Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

how to user serverclass with aws servers that names and ip's change each time they get rebuilt

bobmccoy
Explorer
‎04-09-2018 02:08 PM

we have a few small applications in aws

I would like to use my on prem deployment server to services these servers.
The servers get rebuilt each time they get to deployed to and each time the server names and ips are different
We have different subnets for each AZ as well as different subnets for each security tier. So each environment your looking at 15-20 different subnet ranges

So is it possible to use deployment server in this scenario or would it be better to update the input and output file when the server gets built as part of the build process

0 Karma
Reply

acharlieh
Influencer
‎04-09-2018 10:25 PM

A few options here, one is if your AWS deployment methodologies set hostnames that can be keyed off of for your server classes then you could build server classes from there. Alternatively, in deploymentclient.conf you could set clientName differently for different kinds of images and build your server classes based on matching those names. (This latter option is one that i'm thinking about pursuing while rolling out deployment servers. (hence this previous question).

That said, I would challenge @deepashri_123's assertion, Deployment Server is not necessarily always a best practice, and is very environment specific as to if it should be used. it is often the case where it is a better option, but existing considerations of network boundaries, security, and existing patterns could lead to other configuration management techniques Being in an environment where your control of the network is secondary to a cloud service provider, I would highly recommend that forwarders are configured to assert the identity of the deployment server's SSL certificate, lest a malicious actor tricks forwarders into installing their code. but maybe pre-baking is an ok option if redeploy is an acceptable time requirement for changes.

0 Karma
Reply

deepashri_123
Motivator
‎04-09-2018 10:59 PM

@acharlieh Agreed 🙂

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...