Deployment Architecture

What communication between dashboard and Infrastructure

Wim
New Member

Hi,

 

I 'm new to Splunk, but I need some answers pretty fast. We are invited to insource Infrastructure monitoring and control from a high secure environment. As we are outside customers domain, obviously the dashboard runs on servers outside customers infrastructure. Of course there needs to be communications between agents running in the infrastructure and the dashboard to upload events and monitoring data. 

However,  it is absolutely a requirement from customer there is NO traffic from the dashboad to the agents on his infrastructure. Upload of data is no problem, but any packet downstream will be blocked. Even "keep alive" traffic.

Is anyone experienced to give me an answer on this?

 

Thanks,

Wim

Labels (1)
0 Karma

PickleRick
Ultra Champion

It depends on what level you're considering the traffic.

You can have your UF-s just pushing data to the HF's/indexers outside of the "secure" environment so that all connections are initiated from within that environment towards outside. But these are still TCP connections so packets go both ways.

If you want to have a "diode" between the environments you'd have to employ some form of stateless connectionless event forwarding. What fulfills those requirements? Some UDP-based protocol. Of course the obvious choice here is syslog over UDP.

You're of course limited with the packet size but that's pretty much the only reasonable choice that you have if you want to have purely "outwards only" communication.

0 Karma

vhharanpositka
Path Finder

Hi @Wim 

 

The dashboard will run the search in the indexer, that is the data transferred to the Splunk indexer from the agent.

But there will be some data transfer from the Splunk Enterprise to the Agent (UF).  The will be some instructions send from Splunk to the agent via 8089 port. 

Apart from this, there will not be any downstream packet transfer between this two.

 

Regards,

0 Karma

fviperen
New Member

Hi, Is it possible to deploy a Splunk on-call distribution in own environment?

0 Karma
Get Updates on the Splunk Community!

Announcing General Availability of Splunk Incident Intelligence!

Digital transformation is real! Across industries, companies big and small are going through rapid digital ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...