diff --git a/salt/common/init.sls b/salt/common/init.sls
index 8b17cc7f5..b0289ed32 100644
--- a/salt/common/init.sls
+++ b/salt/common/init.sls
@@ -267,10 +267,23 @@ dockerreserveports:
     - source: salt://common/files/99-reserved-ports.conf
     - name: /etc/sysctl.d/99-reserved-ports.conf
 
+{% if salt['grains.get']('sosmodel', '') %}
+# Install raid check cron
+/usr/sbin/so-raid-status > /dev/null 2>&1:
+  cron.present:
+    - user: root
+    - minute: '*/15'
+    - hour: '*'
+    - daymonth: '*'
+    - month: '*'
+    - dayweek: '*'
+
+{% endif %}
+
 {% else %}
 
 {{sls}}_state_not_allowed:
   test.fail_without_changes:
     - name: {{sls}}_state_not_allowed
 
-{% endif %}
+{% endif %}
\ No newline at end of file
diff --git a/salt/common/tools/sbin/so-raid-status b/salt/common/tools/sbin/so-raid-status
new file mode 100644
index 000000000..d55d158fe
--- /dev/null
+++ b/salt/common/tools/sbin/so-raid-status
@@ -0,0 +1,81 @@
+#!/bin/bash
+
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+. /usr/sbin/so-common
+
+#check_boss_raid() {
+#    BOSSBIN=/opt/boss/mvcli
+#    BOSSRC=$($BOSSBIN info -o vd | grep functional)
+#
+#    if [[ $BOSSRC ]]; then
+#        # Raid is good
+#        BOSSRAID=0
+#    else
+#        BOSSRAID=1
+#    fi
+#}
+
+check_lsi_raid() {
+    # For use for LSI on Ubuntu
+    #MEGA=/opt/MegaRAID/MegeCli/MegaCli64
+    #LSIRC=$($MEGA -LDInfo -Lall -aALL | grep Optimal)
+    # Open Source Centos
+    MEGA=/opt/mega/megasasctl
+    LSIRC=$($MEGA | grep optimal)
+
+    if [[ $LSIRC ]]; then
+        # Raid is good
+        LSIRAID=0
+    else
+        LSIRAID=1
+    fi
+
+}
+
+check_software_raid() {
+    SWRC=$(grep "_" /proc/mdstat)
+
+    if [[ $SWRC ]]; then
+        # RAID is failed in some way
+        SWRAID=1
+    else
+        SWRAID=0
+    fi
+}
+
+# This script checks raid status if you use SO appliances
+
+# See if this is an appliance
+
+{%- if salt['grains.get']('sosmodel', '') %}
+mkdir -p /opt/so/log/raid
+  {%- if grains['sosmodel'] in ['SOSMN', 'SOSSNNV'] %}
+#check_boss_raid
+check_software_raid
+echo "osraid=$BOSSRAID nsmraid=$SWRAID" > /opt/so/log/raid/status.log
+  {%- elif grains['sosmodel'] in ['SOS1000F', 'SOS1000', 'SOSSN7200', 'SOS10K', 'SOS4000'] %}
+#check_boss_raid
+check_lsi_raid
+echo "osraid=$BOSSRAID nsmraid=$LSIRAID" > /opt/so/log/raid/status.log
+  {%- else %}
+exit 0
+  {%- endif %}
+{%- else %}
+exit 0
+{%- endif %}
+
+
diff --git a/salt/common/tools/sbin/so-user b/salt/common/tools/sbin/so-user
index 3ab9ae6a2..b918ff173 100755
--- a/salt/common/tools/sbin/so-user
+++ b/salt/common/tools/sbin/so-user
@@ -1,12 +1,20 @@
 #!/bin/bash
-# Copyright 2020 Security Onion Solutions. All rights reserved.
+
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
+
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation, either version 3 of the License, or
+#    (at your option) any later version.
 #
-# This program is distributed under the terms of version 2 of the
-# GNU General Public License.  See LICENSE for further details.
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
 #
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
 
 source $(dirname $0)/so-common
 
diff --git a/salt/elasticsearch/files/elasticsearch.yml b/salt/elasticsearch/files/elasticsearch.yml
index 4a7260bc6..25bb6cb02 100644
--- a/salt/elasticsearch/files/elasticsearch.yml
+++ b/salt/elasticsearch/files/elasticsearch.yml
@@ -25,24 +25,27 @@ cluster.routing.allocation.disk.threshold_enabled: true
 cluster.routing.allocation.disk.watermark.low: 95%
 cluster.routing.allocation.disk.watermark.high: 98%
 cluster.routing.allocation.disk.watermark.flood_stage: 98%
+{%- if FEATURES is sameas true %}
+xpack.ml.enabled: false
 #xpack.security.enabled: false
-xpack.security.transport.ssl.enabled: true
-xpack.security.transport.ssl.verification_mode: none
-xpack.security.transport.ssl.key: /usr/share/elasticsearch/config/elasticsearch.key
-xpack.security.transport.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.crt
-xpack.security.transport.ssl.certificate_authorities: [ "/usr/share/elasticsearch/config/ca.crt" ]
-{%- if grains['role'] in ['so-node','so-heavynode'] %}
-xpack.security.http.ssl.enabled: true
-xpack.security.http.ssl.client_authentication: none
-xpack.security.http.ssl.key: /usr/share/elasticsearch/config/elasticsearch.key
-xpack.security.http.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.crt
-xpack.security.http.ssl.certificate_authorities: /usr/share/elasticsearch/config/ca.crt
-{%- endif %}
+#xpack.security.transport.ssl.enabled: true
+#xpack.security.transport.ssl.verification_mode: none
+#xpack.security.transport.ssl.key: /usr/share/elasticsearch/config/elasticsearch.key
+#xpack.security.transport.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.crt
+#xpack.security.transport.ssl.certificate_authorities: [ "/usr/share/elasticsearch/config/ca.crt" ]
+#{%- if grains['role'] in ['so-node','so-heavynode'] %}
+#xpack.security.http.ssl.enabled: true
+#xpack.security.http.ssl.client_authentication: none
+#xpack.security.http.ssl.key: /usr/share/elasticsearch/config/elasticsearch.key
+#xpack.security.http.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.crt
+#xpack.security.http.ssl.certificate_authorities: /usr/share/elasticsearch/config/ca.crt
+#{%- endif %}
 #xpack.security.authc:
 #  anonymous:
 #    username: anonymous_user
 #    roles: superuser
 #    authz_exception: true
+{%- endif %}
 node.name: {{ grains.host }}
 script.max_compilations_rate: 1000/1m
 {%- if TRUECLUSTER is sameas true %}
diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls
index fc22e4355..82fc7c77d 100644
--- a/salt/elasticsearch/init.sls
+++ b/salt/elasticsearch/init.sls
@@ -23,6 +23,12 @@
 {% set TRUECLUSTER = salt['pillar.get']('elasticsearch:true_cluster', False) %}
 {% set MANAGERIP = salt['pillar.get']('global:managerip') %}
 
+{% if FEATURES is sameas true %}
+  {% set FEATUREZ = "-features" %}
+{% else %}
+  {% set FEATUREZ = '' %}
+{% endif %}
+
 {% if grains['role'] in ['so-eval','so-managersearch', 'so-manager', 'so-standalone', 'so-import'] %}
   {% set esclustername = salt['pillar.get']('manager:esclustername') %}
   {% set esheap = salt['pillar.get']('manager:esheap') %}
@@ -180,7 +186,7 @@ eslogdir:
 
 so-elasticsearch:
   docker_container.running:
-    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-elasticsearch:{{ VERSION }}
+    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-elasticsearch:{{ VERSION }}{{ FEATUREZ }}
     - hostname: elasticsearch
     - name: so-elasticsearch
     - user: elasticsearch
diff --git a/salt/filebeat/init.sls b/salt/filebeat/init.sls
index 8fbbf97ee..f280309f0 100644
--- a/salt/filebeat/init.sls
+++ b/salt/filebeat/init.sls
@@ -64,7 +64,7 @@ filebeatconfsync:
         OUTPUT: {{ salt['pillar.get']('filebeat:config:output', {}) }}
 so-filebeat:
   docker_container.running:
-    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-filebeat:{{ VERSION }}
+    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-filebeat:{{ VERSION }}{{ FEATURES }}
     - hostname: so-filebeat
     - user: root
     - extra_hosts: {{ MANAGER }}:{{ MANAGERIP }},{{ LOCALHOSTNAME }}:{{ LOCALHOSTIP }}
diff --git a/salt/kibana/init.sls b/salt/kibana/init.sls
index 1b5d05e57..10b799e80 100644
--- a/salt/kibana/init.sls
+++ b/salt/kibana/init.sls
@@ -73,7 +73,7 @@ kibanabin:
 # Start the kibana docker
 so-kibana:
   docker_container.running:
-    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-kibana:{{ VERSION }}
+    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-kibana:{{ VERSION }}{{ FEATURES }}
     - hostname: kibana
     - user: kibana
     - environment:
diff --git a/salt/logstash/init.sls b/salt/logstash/init.sls
index e37713a4e..61f533865 100644
--- a/salt/logstash/init.sls
+++ b/salt/logstash/init.sls
@@ -146,7 +146,7 @@ lslogdir:
 
 so-logstash:
   docker_container.running:
-    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-logstash:{{ VERSION }}
+    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-logstash:{{ VERSION }}{{ FEATURES }}
     - hostname: so-logstash
     - name: so-logstash
     - user: logstash