Cross Cluster Search OpenSearch <-> (Search Guard / Standard Elastic)

We have been setting up CCS with OpenDistro clusters talkin to each other.
However currently we have a situation, in which we have more clusters that are not managed by us and we have Search Guard and Standard Elasticsearch with Xpac added to the mix.

We are using Active Directory integration for users management and would like to ask if anybody has experience in those subjects:

Is it possible to setup OpenSearch to do Cross Cluster Search to:

  • Elasticsearch with Xpac?
    • From OpenSearch → Xpac
    • From Xpac → OpenSearch
  • Elasticsearch with Search Guard?
    • From OpenSearch → SG
    • From SG → OpenSearch

So far we have no luck in setting it up so maybe somebody already worked on the subject?

Moving this to the security category.


What ES version are you currently running?
OpenSearch is a fork of Elasticsearch 7.10.2

The base version of elasticsearch is 7.10.0.

We are preparing to upgrade but we are not there yet.

I have OpenDistro in version 1.12.0

I’m connecting to Search Guard in version 49.3 and Elasticsearch cluster 7.10.0 with Xpack

I’m thinking about upgrading cluster to OpenSearch but it would be nice to know,
if those connections

  • OpenSearch → SG and
  • OpenSearch → ELK Xpac
    do work. That would be another point to switch.

I’ll try to test it. So your target is OS, not OD?

Great! Thx @pablo

Yes, target is OS.

(But, if there is a way to do it on OD this will help me to set it up before upgrade.)


Done some testing. But still have some certificate issues.

What certificates do you use in your SG and ODFE/OS? Self-signed, signed or demo?
Could you share your errors?