Activate 2018

According to estimates, the volume of business data worldwide, across all companies, doubles every 1.2 years. With decreasing storage costs, and the fear of missing out on important data, this period is only supposed to get shorter, translating to an even higher data growth. With as much data being stored for being searched, it’s almost obvious that it resides on multi-tenant systems, which talk to each other. This makes it important to think about and build security mechanisms both within and around the search engine, the platform that holds all of the data.

Security could mean different things to different use cases or users. It may mean providing basic authentication and authorization in a closed network, but has the added requirement of document level filtering when running in a multi-tenant setup with shared collections. An often overlooked aspect of when thinking about securing Solr is it’s communication with other satellite systems like log aggregators, monitoring systems etc.. These systems need special consideration when setting up Solr with security.

While setting up and running a search system at scale isn’t a trivial task to begin with, it can be orders of magnitude more complicated when doing it with security enabled but when hosting critical data, there is really no other way out. Insecure systems are unstable for certain datasets, or at the very least much less desirable. In addition, it’s a good thing to have when hosting multi-tenant setups.

Understanding the basic nuances of what security should mean when we talk about Solr is as important as knowing how to set it up to ensure that the data can only be accessed by trusted systems or users. This talk will highlight what securing Solr generally means, what are the available nuts and bolts that are shipped with Solr, and what else is needed to have a secure setup of Solr. It would also give options of things that can be punted upon or deferred until later, which are good to have in certain cases but not as essential while specifically talking about the parts that can not be missed. At the end of this talk, the attendees would have a much better understanding of security in Solr, components that are needed, and concepts that are integral for running a secure setup of Solr.