Security

Secure splunk enterprise cluster deployment with SSL / mutual TLS

vtalanki
Path Finder

Hi,

We are deploying splunk enterprise in aws and we want to know how and which all components to be ssl secured.

Few points about our cluster and we have to bind with these constraints

  1. There are no forwarders. ( I see splunk recommend to use forwarders but we choose other route) and so no deployment server
  2. HEC is enabled in indexers and our java based application sends data to hec indexers.
  3. Out company provides all required certs for ssl and we have to use these certs

Our sample cluster would be something like 3 search heads in SHC, 1 cluster/license master, 7 indexers in indexer cluster and a deployer

Here are my few questions about securing different components of our cluster

  1. Following https://docs.splunk.com/Documentation/Splunk/7.3.3/Security/SecureSplunkWebusingasignedcertificate to secure splunk web(search heads) with own certs. Do we need to still perform this step if we have our search head cluster fronted by a https load balancer.If yes, any detailed explanation would be helpful
  2. Do we need to have mutual TLS between Search heads in SHC and indexers in Indexer cluster? Since both are clusters, search heads communicates first with master and then with indexers. so how can we secure communication between shs and indexers with own certs?
  3. How to secure communication between our HEC indexers and the java based application? We are planning to have our HEC indexers fronted by a https load balancer. How to achieve secure communication in this regard with own certs?
  4. Is there any other channels that we need to secure with own certs apart from above?

I know these are big list of questions, but any help here will really help us build a secure cluster.
Any help is highly appreciated.
Thanks in Advance.

Labels (1)
0 Karma
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...