Implement cross-region disaster recovery in your Splunk Cloud Platform environment
If you want to use cross-region disaster recovery (CRDR) in your Splunk Cloud Platform environment, follow these steps.
- Learn what CRDR does and what it doesn't do
- Speak with your account team and schedule a conversation with CRDR service experts
- Purchase the service
- Provide maintenance windows for Splunk Support to integrate CRDR into your environment
- Update IP allow lists for access to your integrated Splunk Cloud Platform environment
- Confirm that your supporting infrastructure use DNS host names for the Splunk Cloud Platform environment
- If you use the Splunk Cloud Data Manager application, create an Amazon Web Services (AWS) identity access management (IAM) role and modify the role trust relationship
- (Optional) After integration, schedule planned failovers to test that the process works
Learn what the service does and doesn't do
Before you implement CRDR for your Splunk Cloud Platform instance, understand what CRDR is, what it can do for you, and what its limitations are. As CRDR is currently a limited paid preview, you can leave feedback to further improve and strengthen the service. Splunk does not make any guarantees outside of the service level agreements it specifically agrees to with regards to the service, as described in this manual.
Speak with your account team and schedule a conversation with CRDR service experts
When you are ready to implement CRDR in your SCP environment, contact your account team and indicate that you want to sign up for the service. Your account representative will connect you with Splunk disaster recovery experts to learn about your needs and determine if CRDR is a fit for your specific use case.
Purchase the service
After you speak with your account team and schedule a talk with Splunk experts about CRDR, purchase the service and have it integrated into your Splunk Cloud Platform environment. After you make the purchase, Splunk will work with you to schedule maintenance windows to set up the service.
Provide maintenance windows for Splunk Support to integrate CRDR into your environment
After you agree to the terms for using the service and purchase the service, you must coordinate with Splunk Support to establish maintenance windows to integrate the service into your environment.
Multiple maintenance windows are required to perform this integration because the integration requires a number of infrastructure updates to the instance. For example, when you integrate CRDR into your instance, Splunk rekeys any stored data within your environment with a multi-region encryption key so that the data is accessible in the production SCP environment and the environment in the secondary region.
Update IP allow lists for access to your integrated Splunk Cloud Platform environment
After integration, Splunk Support provides you with IP network addresses which you must configure to allow egress from your Splunk Cloud Platform environment. For more information on how to configure IP network allow lists, see Configure IP allow lists for Splunk Cloud Platform.
If you use the Splunk Cloud Data Manager application, create an Amazon Web Services (AWS) identity access management (IAM) role and modify the role trust relationship
After Splunk Support integrates CRDR into your Splunk Cloud Platform environment, if you use the Splunk Cloud Data Manager application in that environment, then either you or your AWS administrator must create an AWS role and adjust its trust relationship between AWS and Splunk Cloud Platform.
- Log into AWS IAM Console.
- Create an AWS IAM role called
SplunkDMReadOnlyby following the procedure at https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-service.html. - Change the trust relationship for the
SplunkDMReadOnlyrole by following the procedure at https://docs.aws.amazon.com/directoryservice/latest/admin-guide/edit_trust.html. - In the Trust Relationship section, locate the following text within the JavaScript Object Notation (JSON) object and update the
ACCOUNT_ID,STACK_ID_1, andSTACK_ID_2with the account ID and stack IDs for your Splunk Cloud Platform environment, respectively:
"Principal": {
"AWS": [
"arn:aws:iam::<ACCOUNT_ID>:role/<STACK_ID_1>",
"arn:aws:iam::<ACCOUNT_ID>:role/<STACK_ID_2>"
]
},
For more information on the Splunk Cloud Data Manager application, see About Data Manager in the **Data Manager Manual**.
Confirm that your supporting infrastructure use DNS host names for the Splunk Cloud Platform environment
When you implement CRDR into your Splunk Cloud Platform environment, confirm that all environment users and the infrastructure that supports data ingestion into that environment, such as forwarders, HTTP Event Collector clients, and applications, connect to the instance through DNS, rather than through an IP network address. During a failover, Splunk changes the DNS for the Splunk Cloud Platform environment from the primary cloud service provider (CSP) region to the secondary CSP region.
(Optional) Schedule planned failovers to test that the process works
Up to twice a year, you can optionally schedule a planned failover for your Splunk Cloud Platform deployment. These planned failovers let you test your environment to confirm all data and configurations are available in the secondary instance.
| Best practices for configuring your Splunk Cloud Platform environment for disaster recovery | Schedule a planned disaster recovery for your Splunk Cloud Platform environment |
Download manual
Feedback submitted, thanks!