Looking to setup a splunk cloud instance for my organization. Whether cloud version offers VPN connection? Ideally would want my colleagues to enter a vpn and then access splunk cloud.
Looking to setup more securely, please do tell me about security fares in splunk cloud version.
Splunk Cloud doesnt support VPN. However, Splunk Cloud does support the use of ACL restrictions. So your organization can provide a list of IP addresses, or range. Once this is implemented, only hosts in that range could access the instances.
Additionally, some of the saml providers can provide 2FA authentication. You can check on http://docs.splunk.com/Documentation/SplunkCloud/6.6.1/FAQs/FAQs
Since the access can be limited to a set(s) of source addresses, the web access is protected by TLS and the forwarder access can be protected by mutual TLS authentication, there is really no need for VPN as such.
If you really, really need something VPN-like, you could force your users to use an on-premise web-proxy and limit your Cloud access to that proxy only. It seems a bit pointless but it's possible.
What is the problem you're trying to solve with "VPN"?
Thanks for the reply. The requirement comes from organisation securty standards. Could you expand on how this would be configured "the forwarder access can be protected by mutual TLS authentication"? If we can limit access to specific users and devices based on client certs this may satisfy the requirement.
Splunk inputs support TLS-level certificate authentication. If you set requireClientCert=true, you can - as the name says, require all connecting forwarders to present a valid certificate. There are additional settings which can limit access to specific SANs only. Then you configure your local forwarders to use client certs when connecting and you're set.
IP limiting is a standard feature on inputs.
One caveat - since we're talking about Cloud, you might have to contact support to set up the authentication on the Cloud's side.
WebUI access is another thing. I don't think you can authenticate users with certs here but - honestly - I don't see the point.