Security
Highlighted

Secure splunk enterprise cluster deployment with SSL / mutual TLS

Path Finder

Hi,

We are deploying splunk enterprise in aws and we want to know how and which all components to be ssl secured.

Few points about our cluster and we have to bind with these constraints

  1. There are no forwarders. ( I see splunk recommend to use forwarders but we choose other route) and so no deployment server
  2. HEC is enabled in indexers and our java based application sends data to hec indexers.
  3. Out company provides all required certs for ssl and we have to use these certs

Our sample cluster would be something like 3 search heads in SHC, 1 cluster/license master, 7 indexers in indexer cluster and a deployer

Here are my few questions about securing different components of our cluster

  1. Following https://docs.splunk.com/Documentation/Splunk/7.3.3/Security/SecureSplunkWebusingasignedcertificate to secure splunk web(search heads) with own certs. Do we need to still perform this step if we have our search head cluster fronted by a https load balancer.If yes, any detailed explanation would be helpful
  2. Do we need to have mutual TLS between Search heads in SHC and indexers in Indexer cluster? Since both are clusters, search heads communicates first with master and then with indexers. so how can we secure communication between shs and indexers with own certs?
  3. How to secure communication between our HEC indexers and the java based application? We are planning to have our HEC indexers fronted by a https load balancer. How to achieve secure communication in this regard with own certs?
  4. Is there any other channels that we need to secure with own certs apart from above?

I know these are big list of questions, but any help here will really help us build a secure cluster.
Any help is highly appreciated.
Thanks in Advance.

Labels (1)
0 Karma