For compliance reasons, we need to have gateway servers set up at the edges of our secure domains that can forward Splunk traffic into one main domain.
Putting an intermediate forwarder on the gateway is fine for traffic, but I would also like for the gateway server to be able to handle configurations, since the servers on the secure domain are unable to talk to my deployment server sitting in the main domain.
Can deployment servers handle mirroring, wherein I can make a change on my main deployment server and it replicates those changes to all my gateways, who can then push out those changes to all the servers on the secure domains? If not natively, what would be the best way to handle this scenario?
Splunk used to support Multi-tenant Deployment Server (Main Deployment Server to multiple sub-Deployment Server as repositories). But, the feature is not supported any more.
Splunk Deployment Server/Client requires tcp session establishing from DC to DS. Can you set firewall at the gateway to accept such communication? If not, you might need to put DS to each secure domains.
We have a DS in each secure domain, which I'm fine with, but it would be nice to not have to make modifications to an app in each of my domains. My ideal scenario is having a "main" DS that replicates its changes to the "sub" DS in each domain, who can then push out to the DC's in their domain.
The reason I'm attacking this angle is that otherwise, I would need to have all of my DC's in those secure domains contact my main DS in the general domain, and managing those firewall rules and all the security compliance therein would turn into my entire job.