Splunk Enterprise in the Cloud Vision and Roadmap

Copyright 2013 Splunk Inc. Splunk Enterprise in the Cloud Vision and Roadmap Alex Munk PM Cloud #splunkconf Ledio Ago Director of Engineering Cloud

Legal NoJces During the course of this presentajon, we may make forward- looking statements regarding future events or the expected performance of the company. We caujon you that such statements reflect our current expectajons and esjmates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward- looking statements, please review our filings with the SEC. The forward- looking statements made in this presentajon are being made as of the Jme and date of its live presentajon. If reviewed aver its live presentajon, this presentajon may not contain current or accurate informajon. We do not assume any obligajon to update any forward- looking statements we may make. In addijon, any informajon about our roadmap outlines our general product direcjon and is subject to change at any Jme without nojce. It is for informajonal purposes only and shall not, be incorporated into any contract or other commitment. Splunk undertakes no obligajon either to develop the features or funcjonality described or to include any such feature or funcjonality in a future release. Splunk, Splunk>, Splunk Storm, Listen to Your Data, SPL and The Engine for Machine Data are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respeccve owners. 2013 Splunk Inc. All rights reserved. 2

About Us Alex Munk Ledio Ago! Splunker since January 2012! Product Manager Cloud! Previous: PM @ MicrosoV! Previous: Sr SoVware Engineer @ Accenture! Splunker since February 2007! Director of Engineering Cloud! Worked on Splunk on Windows! Resident Albanian 3

Agenda! Why the Cloud?! Introducing Splunk Cloud! What s available today?! What s coming next?! Splunk Cloud Technical Overview AutomaJon Security Monitoring Reliability 4

Why the Cloud?

Industry Leading Plaaorm for Machine Data Any Machine Data Servers Online Services Security Web Services Networks GPS LocaJon Packaged ApplicaJons Search and Inves7ga7on Proac7ve Monitoring Opera7onal Visibility Real- 7me Business Insights Storage Desktops Messaging Custom ApplicaJons Online Shopping Cart Smartphones and Devices Telecoms Web Clickstreams RFID Call Detail Records Databases Energy Meters HA Indexes and Storage Commodity Servers 6

Sedng the Standard for OperaJonal Intelligence VERSIONS 1 2 3 Tool Google for the datacenter 2006-2008 VERSIONS 4 4.1 4.2 4.3 Engine Engine for machine- generated data 2009-2011 VERSION 5 PlaForm PlaForm for opera7onal intelligence 2012 7

What s Next What do organiza7ons need 85

Enterprise IT Needs are Evolving Preferences Needs Fast Jme to deployment of cloud services Visibility and operajonal intelligence delivered in the cloud Running both on- premises and cloud services (Hybrid) Comprehensive visibility spanning all environments 9

Introducing Delivering operajonal intelligence across on- premises and public, private and hybrid cloud environments As a Service 10

Splunk Cloud: Value Across Public, Private, Hybrid Clouds Any Machine Data Online Services Web Services Search and Inves7ga7on Proac7ve Monitoring Opera7onal Visibility Real- 7me Business Insights Servers Security Networks GPS LocaJon Packaged ApplicaJons Storage Desktops Messaging Custom ApplicaJons Online Shopping Cart Telecoms Web Clickstreams RFID Call Detail Records Databases Energy Meters Smartphones and Devices On- Premises Private /Hybrid Cloud Public Cloud 11

Splunk Cloud Overview Cloud Service Fast Jme to value Low operajonal overhead Annual subscripjon based Splunk Enterprise features Access to the enjre range of Splunk Enterprise features, including apps, API, alerjng and role- based access controls Hybrid PlaForm Single plaaorm for operajonal visibility across cloud and on- premises deployments 12

Splunk Cloud Service Overview Cloud service with annual subscripjon plans currently available from 50 GB 1 TB/day, custom opjons outside the range Rapid on- demand provisioning of customer- specific Splunk environments Fast 7me to value: Get started within days Reduced complexity: Managed and operated by Splunk 13

Splunk Cloud Features Overview Access to all Splunk Enterprise features including API/apps/alerJng/ access controls/report accelerajon per negojated contract Security Roadmap: SOC2 Type 1 and Type 2 followed with ISO 27001 for internajonal customers Support SLA: Same as Splunk Enterprise Backup/Archiving opjons available Features Delivery Model Search & ReporJng Dash- boarding and AnalyJcs Splunk Enterprise Licensed Install (Free 500MB/day data volume) x Splunk Cloud Licensed Service AlerJng x x Splunk Forwarders Support API x x Apps x x x x x x x 14

Splunk Cloud Hybrid Plaaorm Combine with on- premises Splunk deployment Single plaaorm for visibility across public, private and hybrid applicajons & infrastructure Single console visibility for: OperaJonal health and status Security reports & dashboards Combined analyjcs such as capacity planning, user behavior and usage stajsjcs System Admins On- Premises Security Analysts ApplicaJon Owners Private /Hybrid Cloud ApplicaJon Developers Business Users Public Cloud 15

Splunk Cloud Looking Ahead More of everything! Increased index volume opjons: <50 GB & >1 TB/day! Increased concurrent search capacity opjons! Increased data retenjon opjons! Increased availability and durability opjons 16

Splunk Cloud Looking Ahead Enterprise- grade Security! SOC 2 Type 1! SOC 2 Type 2! ISO 27001! Custom security requirements 17

Splunk Cloud Looking Ahead Data Management OpJons! Geo- isolated environments! Geo- distributed environments! Geo- replicated environments! Increased archive opjons 18

Splunk Cloud Looking Ahead Hybrid OpJons Current Capability! Search across on- premises and Splunk Cloud environments Planned! Search in the cloud, index and store data on premises! Index and/or search in the cloud, store data on premises! Burst index and/or search capacity in the cloud 19

Technical Overview

How it Works Forwarders collect all machine data Compression and EncrypJon Fault tolerant persistent queues Datacenter Private Cloud Public Cloud Splunk Cloud Dedicated Deployments in AWS ConJnuously Monitored AutomaJcally Managed 21

Technical Overview Architecture Security Opera7onal Support Processes Monitoring AWS based indexer, search- head deployments Processes for data and customer protecjon ProacJve, conjnuous monitoring Enterprise grade support 22

Splunk Cloud Architecture Search Head Indexer Cluster Master Indexer Indexer Indexer 23

Splunk Cloud Data Inputs HTTP(S) HTTPS Rest- API Local / CIFS files Syslog/TCP/ UDP Metrics Scripted/Modular inputs 24

Combine with Any ExisJng Data Sources Hadoop Connect DB Connect Modular Inputs On- Premises 25

Security & Compliance ProtecJon of Customer Data! Working towards SOC2 type 1 and 2 and ISO 27001! Data confidenjality in transit! Role Based Access Controls! Private Instances! Planned: IDS Monitoring (OSSIM)! Planned: ConJnuous Nessus scanning 26

Security & Compliance (conjnued) ProtecJon from Internet- based Aqacks and Internal Risks Control and log access to customer instances Planned: MulJple VPC s to isolate traffic ProducJon, QA and development in unique segments MulJ customer pods separated from single- customer systems 27

Security & Compliance (conjnued) Web Security ApplicaJons being tested with Whitehat for white box security tesjng ApplicaJons being tested with isec for black box tesjng Known vulnerabilijes fixed in code or with web applicajon firewall Cloudpassage for security monitoring, server access management, intrusion detecjon 28

OperaJonal Monitoring Splunk automated monitoring via SoS & *nix apps and Zabbix ProacJve monitoring of each applicajon, web, Splunk process in the cluster Load metrics (CPU, Disk, Bandwidth, Memory) Capacity monitoring(usage, response Jmes, bandwidth ujlizajon Data receipt, processing and availability monitoring Front door monitoring: Pingdom for site monitoring and reporjng AutomaJc pager alerts in cases of failure with PagerDuty OperaJons, Capacity & Availability 29

External Access to Systems Customer Access ApplicaJons delivered over the web, no logins to servers required Customers NOT allowed direct console access to producjon or staging servers UI only Customers have access to Development servers server specific accounts used Splunk> Employee Business Access Network access limited to Splunk> network via secure VPN Terminal servers act as gateways, tracking all logins Terminal servers also protect from malware aqacks from laptops All logins and history of each instance is logged, tracked and monitored in Splunk> Working per SOC2 processes 30

Enterprise- grade Support Same support process and tools as Splunk Enterprise (powered by Salesforce.com) Cloud- specific support enjtlements Enterprise & Global opjons available Cloud- ready service SLA Splunk support team connected with Splunk Cloud operajons team Covers operajonal cases in addijon to standard support cases Separate from Professional Services Authorized contacts create and manage cases at www.splunk.com/support 31

Next Steps 1 2 Download the.conf2013 Mobile App If not iphone, ipad or Android, use the Web App Take the survey & WIN A PASS FOR.CONF2014 Or one of these bags! 3 View the other Cloud sessions All sessions are available on the Mobile App Videos will be available shortly 32

THANK YOU