Elasticsearch vs Open Distro vs OpenSearch vs Easysearch: A Complete Comparison

Quick conclusion

Open Distro stopped receiving updates and its development team moved to OpenSearch. OpenSearch is a full fork of Elasticsearch 7.10 that is now maintained independently under the Apache 2.0 license. Easysearch is a domestic fork of Elasticsearch 7.10 that adds Chinese‑specific optimizations and Xinchuang compliance.

Open Distro: feature plugins for Elasticsearch

Core idea

Open Distro is the upstream Elasticsearch binary plus a collection of Amazon‑maintained plugins that provide functionality that was previously only available in Elastic’s commercial X‑Pack.

Key plugins

Security authentication: SAML, LDAP/AD integration, single sign‑on, Kerberos.

Alerting: query‑based thresholds or custom scripts trigger notifications via SMS, email, DingTalk or WeChat (e.g., >100 error logs per minute).

K‑NN algorithm: nearest‑neighbor search for billions of records, used for recommendation systems and image search.

Index management: automatic deletion of indices older than 30 days, automatic archiving of large indices, scheduled snapshot backups.

Performance monitoring: a standalone performance manager continues to report health even when the cluster is down.

SQL interface: a SQL layer for users familiar with relational queries.

Problems encountered

AWS originally intended to keep Open Distro in sync with Elasticsearch releases, but Elastic added license‑check code that prevented Open Distro from running on newer Elasticsearch versions. This conflict led to a split, and Open Distro developer Kyle summed it up as “the community’s response to X‑Pack.”

OpenSearch: a complete fork

Why the fork

When Elastic changed the license to SSPL/Elastic License 2.0, cloud providers could no longer offer Elasticsearch as a hosted service without open‑sourcing their entire stack. To avoid this restriction, Amazon forked Elasticsearch 7.10 into OpenSearch and began independent development focused on code refactoring rather than adding new features.

What changed

Renaming : All occurrences of “Elasticsearch” and “Kibana” were renamed to “OpenSearch” and “OpenSearch Dashboards”. The rename affected millions of lines of code and took several weeks.

Feature removal : X‑Pack, license‑check code, and telemetry that reported usage back to Elastic were removed.

Beats incompatibility : Beats that depend on X‑Pack (e.g., Netflow, F5, CoreDNS collectors) stopped working; users must switch to alternatives such as Fluentd or Logstash.

Migration of Open Distro capabilities : Security, alerting, K‑NN, and index‑management plugins from Open Distro were ported into OpenSearch.

X‑Pack overview

X‑Pack is Elastic’s commercial feature bundle that originally required a separate plugin installation. Its license restrictions prevent cloud providers from offering Elasticsearch as a hosted service without paying.

Telemetry

Elastic embedded code that sent usage statistics back to the company. This telemetry can be disabled in Elasticsearch, but OpenSearch removed the code entirely.

Easysearch: domestic alternative

Motivation

In 2021 Elastic switched from Apache 2.0 to SSPL, a license that forces cloud providers to open‑source their entire stack if they offer Elasticsearch as a service. The change, combined with Elastic’s withdrawal from direct sales in China and the Xinchuang policy that requires key systems to run on domestically certified software, created demand for a locally supported solution.

Technical approach

Easysearch also forks Elasticsearch 7.10 but adds the following Chinese‑focused enhancements:

Native Chinese tokenization (ik and pinyin plugins built‑in).

Xinchuang (信创) compliance, certified on Loongson, Feiteng, Kunpeng, HaiGuang CPUs and on Kylin, UnionTech, Zhongbiao Kylin operating systems.

Performance tuning that yields 40‑70% higher write throughput on Nginx‑log benchmarks and 2.5‑3× storage compression (disk usage reduced to one‑third).

Stability fixes for memory leaks, cluster stalls, and node loss that were common in Elasticsearch.

Enterprise‑grade security out‑of‑the‑box: LDAP/AD integration, index‑level, document‑level, and field‑level access control.

Full API and data‑format compatibility with Elasticsearch 7.x, allowing code and queries to run unchanged; only the connection address needs updating.

Six major advantages

Lightweight package : installation size <60 MB versus ~500 MB for Elasticsearch and OpenSearch, resulting in faster installation, startup, and 10‑30% lower CPU/memory usage.

Cross‑platform (domestic CPUs/OS) : runs on Chinese processors and operating systems, all certified.

Performance : write latency 40‑70% lower; storage compression 2.5‑3×.

Stability : many Elasticsearch bugs (OOM, stalls, node loss) have been fixed.

Security : built‑in LDAP/AD, index‑, document‑, and field‑level controls without purchasing X‑Pack.

Compatibility : identical API and data formats to Elasticsearch 7.x; migration requires only endpoint change.

Enterprise‑grade features

Vector search (K‑NN) for recommendation and semantic search.

Asynchronous search for large‑scale queries.

Data masking for sensitive fields.

Searchable snapshots (compressed historical data).

Audit logs showing who queried what.

Hot‑cold tiering (SSD for hot data, HDD for cold data).

Lifecycle management (auto‑archive, delete old data).

Migration and operations

Easysearch provides an “Extreme Gateway” tool that supports full data copy and incremental sync, enabling zero‑downtime migration from existing Elasticsearch snapshots. Since version 1.15 a lightweight Web UI (a simplified Kibana) offers point‑and‑click index management, query debugging, permission configuration, and performance monitoring without CLI interaction. One‑click deployment scripts handle shard balancing and node recovery automatically.

Side‑by‑side comparison

License : Elasticsearch SSPL (restrictive), OpenSearch Apache 2.0, Easysearch proprietary (not open‑source).

Chinese tokenization : Elasticsearch requires the IK plugin; OpenSearch also requires a plugin; Easysearch provides it out‑of‑the‑box.

Package size : Elasticsearch ~500 MB, OpenSearch ~500 MB, Easysearch <60 MB.

Performance : Easysearch write speed 40‑70% faster than the Elasticsearch 7.10.2 baseline; storage compression saves 2.5‑3× space.

Domestic adaptation : Only Easysearch offers full Xinchuang certification.

Support model : Elasticsearch – foreign vendor support; OpenSearch – community; Easysearch – local team.

Relationship diagram

Open Distro added plugins to Elasticsearch and is now discontinued. OpenSearch is a full fork of Elasticsearch that continues development under Apache 2.0. Easysearch is another fork of Elasticsearch 7.10 that focuses on Chinese compliance, performance, and local support.

Choosing the right solution

Continue with Elasticsearch if the open‑source version meets business needs, existing X‑Pack commercial features are required, there are no domestic compliance constraints, and the budget allows purchasing Elastic support.

Select OpenSearch for a fully open‑source stack without license risk, international deployments that integrate with the AWS ecosystem, or when an active global community is desired.

Select Easysearch when Xinchuang compliance is mandatory, Chinese language processing is a core requirement, lower hardware cost and higher performance are needed, fast local technical support is required, or a small team prefers simplified operations.

Future trends

OpenSearch direction

Maintain a strict open‑source commitment.

Continued investment from Amazon.

Growth of an international community.

Easysearch opportunities

Ongoing Xinchuang policy support.

Focus on data security and controllability.

Potential compliance‑driven adoption.

Community building, large‑model vector search, AI integration, and overseas expansion.

Summary

Open Distro added valuable plugins to Elasticsearch but is no longer maintained. OpenSearch is an independent, Apache‑licensed fork that carries forward all Open Distro capabilities while removing Elastic‑specific code. Easysearch is a domestically optimized fork that offers a lightweight package, Chinese tokenization, Xinchuang certification, superior performance, built‑in enterprise security, and seamless compatibility with Elasticsearch APIs. Selection depends on licensing requirements, compliance constraints, performance goals, and support preferences.