Secure SOLR IaaS Implementation with Sitecore PaaS

Are you Sitecore Architect/Developer, finding ways to Secure the Solr IaaS implementation? Here is my approach to secure the Solr!

Let us assume below is a scenario.

• Sitecore 9.0 or above is deployed in Azure PaaS
• SOLR 6.2.2 or above is deployed in Azure IaaS environment with Master & Slave Configuration.
• You want to secure the Solr IaaS.

Security is an important factor considered when exposing the internal system to outside world. Similar security factors needs to be considered exposing the SOLR data to outside world. So let us see how this can be done. The below diagram is an illustrative approach to secure the SOLR.

Sitecore Paas + Secure Solr Implementation

How to secure SOLR ?

• You should configure SSL certificates for the SOLR Master & Slave
• You should configure the load-balancer for the Solr Slave
• The Sitecore CMS should index the content in Solr Master.
• The Solr Slave should sync the content in periodic basis from Master
• The browser shouldn’t talk to the Solr Slave directly, instead it should talk to the Search Service API (it could be Web API).
• The search service API should talk to the SOLR Slave.
• Add IP restriction to the SOLR Slave to allow only the Search Service API outbound IP.
• Add IP restriction to the SOLR Master to allow only the Sitecore CMS — App Service Outbound IP.
• Enable Basic Authentication in SOLR
• Create a Admin user and Read-only users to secure the SOLR
• Use the Admin user credentials in Sitecore CMS to index the content.
• User the Read-only user credentials in the Search Service API to execute the query.
• Protect the Solr over HTTP using the steps identified in Sitecore documentation.

I hope this approach helps you to secure the SOLR IaaS with Sitecore PaaS implementation. Leave your comments.