Deployment Architecture

how to user serverclass with aws servers that names and ip's change each time they get rebuilt

bobmccoy
Explorer

we have a few small applications in aws

I would like to use my on prem deployment server to services these servers.
The servers get rebuilt each time they get to deployed to and each time the server names and ips are different
We have different subnets for each AZ as well as different subnets for each security tier. So each environment your looking at 15-20 different subnet ranges

So is it possible to use deployment server in this scenario or would it be better to update the input and output file when the server gets built as part of the build process

0 Karma

acharlieh
Influencer

A few options here, one is if your AWS deployment methodologies set hostnames that can be keyed off of for your server classes then you could build server classes from there. Alternatively, in deploymentclient.conf you could set clientName differently for different kinds of images and build your server classes based on matching those names. (This latter option is one that i'm thinking about pursuing while rolling out deployment servers. (hence this previous question).

That said, I would challenge @deepashri_123's assertion, Deployment Server is not necessarily always a best practice, and is very environment specific as to if it should be used. it is often the case where it is a better option, but existing considerations of network boundaries, security, and existing patterns could lead to other configuration management techniques Being in an environment where your control of the network is secondary to a cloud service provider, I would highly recommend that forwarders are configured to assert the identity of the deployment server's SSL certificate, lest a malicious actor tricks forwarders into installing their code. but maybe pre-baking is an ok option if redeploy is an acceptable time requirement for changes.

0 Karma

deepashri_123
Motivator

@acharlieh Agreed 🙂

0 Karma
Get Updates on the Splunk Community!

Monitoring MariaDB and MySQL

In a previous post, we explored monitoring PostgreSQL and general best practices around which metrics to ...

Financial Services Industry Use Cases, ITSI Best Practices, and More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Splunk Federated Analytics for Amazon Security Lake

Thursday, November 21, 2024  |  11AM PT / 2PM ET Register Now Join our session to see the technical ...