“Databases. As a Service.” adorns the Orchestrate home page. We’ve emphasized the plural because we run our service on multiple persistent stores, and a key piece of what makes up Orchestrate is how we expose this software, for example, Elasticsearch.

A recent Elasticsearch vulnerability saw Amazon EC2 nodes hijacked for denial-of-service attacks because of improperly secured instances, which allowed hackers to inject malicious scripts on the affected machine.

Orchestrate was not susceptible to this hack in part because, by design, our Search API abstracts out features specific to Elasticsearch, securing it by not exposing it in the first place. Instead, developers build against the API and the API server makes the appropriate calls to Elasticsearch, packaging the results as the JSON response you expect to see.

We practice overall good security hygiene, audited by AWS security experts Evident.io, but there are benefits to abstraction beyond security. It all starts with the way we’ve designed our service.

Data is automatically indexed when it comes in to our key/value store. Each field can be searched separately without tuning, so developers can focus on implementing the search feature rather than the search details.

Orchestrate ensures that the parts of Elasticsearch we expose are capable of scaling. There is a lot Elasticsearch can do. We’ve focused on the parts of search that have the most impact on developers, which can withstand many thousands of simultaneous users. We plan to add more search features, such as faceting and geospatial, and make them available with consistent and predictable latencies.

There’s a fine line between Elasticsearch-as-a-service and exposing Elasticsearch as-a-service. It’s a line we think matters and comes down to abstraction. We have an API that offers secure, simple and scalable access to the features of Elasticsearch (and several other database technologies).

See why Game Clash chose Orchestrate for its build its video game recommendation and reviews platform after running its own Elasticsearch instance.