Splunk Mobile, iPad, AR and TV in Private Networks

Having Splunk Mobile available in your pocket is great, but what if you're not able to take advantage of it because of Defense Federal Acquisition Regulation Supplement (DFARS) requirements or security concerns? Through this blog post, you'll learn how deploying a Private Spacebridge might be the right answer! This blog will showcase a product Splunk has been working on in conjunction with Lockheed Martin, designed to extend Splunk deployments with Splunk Mobile, Splunk for iPad, Splunk TV, and Splunk AR applications. This blog will guide you through how this differs from using a Splunk-hosted Spacebridge and showcase the Private Spacebridge product, with an emphasis on its design to be easy to set-up and maintain. 

How Does Data Get to Splunk Mobile?

Let’s start with how data is normally transferred to Splunk Mobile, iPad, AR and TV devices. Two backend products facilitate the secure transfer and management of your Splunk data. The first, Splunk Secure Gateway, is a Splunk app that lets you administer and manage your fleet of mobile devices at scale while fetching requested dashboards from Splunk to send to Spacebridge. Spacebridge is a cloud-hosted service that securely routes data between Splunk platform instances and connected devices. 

^{Connected Experience Backend Infrastructure Diagram}

Overall, packets of requested data are collected by Splunk Secure Gateway, then passed through Spacebridge to authorized mobile devices. End-to-end encryption is used throughout this process, meaning that only the correct mobile device can decrypt the data and view Splunk data — not even Spacebridge sees Splunk data! 

If you want to see a demo of the backend, check out this video! Or read the details about the backend architecture and products with our Get Started with Connected Experiences blog.

What is Private Spacebridge?

Private Spacebridge is, you guessed it, a private version of Spacebridge that you can deploy on your Kubernetes stack. Unlike the central version of Spacebridge which is a compliant cloud-hosted service that is managed by us here at Splunk, you can take matters into your own hands and control the Connected Experiences pipeline end-to-end. Here’s a quick video that tells you everything you need to know about Private Spacebridge and running Splunk Mobile/iPad/AR/TV in your Private Network:

To break that down, instead of using the version of Spacebridge hosted by Splunk you’ll deploy an elegantly simplified version of the service that is designed to handle just your company's traffic. Run-on Kubernetes, this single pod design allows you to control every aspect of the network, host the Spacebridge service, and easily forward logs back to Splunk for your monitoring purposes. 

^{Private Spacebridge Architecture (December 7th, 2021)}

In summary, Private Spacebridge allows you to take advantage of Splunk Mobile, Splunk for iPad, Splunk AR, and Splunk TV regardless of your company’s guidelines, environment rules, or restrictions. 

How Can I Use Private Spacebridge? 

Since YOU host Private Spacebridge, we kept three goals in mind when designing Private Spacebridge. 

Goal 1: Easy to Deploy

To accomplish this goal, we designed Private Spacebridge to be distributed and managed via a Helm Chart. By using Helm to template our deployments we’ve made deploying Spacebridge as simple as running a single shell command. 

After your service is up and running on your Kubernetes cluster, you just have to orient Splunk Secure Gateway and your Splunk Mobile/iPad/AR/TV towards your version of Spacebridge. When setting up Splunk Secure Gateway, you’ll have the ability to enter your new Private Spacebridge endpoint. The Secure Gateway will attempt to reach that endpoint, and if successful, it will exclusively use that Spacebridge for all of its communications. Similarly, you should redirect the Splunk Mobile/iPad/AR/TV apps looking to connect on the other side. This can be done by passing your Spacebridge endpoint to the devices via your Mobile Device Management provider. As a new feature, you can also take advantage of the QR code based registration inside Splunk Secure Gateway where the device will auto-redirect to the Private Spacebridge endpoint in Secure Gateway and automatically login too! That’s it - you’ve got everything running end-to-end, time to tell everyone in your organization and have them scan the QR code to take advantage of Splunk Connected Experiences within your Private Network!

Goal 2: Easy to Customize

To make this product as useful as possible for our customers, we wanted to ensure that it was as customizable as possible so anyone could adapt it to their needs. To achieve this we looked to Helm and Kubernetes, which combine to form a powerful and robust platform with a deep customization system that gives you full control over your workloads. With Kubernetes, you’ll be able to control and customize everything about the resources and environment your Spacebridge runs in. With Helm, you’ll be able to customize all of the details around how Spacebridge and its service dependencies operate.

Goal 3: Easy to Maintain

Finally, since Splunk is no longer hosting Spacebridge on the behalf of Private Spacebridge customers, we wanted to make the product as easy as possible to maintain for the long run. Mainly, this means that the system is designed to be simple and communicative in terms that can be easily actioned on by anyone. That’s where Bitnami comes in and makes Private Spacebridge a breeze to maintain. By using Bitnami’s open-source Helm charts to manage the Redis dependencies, we get to take advantage of all the great work and support put in by their teams. You can also have peace of mind knowing that Bitnami, a Cloud Native Computing Foundation Member since 2017, is working to keep these dependencies up to date and free of vulnerabilities. 

Design Summary

Overall, we were able to accomplish all of these goals by distributing Spacebridge as a Helm chart that allows you, the customer, to deploy Spacebridge and its dependencies in a templated manner to your Kubernetes cluster. 

For an in-depth summary of the details mentioned above, I encourage you to check out the PLA1314A .conf21 Breakout Session presented by our Senior Software Engineer on the Spacebridge product, Joe Albanese, in partnership with Roger Triantafilo, Splunk Product Analyst at Lockheed Martin, and Eric Jenson with Aesir, Inc., a long time Splunk Partner and Splunk architect at Lockheed Martin.

How Can I Get Started with Private Spacebridge? 

Great question! We were hoping you’d ask that. Getting started is simple, and starts with this signup form.

This product is ready to go for you and we’ll use this point of contact to distribute the software and make sure that you have everything you need to enjoy Connected Experiences. Plus, did I mention, Private Spacebrige along with all Connected Experiences is free. Get started today!

That’s It!

Thanks for checking out this blog and familiarizing yourself with Private Spacebridge. If you want to learn more about Connected Experiences or see them in action, I encourage you to check out these demo videos: 

• Splunk Mobile in 60 seconds
  
• Introducing... Splunk for iPad!
• Splunk AR - Text and Logo Object Detection
  
• Splunk TV Overview
  
  

Plus, keep an eye out for more Connected Experiences blogs every week and review the past ones here.

This article was co-authored by Dylan Conway, Product Manager for Mobile, and Jesse Chor, VP of Engineering.

----------------------------------------------------
Thanks!
Jesse Chor