Get started with Private Spacebridge
Deploy Private Spacebridge directly within your own Kubernetes cluster so that you can own an end-to-end pipeline for connecting mobile devices to your Splunk platform instance. See About Private Spacebridge to learn more about how Private Spacebridge works.
If you're interested in using Private spacebridge, visit this page to sign up: https://www.splunk.com/en_us/form/privately-hosted-spacebridge-for-splunk-secure-gateway.html.
Prerequisites
Complete the following before getting started with Private Spacebridge:
- You must be using one of the following Splunk platforms:
- Splunk Cloud Platform version 8.1.2106 or higher
- Splunk Enterprise version 8.2.2 or higher
- Have admin-level access to your Kubernetes cluster
- Have access to a non-FIPS test environment, test Splunk platform instance, and test client devices
- If you're using Splunk Mobile or Splunk AR, deploy Mobile Device Management (MDM) for your devices. See About MDM and in-app registration to learn more about MDM. You don't need to use MDM if you're using Private Spacebridge with Splunk TV.
- Sign up to get started with Private Spacebridge at https://www.splunk.com/en_us/form/privately-hosted-spacebridge-for-splunk-secure-gateway.html.
- Receive a ZIP package that includes the following components:
- Private Spacebridge Helm Chart TAR file
- Private Spacebridge Docker image TAR file
After completing the prerequisites, see the following steps to deploy Private Spacebridge.
1. Configure your Kubernetes cluster to set up Private Spacebridge
See the Kubernetes documentation for more information about configuring your Kubernetes cluster. Here's how to set up Private Spacebridge:
- Create a namespace, such as
spacebridge
, for Private Spacebridge in your Kubernetes cluster. - Install Private Spacebridge using the provided Helm Chart TAR file. See the README file included in the provided package for detailed instructions.
- Add the Private Spacebridge Docker image TAR file to your Docker registry.
- Create certificates and register domains for gRPC and HTTP Spacebridge endpoints. You'll use the domain names in your MDM configuration and securegateway.conf file.
- Configure ingress to Spacebridge gRPC and HTTP services with the certificates you created in the previous step.
- (Optional) If your cluster doesn't already have log forwarding enabled, you can forward Private Spacebridge logs to any Splunk platform instance using an HTTP Event Collector. See Configure HTTP Event Collector on Splunk Enterprise and the Helm Chart fluentd parameters in the provided README file.
2. Acquire the Connected Experiences apps
If you're using Splunk Mobile or Splunk AR, distribute the app using an MDM provider. Splunk TV doesn't require MDM distribution.
Splunk Mobile or Splunk AR
See your MDM provider's documentation to complete the following steps for Splunk Mobile users:
- Locate the following versions of the Connected Experiences apps that you're using in your MDM provider's app store:
- Splunk Mobile for iOS version 2.13.0 or higher
- Splunk Mobile for Android version 2021.01.29 or higher
- Splunk AR for iOS version 3.2.0 or higher
- Add the apps you're using to your MDM instance.
- Deploy the test devices you plan to use in the Private Spacebridge beta program.
Splunk TV
Download Splunk TV for Android and Fire TV version 2021.10.11 or higher, Splunk TV for Apple TV 3.7.0 or higher, or Splunk TV Companion 1.2.0 or higher.
3. Configure Splunk Secure Gateway to point at Private Spacebridge
Configure the securegateway.conf file and client devices to point to the Private Spacebridge domain:
- Create the file
$SPLUNK_HOME/etc/apps/splunk_secure_gateway/local/securegateway.conf
. - Add to the newly created file the following lines, using the HTTP domain that you created when configuring your Kubernetes cluster:
[setup] spacebridge_server=<HTTP spacebridge domain>
- Restart your Splunk platform.
- Verify the connection has been established. Enter the following query in the Splunk Search and Reporting app:
index=_internal sourcetype="secure_gateway*" connected
4. Configure client devices to point at Private Spacebridge
- In the Configure tab of Splunk Secure Gateway, click Generate an Instance ID File.
- Open the instance ID file in a text editor.
- After the
server_directory
clause, copy and paste the followingendpoint_config
clause so that your instance ID file looks like this:{ "server_directory" : [{ "sign_public_key": "<public_key>", "encrypt_public_key": "<public_key>", "deployment_name": "<name>", "mdm_sign_private_key": "<private_key>", "login_type": <login_type>, "instance_url": <saml_url>, "custom_endpoint_id" : <id_string>} ], "endpoint_config" : { "custom_endpoint_id" : <id_string>, "custom_endpoint_hostname" : <url_string>, "custom_endpoint_grpc_hostname" : <url_string>, "client_cert_required" : <true/false>} }
- Edit the values for the following fields in the instance ID file:
Field Type Value custom_endpoint_id
String A user-friendly name for the Private Spacebridge instance. custom_endpoint_hostname
String HTTP domain that you created when configuring your Kubernetes cluster. custom_endpoint_grpc_hostname
String Hostname for registered devices to get dashboard data from. client_cert_required
Bool Determines whether the user must have a valid client certificate installed. Defaults to true
. Markfalse
for the duration of the beta program. - Save the file.
- Add the instance ID file to your MDM provider. See Add the instance ID to your MDM provider in the Administer Splunk Secure Gateway manual.
Optionally, you can edit more fields in the instance ID file to configure your deployment. See Configure your Private Spacebridge deployment to learn more.
5. Register client devices
Register the client devices that are using the Connected Experiences apps with your Splunk platform. See the following documentation to log into your Splunk Platform from the app you're using:
App | Documentation |
---|---|
Splunk Mobile, Splunk AR, or Splunk for iPad | Register an MDM-distributed device |
Splunk TV for Android and Fire TV | Log into a Splunk platform instance from your Android TV or Fire TV using Private Spacebridge |
Splunk TV for Apple TV. | Log into a Splunk platform instance from your Apple TV using Private Spacebridge |
PREVIOUS About Private Spacebridge |
NEXT Configure your Private Spacebridge deployment |
This documentation applies to the following versions of Splunk® Private Spacebridge: 1.0.0
Feedback submitted, thanks!