Splunk Enterprise on AWS — A Perfect Match!
So you’ve got Splunk Enterprise on-premises and all around you the applications you use daily are increasingly being deployed in the Cloud. Your business has adopted a cloud migration strategy and now you are scrambling to know where to put Splunk!
Thankfully, Splunk has got you covered! There are two distinct options for Splunk in the cloud that really depend on your use cases, what’s important to you and whether you want to have control over the infrastructure you deploy.
- Splunk Enterprise deployed in private cloud infrastructure. This option is great if you still want full control on what you deploy and how you deploy, but still want to realise the benefits of a cloud first strategy.
- Splunk Cloud, which is a full SaaS offering from Splunk providing Splunk as a service. This allows you to quickly use the Splunk platform without needing to manage the underlying infrastructure and architecture.
Of course both options have perceived benefits/disadvantages, and that is a technical discussion that we’d be more than happy to assist with. As a Splunk and AWS partner, we can help you whatever you decide.
So let’s say you have chosen option 1, how easy is it?
AWS EC2 is well designed and suited to the model of horizontal scaling, and if you use the Splunk maintained AWS AMI you can deploy Splunk in just a few clicks. Amazon Linux 2 is also supported, so you can use Splunk with an EC2 optimised operating system.
If you need to retain logs for longer but need to keep costs for storage low, you can utilise Splunk SmartStore using AWS S3 . SmartStore was introduced into Splunk from 7.2 and allows you to offload warm buckets into S3 compatible storage, with the aim of retaining the ability to search quickly and index efficiently — whilst reducing the cost of heavy local storage. Using remote storage such as AWS S3 also allows you to take advantage of S3 features such as its high availability and scalability. “Amazon S3 is designed for 99.999999999% (11 9’s) of data durability”
Somerford is also actively engaged with the MoD, principally through the Defence and Security Accelerator (DASA), the Government body that finds and funds exploitable innovation to support UK Defence and Security. This is an attempt to better understand their digital needs and see if we can support their key requirements. Looking ahead, Somerford will continue to host periodic Cross Govt information security forums, designed to share best practice and learn from each other. There is also an opportunity to ‘bring the outside in’ and discuss areas of mutual interest that transcend the Corporate and Public sectors.
To find out further details on anything you have read, to learn more about Somerford, or to challenge us on how we can find solutions to your problems and needs, please reach out to us.
