diff --git a/deploy-manage/remote-clusters/ece-enable-ccs.md b/deploy-manage/remote-clusters/ece-enable-ccs.md index 79c7b8214e..f3b11217d6 100644 --- a/deploy-manage/remote-clusters/ece-enable-ccs.md +++ b/deploy-manage/remote-clusters/ece-enable-ccs.md @@ -32,8 +32,18 @@ To use CCS or CCR, your environment must meet the following criteria: :::{include} _snippets/remote-cluster-certificate-compatibility.md ::: -* Proxies must answer TCP requests on the port 9400. Check the [prerequisites for the ports that must permit outbound or inbound traffic](../deploy/cloud-enterprise/ece-networking-prereq.md). -* Load balancers must pass-through TCP requests on port 9400. Check the [configuration details](../deploy/cloud-enterprise/ece-load-balancers.md). +* ECE proxies must answer TCP requests on the port used by the selected [security model](./security-models.md): + * `9400` when using TLS certificate–based authentication (deprecated). + * `9443` when using API key–based authentication. + + For details, refer to the [remote cluster security models](./security-models.md) documentation and [ECE networking prerequisites](/deploy-manage/deploy/cloud-enterprise/ece-networking-prereq.md). + +* Load balancers must pass through TCP requests on the port that corresponds to the security model: + * `9400` for TLS certificate–based authentication (deprecated). + * `9443` for API key–based authentication. + + For configuration details, refer to the [ECE load balancer requirements](../deploy/cloud-enterprise/ece-load-balancers.md). + * If your deployment was created before ECE version `2.9.0`, the Remote clusters page in {{kib}} must be enabled manually from the **Security** page of your deployment, by selecting **Enable CCR** under **Trust management**. ::::{note} @@ -62,4 +72,4 @@ The steps, information, and authentication method required to configure CCS and ## Remote clusters and network security [ece-ccs-ccr-network-security] -If you have [network security policies](/deploy-manage/security/network-security-policies.md) applied to the remote cluster, you might need to take extra steps on the remote side to allow traffic from the local cluster. Some remote cluster configurations have limited compatibility with network security. To learn more, refer to [Remote clusters and network security](/deploy-manage/remote-clusters.md#network-security). \ No newline at end of file +If you have [network security policies](/deploy-manage/security/network-security-policies.md) applied to the remote cluster, you might need to take extra steps on the remote side to allow traffic from the local cluster. Some remote cluster configurations have limited compatibility with network security. To learn more, refer to [Remote clusters and network security](/deploy-manage/remote-clusters.md#network-security).