Architekturmuster in sicherheitsgerichteten systemen med conf2013
Planning*and*Execu>on*for*Successful* Deployments* · Managing*your*Project(s)*! ......
Transcript of Planning*and*Execu>on*for*Successful* Deployments* · Managing*your*Project(s)*! ......
Copyright © 2013 Splunk Inc.
Planning and Execu>on for Successful Deployments Pete Sicilia Client Architect Manager Chris Olson Sr. Director, Technical Services
#splunkconf
Legal No>ces During the course of this presenta>on, we may make forward-‐looking statements regarding future events or the expected performance of the company. We cau>on you that such statements reflect our current expecta>ons and es>mates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-‐looking statements, please review our filings with the SEC. The forward-‐looking statements made in this presenta>on are being made as of the >me and date of its live presenta>on. If reviewed aTer its live presenta>on, this presenta>on may not contain current or accurate informa>on. We do not assume any obliga>on to update any forward-‐looking statements we may make. In addi>on, any informa>on about our roadmap outlines our general product direc>on and is subject to change at any >me without no>ce. It is for informa>onal purposes only and shall not, be incorporated into any contract or other commitment. Splunk undertakes no obliga>on either to develop the features or func>onality described or to include any such feature or func>onality in a future release.
Splunk, Splunk>, Splunk Storm, Listen to Your Data, SPL and The Engine for Machine Data are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respecCve
owners.
©2013 Splunk Inc. All rights reserved.
2
Planning for a Successful Splunk Deployment
3
! Introduc>on ! Architecture – Why Things MaWer ! Hardware and Benchmarking (Talking to your Infrastructure) ! Building your Team ! Use Cases and Collec>ng Requirements ! Service Offerings ! Managing your Project(s) ! Expansion and Beyond
About Us
! Pete Sicilia manages the Client Architect prac>ce at Splunk – Client Architects help Splunk's largest customers and make sure their
deployments are planned properly and executed smoothly – He’s been a Splunker for three years
! Chris Olson leads the Technical Services team for the Americas – Oversees all of the Pre-‐Sales and Professional Services Engineers – He’s been at Splunk for over three years
4
Summary
! This class is to help you plan for a successful Splunk environment with the proper founda>on to scale and handle the needs of a diverse enterprise
! We’ll look at architecture considera>ons, team building, collec>ng requirements and defining your offerings for your internal customers
5
Architecture is Cri>cal…
…But it’s not everything Must understand: ! People ! Process ! Policy ! Splunk design constraints
9
Architecture ! The basics
– Covered in other sessions/Splunk EDU
! Geo’s – Where are your users? – How many? – Where is your data?
! Reten>on and search window ! Security policy ! Resiliency (see Service Offerings) ! User experience/percep>on is key!
10
Hardware and Infrastructure Teams
11
! Physical/VM – Know what you’re asking for – Physical cores not hyperthreading – (cat /proc/cpuinfo is your friend) – Dedicated cores vs. conten>on – Would you run your produc>on customer facing DB on that?
! Local disk vs SAN – Storage is cri>cal for Splunk – Dedicated IOPS not cumula>ve – Run IOZone or Bonnie++ – Conten>on again… – You know what you’re gepng with local disk – SSDs? Yes please!
The Splunk Core Team Mission Statement
13
! The overall goal of your Splunk Core Team is to discover and develop new use cases, support the Splunk infrastructure, create original content and onboard and assist the user community
! Within this team there will be mul>ple roles of differing skill sets, both business and technical
! You might decide that some roles are in the core team and some are farmed out to the business units
! You will find that you will want to tailor your offerings to the business community based on use case and business impact
The Admins
15
! Admins are responsible for the Splunk infrastructure ! They manage the Splunk soTware and administer users ! Customers oTen split the admin team into ini>al deployment and ongoing support (Ops)
! Your admins should be the first through Splunk training as they will shadow the Splunk Professional Services team during the ini>al deployment
! Splunk admins should have a solid background with the selected hardware plaqorm and in Unix or Windows administra>on and have experience running/managing applica>ons
The Developers
16
! Developers code new Splunk searches and dashboards ! Developers usually work closely with the Splunk admins ! Devs also should have familiarity with the required data sources both internal and external to Splunk
! Your devs should be the next through Splunk training as they will help onboard data and write searches for the individual use cases
! Splunk devs typically have experience with scrip>ng, HTML, CSS and query languages
The Business Role
17
! The business role help define new use cases ! They interview new business units and capture broad use cases and detailed business requirements (see the Deployment Doc)
! The business role works closely with the devs to make sure that project requirements are delivered to scope and with the admin team to make sure SLAs are met
! They also help rank/priori>ze new projects based on business impact ! OTen, this team designates one or more of its members to take on the role of Project Manager
Splunk Educa>on
18
! Admins – Architec>ng and deploying – Admin
! Developers – Advanced search and repor>ng – Developing
! Business roles – Advanced search and repor>ng – Project management
Service Offerings
20
! The next step is to define your service offering based on the audience and their business impact/cri>cality
! This will in turn drive your infrastructure decisions including considera>ons for: – Availability/resilience – Performance
! Customers oTen find that they deliver mul>ple classes of service
! “Units of Splunk”
Class C Offering
21
! “The Kiddie Pool” ! Shared Splunk infrastructure ! Used to group smaller, simpler use cases
into an inexpensive hos>ng model ! You do have to watch for capacity by use
case or department ! Extremely easy for chargebacks ! Basic security ! Lowest SLA ! Use cases that outgrow this model can
migrate up to class B
Class B Offering
22
! Mul>ple use cases ! Federated, dis>nct clusters ! Search heads and indexers dedicated to use
cases prevents cross use case conten>on ! Possible cross use case repor>ng (adds to
chargeback considera>ons) ! Managed centrally ! Standard kit – “Units of Splunk” ! Good security ! Moderate SLA ! Easy to determine capacity and chargebacks
Data Center 1
Class A Offering
23
! Highest value use case(s) ! Fully dedicated to a single use case or business unit
! Fully resilient/HA/DR ! Highest security ! Bespoke hardware/storage op>ons
! High performance ! Long reten>on ! Specific search requirements ! Tightest SLA UForwarder Pool
Deeper Considera>ons for Service Offerings
24
! Refer to your service defini>ons and SLAs – How much custom development effort? – Is infrastructure resilience in play?
! Are you able to determine data volume by use case/business unit? ! Data reten>on and search window ! Users and roles with privilege
– Search experts – Basic users – Email users
! Total search resources used ! Search speed/performance Of course all of these play into your considera>ons for chargebacks
Plan for Success
26
! Start off by thinking where this will go when it’s wildly successful ! Go to the well once -‐ with a liWle extra capacity, you’ll have overhead to work on new use cases without another phase of architecture and procurement
! You’ll also find that mul>ple groups might want access to the same data and having extra capacity keeps groups from stepping on each other
! Consider adding a Splunk Center of Excellence to introduce new users and use cases to Splunk with minimal effort
! Splunk has Professional Services offerings specifically geared to help with COE’s
Expansion
27
! There are different factors to expansion depending on if you’re adding – New use cases – New data sources – New users – More volume – New regions
! If you’re con>nuing your deployment with “more of the same” you can probably just add Splunk servers to your current cluster
! If your expansion adds a new class of service, or geography you will likely want to add another Splunk environment to handle it
! Splunk has Professional Services offerings to help with expansion and capacity planning – We’re here to help!
Key Takeaways
28
! Don’t forget people and process – cri>cal to success for any Splunk deployment
! Leverage and partner with your internal teams ! Think longer term, plan for change ! Your Splunk team is here to help – account team, PS, educa>on
Next Steps
29
Download the .conf2013 Mobile App If not iPhone, iPad or Android, use the Web App
Take the survey & WIN A PASS FOR .CONF2014… Or one of these bags! View the sessions listed on the next slide All sessions are available on the Mobile App
1
2
3
Interes>ng Sessions
! Check those sessions on the Mobile App if you missed them: – Best Prac>ces and Lessons Learned from Splunk's Professional Services – Best Prac>ces: Deploying Splunk on Physical, Virtual and Cloud
Infrastructure – Delivering Large Scale Deployments by Thinking Small: A "How-‐to" by
Yahoo! – Architec>ng and Sizing Your Splunk Deployments
30