Security in Lucidworks Fusion

Gerald Kanapathy, VP of Products, Lucidworks

The standard for enterprise search.

of Fortune 500 uses Solr.

90%

The standard for enterprise search.

We built it.Lucidworks produces the world’s largest open source user conference dedicated to Lucene/Solr.

Lucidworks employs over 40% of the active committers on the Solr project.

Lucidworks contributes over 70% of Solr's open source codebase.

40%

70%

Community-driven development and

governance.

Massive install base, battle-tested for

hundreds of use cases across thousands of

companies worldwide.

Solr's move to the cloud makes it ideal for

distributed apps across an organization or

consumer segment.

Cost benefits can't be overlooked.

Open source done right.

Community-Driven Development Isn't Perfect...

• UI & UX • Integration • Security • Domain-specific Solutions

That's why we built Fusion.

Connector Framework

Index Pipelines (ETL)

( )ScaleFault ToleranceReal-Time

Fusion APIs

Recommendations Personalization Contextual SearchRelevancy Tool

Machine Learning / Signal ProcessingAnalytics

Security

Apps Mobile Silk

Database Web File Logs Hadoop

Security

Extended authentication, authorization and encryption, even at the document and collection level.

• Fusion comes with security for extended authentication, authorization, and encryption all the way down to the document and collection level – including the Solr API.

• Group and role-base security makes it easy to control what documents are returned in a set of search results – and what documents a user can access.

• Support for LDAP, Kerberos, SSL, and Active Directory.

• Connect and authenticate with other directory services through our extensible security framework.

Key Security Integrations

• User-level authentication for the Solr API

• Integrations of user accounts and group memberships with LDAP/AD, Kerberos

• Item/document-level access control in search results

• Mirroring of source documents ACLs, automatic security trimming

• Fine-grained RBAC in Fusion admin and configuration, in API and UI

• Extensible framework for extending to SAML, OAuth, other SSO providers

• Enforcement of data privacy: identify and remove PII, SPI, etc

User authentication for the Solr API

• Fusion API proxy

• Access control by user

• Works right out of the box

• Controls both Solr and Fusion functions

Use your existing enterprise user directory—LDAP or Active Directory

• Use existing users

• Use existing groups

• Use existing password and account policies

• Flexible config to limit and restrict within the enterprise directory

Item-level security made easy.

• Users authenticate to AD

• Crawlers mirror source ACLs

• Fusion proxy enforces ACLs on query, according to user id

• Search results "trimmed" to match source items, for each user

Fine-grained RBAC for Fusion-specific functions.

Works with LDAP groups, too.

You can make it work with other systems with the extensible framework.

• Plug in to auth systems, e.g., SAML, OAuth, SSO

• Crawl content store ACLs

Fusion Pipelines let you specify rules for redaction, masking, filtering of data in documents and logs

• Match patterns with regular expressions

• Use NLP to find terms, names, etc

• Modular stages let you easily add, change, and manage rule sets

Questions?

Thank you