EIVUS

Elasticsearch Hosting on VPS or Dedicated

Size memory and disk for Elasticsearch; clustering and backups.

Back to blog

Elasticsearch is memory and I/O intensive. Allocate enough heap (typically half of RAM, up to 31GB). Use SSD for indices. Plan cluster topology and snapshots; secure the cluster (auth, TLS).

Sizing

  • Heap: JVM heap — usually set to ~50% of RAM, up to 31 GB (compressed oops limit). Do not set too high or the OS will swap. Leave the rest for filesystem cache (Lucene benefits from OS cache).
  • RAM: Plan for at least 4–8 GB for a small node; 16–32 GB for production nodes. More RAM = more caching and larger indices in memory.
  • Disk: Use SSD or NVMe for index storage. Spinning disk is slow for search and indexing. Plan for growth (indices, replicas, snapshots). Monitor disk space and set alerts.
  • CPU: Indexing and search use CPU. More cores help for concurrent queries and bulk indexing. Avoid over-subscribed VPS for production.

Cluster and topology

  • Single node: Fine for dev or small workloads. No replication; if the node dies, you lose availability and possibly data (unless you have backups).
  • Cluster: Multiple nodes for HA and scaling. Decide role per node (master-eligible, data, ingest) to avoid split brain and balance load. Run at least 3 master-eligible nodes for quorum. Replicas across nodes for redundancy.
  • Discovery: Configure cluster.initial_master_nodes and discovery (zen or single-node for dev). Secure transport (TLS) and avoid exposing nodes to the internet.

Backups and recovery

  • Snapshots: Use snapshot API to backup to a repository (shared filesystem or S3-compatible). Schedule snapshots (e.g. daily); retain per policy. Test restore to another cluster or index.
  • Index lifecycle: Use ILM (Index Lifecycle Management) to roll over indices, move to warm/cold tiers, and delete old data. Reduces cost and keeps clusters manageable.
  • Recovery: Document how to restore from snapshot; test periodically. Have enough disk and memory in the cluster to restore the last snapshot.

Security

  • Network: Do not expose Elasticsearch to the internet. Bind to private IP; use firewall. If you need remote access, use VPN or SSH tunnel.
  • Auth: Enable security (X-Pack or OpenSearch security). Create users and roles; use least privilege. API keys for app access with short expiry or rotation.
  • TLS: Encrypt transport between nodes and for client connections. Use proper certs (not default demo certs in production).

Summary

Elasticsearch is memory and I/O intensive. Allocate enough heap (typically half of RAM, up to 31 GB). Use SSD for indices. Plan cluster topology and snapshots; secure with auth and TLS. Back up with snapshots; test restore.

Clients who trust us