Skip to main content

 

Splunk Lantern

Selecting the best cloud migration approach

 

Many Splunk on-premises customers are aiming to move to Splunk Cloud Platform so that the updates and infrastructure is all managed. However, there are different approaches to do this, with pros and cons for each. This article explains your options.

Solutions

Greenfield

This approach involves starting afresh in Splunk Cloud Platform without migrating historical data. However, you can migrate the configuration of your on-premises deployment of Splunk to accelerate the initial setup. You will need to do some testing to prepare the Splunk Cloud Platform deployment with smaller cuts of real data. After this is done, the data can be redirected to send to your Splunk Cloud Platform environment rather than your on-premises Splunk deployment.

This approach is popular when a number of additional services and capabilities have been added as part of your Splunk package, and you wish to refactor the existing configuration. If required, it also benefits from enabling configuration to be brought back inline with Splunk-recommended practices. This approach benefits from an instant switchover for end users when they start working with the new Splunk Cloud Platform deployment.

Dual firing 

This approach involves replicating the configuration of your on-premises deployment in Splunk Cloud Platform. When complete, the data forwarding layer is configured to send copies of the data to both your on-premises and Splunk Cloud Platform deployments (dual firing). From this point, data starts to build in your new Splunk Cloud Platform deployment until the point you are comfortable to switch over.

This option provides the most seamless transition. However, you need to consider the required data retention period and cost of running both environments. A good partner can help you negotiate these issues with your Splunk account manager to make them less impactful.

The primary benefit of this method allows for a full user acceptance test to be carried out prior to end users migrating to the service. A disadvantage is that although you can migrate the remaining historical data left on the on-premises deployment at this point, doing so would require outages of the service. Often people choose to age out the historical data, which means you need to understand your data retention periods.

Full migration 

This approach involves a full migration of the on-premises deployment with data. This is similar to the greenfield approach but requires an outage to complete. The length of the outage depends on the volume of historical data that's required. The configuration part of the migration can be completed first to ensure Splunk Cloud Platform is prepped and ready to receive the data before the required outage takes place.

This approach is common when there is a deadline, such as if your on-premises Splunk deployment needs to be removed and historical data migration is a requirement.

Summary table

  Greenfield Dual firing Full migration
Pros
  • Clean start
  • No outage
  • Instant switchover for users
  • Easy to align to best practice
  • Testing of configuration but not under load
  • No outage
  • Historical data (depending on retention period)
  • Full testing under load
  • Historical data migrated
  • Testing of configuration but not under load
  • Switchover for users once outage complete
Cons
  • No historical data
  • Limited testing under load
  • Cost of both environments running for the period of dual firing data
  • Long migration period
  • Outage requirements
  • Difficult to return on unforeseen issue

Next steps

The benefits of migrating to Splunk Cloud Platform are worth the effort. The projects required to make the transition don't have to be intimidating; they can be a very controlled and well-trodden path, especially when you use a trusted partner. If you need help deciding the approach you would like to take, UK-based Somerford Associates can help. Somerford Associates is an award winning Elite Partner with Splunk and the largest Partner Practice of Consultants in EMEA. We protect data, demonstrate that it is being managed effectively and derive greater value, by providing real-time insights to support effective decision making. With our specialist knowledge, skills, experience and strong reputation for enabling digital transformation at scale and at pace, we provide full delivery, including design, implementation, deployment and support.