Deployment Architecture

Are there any ideal exceptions where DS has to be on windows when most of the servers are windows?

jonwick
Path Finder

We are planning to have DS linux based which would be used to deploy majorly on Windows servers and few Linux based servers.

Are there any exceptions where DS has to be kn Windows to push apps?

Will my Linux based  DS suffice for all(windows+linux) UFs???

We would be using DS to deploy only on UFs, no indexers, search heads in the context.

1 Solution

gcusello
SplunkTrust
SplunkTrust

Hi @jonwick,

there isn't any requirement to have a DS with the same operative system of the most clients to deploy.

I always use Linux DS in my projets.

Because you deploy Splunk apps and TAs that are indipendent by the os you're using on the Forwarders.

About using DS also for Indexers and Search Head, you could but in my opinion isn't a good idea:

at first if you have a cluster (SHs or IXs) you cannot use DS, you have to use Deployer (for SHs) and Master Node (for IXs); 

then if you haven't a cluster, it means that you haven't many servers, so I prefer to manually update them, also because, using DS, you have to restart Splunk after updates and you cannot schedule restarts using DS (manually you can!) and this could be unacceptable for a production environment.

Ciao.

Giuseppe

View solution in original post

gcusello
SplunkTrust
SplunkTrust

Hi @jonwick,

there isn't any requirement to have a DS with the same operative system of the most clients to deploy.

I always use Linux DS in my projets.

Because you deploy Splunk apps and TAs that are indipendent by the os you're using on the Forwarders.

About using DS also for Indexers and Search Head, you could but in my opinion isn't a good idea:

at first if you have a cluster (SHs or IXs) you cannot use DS, you have to use Deployer (for SHs) and Master Node (for IXs); 

then if you haven't a cluster, it means that you haven't many servers, so I prefer to manually update them, also because, using DS, you have to restart Splunk after updates and you cannot schedule restarts using DS (manually you can!) and this could be unacceptable for a production environment.

Ciao.

Giuseppe

isoutamo
SplunkTrust
SplunkTrust
Actually there is one restriction for DS. You cannot use windows based DS for any other OS clients than windows. If you have other than windows clients then you must use Linux based DS which works with other OS too.
r. Ismo
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...