Secure splunk enterprise cluster deployment with SSL / mutual TLS

Path Finder


We are deploying splunk enterprise in aws and we want to know how and which all components to be ssl secured.

Few points about our cluster and we have to bind with these constraints

  1. There are no forwarders. ( I see splunk recommend to use forwarders but we choose other route) and so no deployment server
  2. HEC is enabled in indexers and our java based application sends data to hec indexers.
  3. Out company provides all required certs for ssl and we have to use these certs

Our sample cluster would be something like 3 search heads in SHC, 1 cluster/license master, 7 indexers in indexer cluster and a deployer

Here are my few questions about securing different components of our cluster

  1. Following to secure splunk web(search heads) with own certs. Do we need to still perform this step if we have our search head cluster fronted by a https load balancer.If yes, any detailed explanation would be helpful
  2. Do we need to have mutual TLS between Search heads in SHC and indexers in Indexer cluster? Since both are clusters, search heads communicates first with master and then with indexers. so how can we secure communication between shs and indexers with own certs?
  3. How to secure communication between our HEC indexers and the java based application? We are planning to have our HEC indexers fronted by a https load balancer. How to achieve secure communication in this regard with own certs?
  4. Is there any other channels that we need to secure with own certs apart from above?

I know these are big list of questions, but any help here will really help us build a secure cluster.
Any help is highly appreciated.
Thanks in Advance.

Labels (1)
0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...