Deploying Enterprise Analytics and Monitoring with Splunk in the Cloud

CDT chose InterVision to be their technology partner in this endeavor and we developed an AWS infrastructure solution to meet their needs. We also architected an AWS multi-account strategy with multiple environments to meet security best practices. By utilizing the AWS cloud, CDT now has a highly scalable and highly available Splunk implementation for data collection, analysis, and security monitoring of critical infrastructure. As CDT expands and extends Splunk to monitor even more devices and environments, the AWS infrastructure will be able to scale and extend accordingly.

About the Company

The California Department of Technology (CDT) partners with state, local government and educational entities to deliver digital services, develop innovative and responsive solutions for business needs, and provide quality assurance for state government Information Technology (IT) projects and services. CDT is the guardian of public data, a leader in IT services and solutions, and has broad responsibility and authority over all aspects of technology in California state government, including policy formation, inter-agency coordination, IT project oversight, information security, technology service delivery, and advocacy.

The Vision and Challenge

CDT wanted to leverage Splunk for business analytics and monitoring, while maintaining a highly secure and scalable environment. They anticipated ingesting several terabytes of data per day, so their cloud infrastructure would need to be architected to handle the load while maintaining uptime and performance. They set out to find a partner that could deliver on these needs and had expertise in Amazon Web Services (AWS), which they wanted to use to quickly deploy large-scale applications like business analytics and security monitoring.

The Outcome

CDT chose InterVision to be their technology partner in this endeavor and we developed an AWS infrastructure solution to meet their needs by using our extensive experience and service offerings with AWS. As part of this approach, we architected an AWS multi-account strategy with multiple environments to meet security best practices. Using immutable AWS infrastructure with AWS CloudFormation, we developed a fault-tolerant Splunk cluster to ensure uptime and lower the administrative overhead. We also assisted in implementing an enterprise AWS Identity and Access Management (IAM) solution for single sign-on/multifactor authentication (SSO/MFA) into critical applications. This allows for the Security Operations Center (SOC) to seamlessly and securely access Splunk.

By utilizing the AWS cloud, CDT now has a highly scalable and highly available Splunk implementation for data collection, analysis, and security monitoring of critical infrastructure. As CDT expands and extends Splunk to monitor even more devices and environments, the AWS infrastructure will be able to scale and extend accordingly.

AWS Services Utilized:

  • AWS GovCloud
  • AWS Organizations
  • AWS CloudFormation
  • AWS Application Load Balancers
  • AWS Virtual Private Cloud
  • AWS EC2
  • AWS Elastic Container Service
  • AWS Transit Gateway
  • AWS Identity and Access Management
  • AWS S3

Third Party Applications or Solutions Used:

  • Splunk Enterprise
  • Okta
  • Docker
  • Palo Alto Networks
  • Hashicorp Consul
  • NGINX
  • Gitlab/Github
  • Jenkins

InterVision’s AWS Cloud Services

Learn More