As a new member of this community, I am seeking your expert advice and guidance on a pressing issue I'm facing. I am looking to set up an Elastic SIEM (Security Information and Event Management) solution for a multi-tenant environment consisting of 3 customers.
I believe your collective experience and knowledge would be invaluable in helping me navigate this challenge effectively. I am eager to understand the best practices, potential pitfalls, and any recommendations you may have for ensuring a successful deployment in a multi-tenant scenario.
Thank you in advance for your consideration and support. I look forward to your valuable insights.
There will probably be lots of things to consider, but first, you need to plan and test user authentication. Your customers probably don't share an authentication method, such as LDAP, so you may have to set up a realm for each separate customer. That's probably something few of us have done. You can probably setup a POC on a single node test cluster.
I know in every world I've been in, how you are going to split costs will be an issue. Nobody will think they are using 1/3 of the resources, so won't want to pay their 1/3 of the costs. Scaling resources if one customer becomes huge while the others are small may be an issue.
I guess if you are in the role of an MSP, maybe only MSP users will be using the stack. I've always had customers that had access to their data.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.