Qlik Sense Enterprise for Elastic
Qlik Sense Enterprise for Elastic (QSEfE) is built for the Cloud and deployed in Kubernetes-managed [Linux] Containe...
Qlik Sense Enterprise for Elastic
Qlik Sense Enterprise for Elastic (QSEfE) is built for the Cloud and deployed in Kubernetes-managed [Linux] Containers. It [currently] provides dynamically scalable capacity for consuming Qlik documents that have been reloaded elsewhere. Those documents are distributed into QSEfE using the Multi-Cloud capability documented earlier.
The components of Qlik Sense Enterprise for Elastic can be grouped into four classes:
- Identity Provider (IdP) – an Identity Provider must be configured that shares User and Group details with Qlik Sense Enterprise for Windows.
- Persistence Store – whereas QSEfW requires an SMB/CIFS FileServer, QSEfE requires an NFS-shared Filesystem. You can supply an NFS FileServer in your own instance of a Google Compute Engine (with attached persistent storage) or use the BETA Google Cloud FileStore
- MongoDB – whereas QSEfW requires a PostgreSQL database as the Repository Database, QSEfE requires a MongoDB instance. This may be provided in your own MongoDB cluster, or in a managed service such as mLab or MongoDB Atlas
https://mlab.com/ (recently acquired by MongoDB)
- Qlik Sense – there are many components (pods) in a container of QSEfE, but few are important to the application administrator. QSEfE operates in a similar manner to the Rim Nodes of a QSEfW deployment, with all shared content kept in MongoDB and the Persistence Store.
- Kubernetes – Google Kubernetes Engine (GKE) is an open-source system for automating deployment, scaling and management of containerized applications. It groups containers that make up an Application into logical units for easy management and discovery. A Container is more granular than a Virtual Machine and unlike Google Compute Engines does not require direct administration.
You’ll need to be familiar with YAML configuration files and the Kerberos tools, as administration functionality is moved from the Qlik Management Console to the Kubernetes tools.
Get very familiar with Kubernetes Best Practices!
- Do not expose K8S management plane ports externally unless protected
- Limit the blast radius of a compromised container
- Prohibit the MITM reading of sensitive data transmitted to and from containers
- Protect Service API
See also https://www.cisecurity.org/benchmark/kubernetes/
A Single-Node deployment of Qlik Sense Enterprise for Elastic serves very little purpose other than familiarizing with the Kubernetes tools. The presence of the Repository and Persistence Store on the single node obstructs scaling out the deployment to multiple Nodes, as each would have unintendedly different content.
The single-node deployment may however be useful for ensuring that you have selected and configured an appropriate Load Balancer, that authentication to the Identity Provider is working properly, that you can use Qlik Multi-Cloud to distribute a Qlik Sense Document from Qlik Sense Enterprise for Windows into Qlik Sense Enterprise for Elastic and that you can access the Qlik content via the Elastic Hub.
After this basic validation, you need to relocate the Persistence Store and MongoDB to separate Nodes before scaling out Qlik Sense over multiple Kubernetes-managed Nodes.
The MongoDB repository can be replaced with your own managed instance of MongoDB, mLab (recently acquired by MongoDB) or MongoDB Atlas (available as a managed service within GCP).
The Persistence Store is implemented in an NFS FileShare. You can supply an NFS FileServer in your own instance of a Google Compute Engine (with attached persistent storage) or use the BETA Google Cloud FileStore service.
Kubernetes can be configured to monitor resource utilization [using Prometheus] and automatically re-scale Qlik Sense over more Pods (called Horizontal Pod Autoscaling (HPA)) if CPU/RAM exceed a threshold, or quiesce and scale down Pods which have no active Qlik Sessions on them.
Take care to ensure that the Kubernetes environment is appropriately secured from inappropriate or malicious administration.