How many DMCs are needed in Active-Active Multisit...

sagaraverma · ‎11-22-2019

We are planning to build an ACTIVE-ACTIVE multisite Splunk deployment, wherein each data center will have its own cluster master along with a set of search peers and search heads.

We are confused about whether we should go with two distributed management consoles, one at each site OR if only one DMC is enough for both the sites?

Please suggest !!

woodcock · ‎11-22-2019

I would do a single global MC. If you are in a failure scenario, it is trivial to spin up a new MC from scratch, even by hand.

darrenfuller · ‎11-22-2019

That would depend...

If you are setting up the multi-site environment because you are wanting DR or for the purpose of ensuring redundancy then you would likely want to have the monitoring setup with redundancy as well. That way if you lose a site, your monitoring will continue unfettered.

If you are setting up the multi-site environment to deal with network latency between sites or to enable search / forwarder affinity and are not worried about DR, then a single MC will likely be sufficient.

How many DMCs are needed in Active-Active Multisite architecture ?

Get Inspired! We’ve Got Validation that Your Hard Work is Paying Off

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)