Deployment Architecture

Best practices for Deployment Server sizing and maintenance for 10K clients?

Splunk Employee
Splunk Employee

What are the hardware requirements for a Deployment Server with up to 10,000 clients? At what point should multiple Deployment Servers be used? Number of clients? Size of apps? Where should one look to diagnose issues? Certain log messages?

At what point does one determine a better option is Puppet or Chef?

There is some guidance of 50+ clients with this article, but this is a much larger deployment:

Esteemed Legend

Watch this video and pay special attention to "Hierarchical Deployments":

0 Karma


This is a subjective question with a subjective answer. Personally I think you should use both the deployment server and chef.

I would use chef/ puppet to manage the installation and anything in system/local. Items that i thing should not be controlled through apps/ TAs.

For the deployment server I've managed 3k clients using a single deployment server, but with 15 min checkin intervals not the default 5min. The longer your checkin intervals the more server you should be able to support. Thought this make it difficult if you need to deploy rapid changes. Alternatively you can setup a tiered deployment server environment with a single master deployment server. This does add complexity.

The article you reference states 12 core 12GB can support up too 1000 clients with 5min checkin intervals could deploy updates in 9.5minutes with a 50MB payload. If you increase your checkin intervals 10k clients shouldn't be a problem.

0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...