Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Is it a good idea for a hybrid architecture ES SH on aws and Indexer on premise?

aasabatini
Motivator
‎11-22-2022 02:46 AM

Hi Folks,

 

I have quick architectural question, do think is a good idea set an architecture with a ES search head on aws cloud and the indexer on - premise?

thanks for your reply

 

“The answer is out there, Neo, and it’s looking for you, and it will find you if you want it to.”
Labels (1)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎11-22-2022 02:55 AM

Hi @aasabatini (Ciao Alessandro),

only for joke, as you surely know: Quelo (an italian comedian character) said: the answer is inside you, but it's wrong! 😉

Anyway, yes it's technically possible, but why you shoudl do it?

if your customer takes the decision to manage the indexers stack, why maintain the Search Heads in Cloud? if you want  to avoid systems management, you should put all the systems in Cloud, not only part of them.

If the problem is compliance with GDPR, AWS has Data Centers in EU and also in Italy and anyway data pass through Search Heads.

usually the hybrid architecture are composed by indexers and part of Search Heads in Cloud and part of Search Head on permise, but I never saw Indexers on prem and Search Head in Cloud.

Ciao.

Giuseppe

View solution in original post

Reply
Solved! Jump to solution

PickleRick
SplunkTrust
SplunkTrust
‎12-02-2022 05:35 AM

While probably you could pull it off (the network latency could be frustrating though, especially with more "interactive" dashboards), I wouldn't recommend such architecture.

What would you want to acomplish this way? A bit cheaper infrastructure vs. on-premise hardware?

But you'd have to pass the traffic from an external site to the insides of your network which makes it harder to maintain and secure properly. - IMO not worth the effort.

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎11-22-2022 02:55 AM

Hi @aasabatini (Ciao Alessandro),

only for joke, as you surely know: Quelo (an italian comedian character) said: the answer is inside you, but it's wrong! 😉

Anyway, yes it's technically possible, but why you shoudl do it?

if your customer takes the decision to manage the indexers stack, why maintain the Search Heads in Cloud? if you want  to avoid systems management, you should put all the systems in Cloud, not only part of them.

If the problem is compliance with GDPR, AWS has Data Centers in EU and also in Italy and anyway data pass through Search Heads.

usually the hybrid architecture are composed by indexers and part of Search Heads in Cloud and part of Search Head on permise, but I never saw Indexers on prem and Search Head in Cloud.

Ciao.

Giuseppe

Reply
Solved! Jump to solution

aasabatini
Motivator
‎12-02-2022 05:20 AM

Hi Glad to hear you and thanks for your reply, I'm totally agree with you this is just a proposal from my client and I wanted to hear other opinion.

Now I consulted him to follow the splunk best pratices.

Regards

Alessandro

@gcusello

“The answer is out there, Neo, and it’s looking for you, and it will find you if you want it to.”
Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...