splunk*enterprise*in*the* cloud*vision*and*roadmap*€¦ · legal*nojces*...
TRANSCRIPT
Copyright © 2013 Splunk Inc.
Alex Munk PM – Cloud #splunkconf
Splunk Enterprise in the Cloud Vision and Roadmap
Ledio Ago Director of Engineering – Cloud
Legal NoJces During the course of this presentaJon, we may make forward-‐looking statements regarding future events or the expected performance of the company. We cauJon you that such statements reflect our current expectaJons and esJmates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-‐looking statements, please review our filings with the SEC. The forward-‐looking statements made in this presentaJon are being made as of the Jme and date of its live presentaJon. If reviewed aVer its live presentaJon, this presentaJon may not contain current or accurate informaJon. We do not assume any obligaJon to update any forward-‐looking statements we may make. In addiJon, any informaJon about our roadmap outlines our general product direcJon and is subject to change at any Jme without noJce. It is for informaJonal purposes only and shall not, be incorporated into any contract or other commitment. Splunk undertakes no obligaJon either to develop the features or funcJonality described or to include any such feature or funcJonality in a future release.
Splunk, Splunk>, Splunk Storm, Listen to Your Data, SPL and The Engine for Machine Data are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respecCve
owners.
©2013 Splunk Inc. All rights reserved.
2
About Us Ledio Ago
! Splunker since February 2007 ! Director of Engineering – Cloud ! Worked on Splunk on Windows ! Resident Albanian
Alex Munk
! Splunker since January 2012 ! Product Manager – Cloud ! Previous: PM @ MicrosoV ! Previous: Sr SoVware Engineer @
Accenture
3
Agenda
! Why the Cloud? ! Introducing Splunk Cloud ! What’s available today? ! What’s coming next? ! Splunk Cloud Technical Overview
– AutomaJon – Security – Monitoring – Reliability
4
Why the Cloud?
Industry Leading Plaaorm for Machine Data Any Machine Data
HA Indexes and Storage
Search and Inves7ga7on
Proac7ve Monitoring
Opera7onal Visibility
Real-‐7me Business Insights
Commodity Servers
Online Services Web
Services
Servers Security GPS
LocaJon
Storage Desktops
Networks
Packaged ApplicaJons
Custom ApplicaJons Messaging
Telecoms Online
Shopping Cart
Web Clickstreams
Databases
Energy Meters
Call Detail Records
Smartphones and Devices
RFID
6
VERSIONS
Sedng the Standard for OperaJonal Intelligence
7
Engine PlaForm 1 2 3
2006-‐2008
Tool
2009-‐2011 2012
VERSIONS 4 4.1 4.2 4.3
VERSION 5
“Google for the datacenter”
“Engine for machine-‐generated data”
“PlaForm for opera7onal intelligence”
7
What’s Next What do organiza7ons need
5 8
Enterprise IT Needs are Evolving
9
Fast Jme to deployment of cloud services
Visibility and operaJonal intelligence delivered in the cloud
Running both on-‐premises and cloud services (Hybrid)
Comprehensive visibility spanning all environments
Preferences Needs
9
Delivering operaJonal intelligence across on-‐premises and public, private and
hybrid cloud environments
As a Service
Introducing
10
Splunk Cloud: Value Across Public, Private, Hybrid Clouds
4
Any Machine Data
Search and Inves7ga7on
Proac7ve Monitoring
Opera7onal Visibility
Real-‐7me Business Insights
Online Services Web
Services
Servers Security GPS
LocaJon
Storage Desktops
Networks
Packaged ApplicaJons
Custom ApplicaJons Messaging
Telecoms Online
Shopping Cart
Web Clickstreams
Databases
Energy Meters
Call Detail Records
Smartphones and Devices
RFID
On-‐Premises Public Cloud Private /Hybrid Cloud
11
Splunk Cloud Overview
Cloud Service
• Fast Jme to value • Low operaJonal overhead • Annual subscripJon based
Single plaaorm for operaJonal visibility across cloud and on-‐
premises deployments
Hybrid PlaForm Splunk Enterprise features
Access to the enJre range of Splunk
Enterprise features, including apps, API, alerJng and role-‐based access controls
12
Splunk Cloud Service Overview
• Cloud service with annual subscripJon plans currently available from 50 GB – 1 TB/day, custom opJons outside the range
• Rapid on-‐demand provisioning of customer-‐specific Splunk environments
• Fast 7me to value: Get started within days • Reduced complexity: Managed and operated
by Splunk
13
Splunk Cloud Features Overview
• Access to all Splunk Enterprise features including API/apps/alerJng/access controls/report acceleraJon per negoJated contract
• Security Roadmap: SOC2 Type 1 and Type 2 followed with ISO 27001 for internaJonal customers
• Support SLA: Same as Splunk Enterprise
• Backup/Archiving opJons available
Features Splunk Enterprise Splunk Cloud
Delivery Model Licensed Install (Free 500MB/day data volume)
Licensed Service
Search & ReporJng x x
Dash-‐boarding and AnalyJcs x x
AlerJng x x
Splunk Forwarders Support x x
API x x
Apps x x
14
Splunk Cloud Hybrid Plaaorm
• Combine with on-‐premises Splunk deployment
• Single plaaorm for visibility across public, private and hybrid applicaJons & infrastructure
• Single console visibility for: – OperaJonal health and status – Security reports & dashboards – Combined analyJcs such as capacity
planning, user behavior and usage staJsJcs
System Admins
ApplicaJon Owners
Business Users
Security Analysts
ApplicaJon Developers
On-‐Premises Public Cloud Private /Hybrid Cloud
15
Splunk Cloud – Looking Ahead
! Increased index volume opJons: <50 GB & >1 TB/day ! Increased concurrent search capacity opJons ! Increased data retenJon opJons ! Increased availability and durability opJons
More of everything
16
Splunk Cloud – Looking Ahead
! SOC 2 Type 1 ! SOC 2 Type 2 ! ISO 27001 ! Custom security requirements
Enterprise-‐grade Security
17
Splunk Cloud – Looking Ahead
! Geo-‐isolated environments ! Geo-‐distributed environments ! Geo-‐replicated environments ! Increased archive opJons
Data Management OpJons
18
Splunk Cloud – Looking Ahead
Current Capability ! Search across on-‐premises and Splunk Cloud environments
Planned ! Search in the cloud, index and store data on premises ! Index and/or search in the cloud, store data on premises ! Burst index and/or search capacity in the cloud
Hybrid OpJons
19
Technical Overview
How it Works
Splunk Cloud
Datacenter
Private Cloud
Public Cloud
• Dedicated Deployments in AWS • ConJnuously Monitored • AutomaJcally Managed
• Forwarders collect all machine data
• Compression and EncrypJon
• Fault tolerant persistent queues
21
AWS – based indexer, search-‐head deployments ProacJve,
conJnuous monitoring
Processes for data and customer protecJon
Technical Overview
Opera7onal Monitoring
Security Processes
Support
Enterprise grade support
Architecture
22
Splunk Cloud Architecture
23
Cluster Master
Search Head
Indexer Indexer Indexer
Indexer
23
Splunk Cloud – Data Inputs
Scripted/Modular inputs
Metrics Syslog/TCP/UDP
Local / CIFS files Rest-‐API
HTTP(S) HTTPS
24
Combine with Any ExisJng Data Sources
On-‐Premises Modular Inputs DB Connect Hadoop Connect
25
Security & Compliance ProtecJon of Customer Data
! Working towards SOC2 type 1 and 2 and ISO 27001
! Data confidenJality in transit
! Role Based Access Controls
! Private Instances
! Planned: IDS Monitoring (OSSIM)
! Planned: ConJnuous Nessus scanning
26
Security & Compliance (conJnued) ProtecJon from Internet-‐based Aqacks and Internal Risks
• Control and log access to customer instances
• Planned: MulJple VPC’s to isolate traffic • ProducJon, QA and development in unique segments
• MulJ customer pods separated from single-‐customer systems
27
Security & Compliance (conJnued) Web Security
• ApplicaJons being tested with Whitehat for white box security tesJng
• ApplicaJons being tested with iSec for black box tesJng
• Known vulnerabiliJes fixed in code or with web applicaJon firewall
• Cloudpassage for security monitoring, server access management, intrusion detecJon
28
OperaJonal Monitoring OperaJons, Capacity & Availability
• Splunk automated monitoring via SoS & *nix apps and Zabbix – ProacJve monitoring of each applicaJon,
web, Splunk process in the cluster – Load metrics (CPU, Disk, Bandwidth,
Memory) – Capacity monitoring(usage, response Jmes,
bandwidth uJlizaJon – Data receipt, processing and availability
monitoring • “Front door” monitoring: Pingdom for
site monitoring and reporJng • AutomaJc pager alerts in cases of failure
with PagerDuty
29
External Access to Systems • Customer Access
– ApplicaJons delivered over the web, no logins to servers required – Customers NOT allowed direct console access to producJon or staging servers
– UI only – Customers have access to Development servers – server specific accounts used
• Splunk> Employee Business Access – Network access limited to Splunk> network via secure VPN – Terminal servers act as gateways, tracking all logins – Terminal servers also protect from malware aqacks from laptops – All logins and history of each instance is logged, tracked and monitored in
Splunk> – Working per SOC2 processes
30
Enterprise-‐grade Support • Same support process and tools as Splunk Enterprise (powered by Salesforce.com)
• Cloud-‐specific support enJtlements – Enterprise & Global opJons available – Cloud-‐ready service SLA – Splunk support team connected with Splunk Cloud operaJons team – Covers operaJonal cases in addiJon to standard support cases – Separate from Professional Services
• Authorized contacts create and manage cases at www.splunk.com/support
31
Next Steps
32
Download the .conf2013 Mobile App If not iPhone, iPad or Android, use the Web App
Take the survey & WIN A PASS FOR .CONF2014… Or one of these bags! View the other “Cloud” sessions All sessions are available on the Mobile App Videos will be available shortly
1
2
3
THANK YOU