Splunk® Private Spacebridge

Set up Private Spacebridge

Get started with Private Spacebridge

Deploy Private Spacebridge directly within your own Kubernetes cluster so that you can own an end-to-end pipeline for connecting devices to your Splunk platform instance. See About Private Spacebridge to learn more about how Private Spacebridge works and whether it suits your deployment.

Prerequisites

Complete the following before getting started with Private Spacebridge:

  • You must be using one of the following Splunk platforms:
    • Splunk Cloud Platform version 8.1.2106 or higher
    • Splunk Enterprise version 8.2.2 or higher
  • Have admin-level access to your Kubernetes cluster
  • Have access to a non-FIPS test environment, test Splunk platform instance, and test client devices
  • Optionally configure Mobile Device Management (MDM) or use the QR code mobile login method. See About MDM and in-app registration to learn more about MDM. See Log in with a QR code or authentication code using Splunk Secure Gateway to learn more about mobile devices logging in with a QR code.
  • Download a Private Spacebridge package that includes the following components:
    • Private Spacebridge Helm Chart TGZ file
    • Private Spacebridge Docker image TAR file

After completing the prerequisites, see the following steps to deploy Private Spacebridge.

1. Install Private Spacebridge within your Kubernetes cluster

See the Kubernetes documentation for more information about configuring your Kubernetes cluster. Here's how to set up Private Spacebridge:

  1. Create a namespace, such as spacebridge, for Private Spacebridge in your Kubernetes cluster.
  2. Install Private Spacebridge using the provided Helm Chart TGZ file. See the README file included in the provided package for detailed instructions.
  3. Add the Private Spacebridge Docker image TAR file to your Docker registry.
  4. Create certificates and register unique domains for gRPC and HTTP Spacebridge endpoints. You'll use these domain names later on as part of configuring your Splunk platform instance.
  5. Configure ingress to Spacebridge gRPC and HTTP services with the certificates you created in the previous step.
    Ingress for the gRPC hostname must be configured to allow streamed gRPC websocket connections.
  6. (Optional) If your cluster doesn't already have log forwarding enabled, you can forward Private Spacebridge logs to any Splunk platform instance using an HTTP Event Collector. See Configure HTTP Event Collector on Splunk Enterprise and the Helm Chart fluentd parameters in the provided README file.

2. Acquire the Connected Experiences apps

Mobile device users can download the Splunk mobile apps from the App Store or Google Play store.

(Optional) If you're using MDM, see your MDM provider's documentation to complete the following steps for Splunk mobile app users:

  1. Locate the following versions of the Connected Experiences apps that you're using in your MDM provider's app store:
    1. Splunk Mobile for iOS version 2.13.0 or higher
    2. Splunk Mobile for Android version 2021.01.29 or higher
    3. Splunk AR for iOS version 3.2.0 or higher
  2. Add the apps you're using to your MDM instance.
  3. Deploy the test devices you plan to use in the Private Spacebridge beta program.

3. Configure Splunk Secure Gateway to use your Private Spacebridge

Complete the following steps for your Splunk platform version to configure Splunk Secure Gateway to use your Private Spacebridge.

For Splunk platform versions lower than 9.0

If you're using a Splunk platform version lower than 9.0 and Splunk Secure Gateway version lower than 3.0, configure the securegateway.conf file and client devices to point to the Private Spacebridge domain:

  1. Create the file $SPLUNK_HOME/etc/apps/splunk_secure_gateway/local/securegateway.conf.
  2. Add to the newly created file the following lines, using the HTTP domain that you created when configuring your Kubernetes cluster:
    [setup]
    spacebridge_server=<HTTP spacebridge domain>
    
  3. Restart your Splunk platform.
  4. Verify the connection has been established. Enter the following query in the Splunk Search and Reporting app:
    index=_internal sourcetype="secure_gateway*" connected
    

For Splunk platform versions 9.0 or higher

If you're using a Splunk platform version 9.0 or higher and Splunk Secure Gateway version 3.0 or higher, configure Splunk Secure Gateway to connect to your Private Spacebridge using the onboarding workflow or the deployment settings page.

Verify the connection has been established. Enter the following query in the Splunk Search and Reporting app:

index=_internal sourcetype="secure_gateway*" connected

4. Configure client devices to point at use Private Spacebridge

For Splunk platform versions lower than 9.0

If you're using a Splunk platform version lower than 9.0 and Splunk Secure Gateway version lower than 3.0, complete the following steps:

  1. In the Configure tab of Splunk Secure Gateway, click Generate an Instance ID File.
  2. Open the instance ID file in a text editor.
  3. After the server_directory clause, copy and paste the following endpoint_config clause so that your instance ID file looks like this:
    {
       "server_directory" : [{
         "sign_public_key": "<public_key>",
         "encrypt_public_key": "<public_key>",
         "deployment_name": "<name>",
         "mdm_sign_private_key": "<private_key>",    
         "login_type": <login_type>,
         "instance_url": <saml_url>,
    "custom_endpoint_id" : <id_string>}
       ],
     
       "endpoint_config" : {
         "custom_endpoint_id" : <id_string>,
         "custom_endpoint_hostname" : <url_string>,
         "custom_endpoint_grpc_hostname" : <url_string>,
         "client_cert_required" : <true/false>}
    }
    
  4. Edit the values for the following fields in the instance ID file:
    Field Type Value
    custom_endpoint_id String A user-friendly name for the Private Spacebridge instance.
    custom_endpoint_hostname String HTTP domain that you created when configuring your Kubernetes cluster.
    custom_endpoint_grpc_hostname String Hostname for registered devices to get dashboard data from.
    client_cert_required Bool Determines whether the user must have a valid client certificate installed. Defaults to true. Mark false for the duration of the beta program.
  5. Save the file.
  6. Add the instance ID file to your MDM provider. See Add the instance ID to your MDM provider in the Administer Splunk Secure Gateway manual.

Optionally, you can edit more fields in the instance ID file to configure your deployment. See Configure your Private Spacebridge deployment to learn more.

For Splunk platform versions 9.0 or higher

If you're using a Splunk platform version 9.0 or higher and Splunk Secure Gateway version 3.0 or higher, set up in-app registration with an MDM provider or use the QR code login method. No additional steps are required. Mobile devices logging in using MDM or the QR code generated by Splunk Secure Gateway automatically connect to your Private Spacebridge.

See Set up MDM and in-app registration for the Connected Experiences app to learn more about MDM.

5. Register client devices

Register the client devices that are using the Connected Experiences apps with your Splunk platform. See the following documentation to log into your Splunk Platform from the app you're using:

App Documentation
Splunk Mobile, Splunk AR, or Splunk for iPad Register an MDM-distributed device

Log in with a QR code or authentication code using Splunk Secure Gateway

Splunk TV for Android and Fire TV Log into a Splunk platform instance from your Android TV or Fire TV using Private Spacebridge
Splunk TV for Apple TV. Log into a Splunk platform instance from your Apple TV using Private Spacebridge
Splunk Edge Hub OS Register your Splunk Edge Hub
Last modified on 07 May, 2024
About Private Spacebridge   Configure your Private Spacebridge deployment

This documentation applies to the following versions of Splunk® Private Spacebridge: 1.1.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters