Deployment Architecture

Are multi-tier license masters possible?

eregon
Path Finder

Good morning fellow splunkthiasts,

is it possibe to have a multi-tier distributed license management in Splunk? Currently we have a distributed Splunk installation happily collecting the data from everywhere.

We would like to build a new Splunk instance collecting data within isolated environment of very dynamic nature and using the centrally managed license. The isolated environment is considered development one, while our license master server is in production, therefore general firewall rule allowing the communication from whole range of addresses can not be put in place.

The dynamic nature of the environment means the Splunk instance will change its address frequently and it is possible there will be more instances at the same time (we are talking about Docker/Kubernetes rapid-deployment environment with potentially thousands of addresses, Splunk can reside anywhere in this range at any given time), therefore specific rule allowing only Splunk slave-to-master communication is not possible to create, too.

Something like a license proxy would solve my case: one license "master" on a fixed address within the dynamic environment manages license usage by all Splunk instances existing here. However, this "master" would have no license keys of its own, but would proxy the license usage to our current license master. Having a rule to allow specific communication between two specific addresses is acceptable for oour security department.

I haven't found such use case anywhere in the documentation - is this even possible? If not, how would you overcome this obstacle?

0 Karma
1 Solution

eregon
Path Finder

After discussing this with Splunkers I met at the .conf, proxying of license master is not possible in current versions of Splunk. For each license key there has to be exactly one license master server that must be accessible from every Splunk instance (license slave) that should use the respective license. Actual solution to problem described in question is to relocate the license master server to an appropriate subnet / VLAN and introduce necessary firewall rules allowing the communication.

View solution in original post

0 Karma

eregon
Path Finder

After discussing this with Splunkers I met at the .conf, proxying of license master is not possible in current versions of Splunk. For each license key there has to be exactly one license master server that must be accessible from every Splunk instance (license slave) that should use the respective license. Actual solution to problem described in question is to relocate the license master server to an appropriate subnet / VLAN and introduce necessary firewall rules allowing the communication.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...