Which is preferable, having a heavy forwarder/deployment server in the DMZ or opening the Splunk ports from the existing DMZ servers (30 servers) to communicate with Splunk in production? If we build a new HF/Deployment Server in the DMZ, we will not have to worry about opening the Splunk ports from the other DMZ servers BUT we would want to have RDP access (opening the RDP port) to this new deployment server from our desktops. If we choose not to have a deployment server in the DMZ, there is no need for us to open additional RDP ports. Is there a recommendation/best practice to follow for this?
... View more