Deployment Architecture

Is it a good idea for a hybrid architecture ES SH on aws and Indexer on premise?

aasabatini
Motivator

Hi Folks,

 

I have quick architectural question, do think is a good idea set an architecture with a ES search head on aws cloud and the indexer on - premise?

thanks for your reply

 

“The answer is out there, Neo, and it’s looking for you, and it will find you if you want it to.”
Labels (1)
Tags (1)
0 Karma
1 Solution

gcusello
SplunkTrust
SplunkTrust

Hi @aasabatini (Ciao Alessandro),

only for joke, as you surely know: Quelo (an italian comedian character) said: the answer is inside you, but it's wrong! 😉

Anyway, yes it's technically possible, but why you shoudl do it?

if your customer takes the decision to manage the indexers stack, why maintain the Search Heads in Cloud? if you want  to avoid systems management, you should put all the systems in Cloud, not only part of them.

If the problem is compliance with GDPR, AWS has Data Centers in EU and also in Italy and anyway data pass through Search Heads.

usually the hybrid architecture are composed by indexers and part of Search Heads in Cloud and part of Search Head on permise, but I never saw Indexers on prem and Search Head in Cloud.

Ciao.

Giuseppe

View solution in original post

PickleRick
SplunkTrust
SplunkTrust

While probably you could pull it off (the network latency could be frustrating though, especially with more "interactive" dashboards), I wouldn't recommend such architecture.

What would you want to acomplish this way? A bit cheaper infrastructure vs. on-premise hardware?

But you'd have to pass the traffic from an external site to the insides of your network which makes it harder to maintain and secure properly. - IMO not worth the effort.

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @aasabatini (Ciao Alessandro),

only for joke, as you surely know: Quelo (an italian comedian character) said: the answer is inside you, but it's wrong! 😉

Anyway, yes it's technically possible, but why you shoudl do it?

if your customer takes the decision to manage the indexers stack, why maintain the Search Heads in Cloud? if you want  to avoid systems management, you should put all the systems in Cloud, not only part of them.

If the problem is compliance with GDPR, AWS has Data Centers in EU and also in Italy and anyway data pass through Search Heads.

usually the hybrid architecture are composed by indexers and part of Search Heads in Cloud and part of Search Head on permise, but I never saw Indexers on prem and Search Head in Cloud.

Ciao.

Giuseppe

aasabatini
Motivator

Hi Glad to hear you and thanks for your reply, I'm totally agree with you this is just a proposal from my client and I wanted to hear other opinion.

Now I consulted him to follow the splunk best pratices.

Regards

Alessandro

@gcusello

“The answer is out there, Neo, and it’s looking for you, and it will find you if you want it to.”
Tags (1)
0 Karma
Get Updates on the Splunk Community!

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Get Inspired! We’ve Got Validation that Your Hard Work is Paying Off

We love our Splunk Community and want you to feel inspired by all your hard work! Eric Fusilero, our VP of ...

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Hey Splunky People! We are excited to share the latest updates in Splunk Enterprise 9.4. In this release we ...