Background Headquartered in San Francisco, CA Splunk produces software that runs both on-premises and in the cloud for searching, monitoring, and analyzing machine generated data via a web-style interface. The tool captures, indexes and correlates real-time data in a searchable repository from which it can generate graphs, reports, alerts, dashboards and visualization. Splunk’s mission is to make machine data accessible across an organization by identifying data patterns, providing metrics, diagnosing problems and providing intelligence for business operations.
Challenges Splunk was on a mission to enable their employees and partners to deliver demos of their software, regardless of where they’re located in the world, and have the demo work the same exact way each time. However, this simple vision proved to be quite complex to execute.
At Splunk they have what they call their “House of Demos” aka Splunk Oxygen. This tool hosts between 20 and 30 production only demos covering a wide variety of use cases and running inside data centers in Chicago and Amazon Web services. The demos include everything from Splunk security, to web analytics and IT service intelligence
One of the big challenges they faced was being on an onsite customer meeting, and having their demos crash or fail. Their sales engineers would sometimes be out on a meeting with a customer on site giving a demo, and access to the internet would cut out and the customer won’t allow the Splunk rep to access the company network.
The company also needed greater portability of their demos. Prior to Docker, the only other way to move the Splunk demos around it was a VM. But shipping a VM out to a partner requires a lot of maintenance.
Solution Today Splunk uses Docker Datacenter. Docker Datacenter is an on-premises Containers as a Service solution that includes: Universal Control Plane, Docker Trusted Registry and commercial support for the Docker engine. Splunk’s environment is made up of a 10 node cluster running Docker Trusted Registry and Universal Control Plane.
The monitoring company uses the Docker image as the format to bundle up each Splunk demo. Each demo consists of a copy of Splunk and one or more applications inside of it. Splunk has around 30-40 different Docker images that range from enterprise security to core Splunk.
Each image is stored within the on-premises Docker Trusted Registry. Docker Trusted Registry is hooked up to their corporate and partner Active Directory server so they can give users the correct role-based access to the images that they need. These images are also publicly accessible to people who are authenticated but are outside of the corporate firewall. Their sales engineers or partners can now pull the images from DTR and give the demo offline.
Universal Control Plane enables Splunk to create clusters and take the same image that was designed to run on a laptop and scale it anywhere. This makes the environment predictable, and it makes testing easier once a newer version of Splunk is available.
Universal Control Plane and Docker Trusted Registry both plug into Splunk’s active directory that controls and manages all of their users. With UCP, they can also join nodes that exists in different cloud service providers on on-premises environments. When it comes to Splunk Oxygen, Splunk has physical machines that run behind a Cisco UCS running VMware. For users who demo Splunk in Asia Pacific and in Europe, they run instances up in Amazon cloud. Having the ability to link each node into a UCP cluster, regardless of of the infrastructure they are running on is a huge benefit for them.
With Docker Datacenter, Splunk can now ensure that everyone who goes out and represents the Splunk brand, can demo without failure.