.0.1) to achieve comprehensive observability and compliance. The architecture utilized six high-volume data nodes supported by a dedicated monitoring cluster, meeting the mandatory one-year log data retention rule.
Project Objectives
- Deploy a highly available, multi-node production Elastic cluster.
- Establish a separate monitoring cluster for the main stack's health.
Configure a complete air-gapped ecosystem with local registries (EAR/EPR).
- Ingest diverse data (OpenShift, VMs, Cisco, Fortinet).
Challenges
-Requirement for high security and reliability in a Critical Infrastructure environment.
- Necessity to deploy and maintain a fully air-gapped platform.
- Meeting the one-year log data retention rule for critical compliance.
- Need for comprehensive observability and visibility across systems.
Solution
- Installed and configured all components (Elasticsearch, Kibana, Logstash, Fleet Server).
- Established local, air-gapped repositories (EPR/EAR) for internal distribution.
- Implemented client-issued CA-signed SSL/TLS certificates for all communication.
- Integrated the production cluster with LDAPs for centralized authentication and RBAC.
- Onboarded data sources via Elastic Agents (OpenShift, Linux, Windows) and Logstash pipelines (Cisco, Fortinet syslog).
- Enabled Centralized Pipeline Management for Logstash.
