Security

Secure splunk enterprise cluster deployment with SSL / mutual TLS

vtalanki
Path Finder

Hi,

We are deploying splunk enterprise in aws and we want to know how and which all components to be ssl secured.

Few points about our cluster and we have to bind with these constraints

  1. There are no forwarders. ( I see splunk recommend to use forwarders but we choose other route) and so no deployment server
  2. HEC is enabled in indexers and our java based application sends data to hec indexers.
  3. Out company provides all required certs for ssl and we have to use these certs

Our sample cluster would be something like 3 search heads in SHC, 1 cluster/license master, 7 indexers in indexer cluster and a deployer

Here are my few questions about securing different components of our cluster

  1. Following https://docs.splunk.com/Documentation/Splunk/7.3.3/Security/SecureSplunkWebusingasignedcertificate to secure splunk web(search heads) with own certs. Do we need to still perform this step if we have our search head cluster fronted by a https load balancer.If yes, any detailed explanation would be helpful
  2. Do we need to have mutual TLS between Search heads in SHC and indexers in Indexer cluster? Since both are clusters, search heads communicates first with master and then with indexers. so how can we secure communication between shs and indexers with own certs?
  3. How to secure communication between our HEC indexers and the java based application? We are planning to have our HEC indexers fronted by a https load balancer. How to achieve secure communication in this regard with own certs?
  4. Is there any other channels that we need to secure with own certs apart from above?

I know these are big list of questions, but any help here will really help us build a secure cluster.
Any help is highly appreciated.
Thanks in Advance.

Labels (1)
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...