By Carl Durrant, Senior Consultant, Avocado
As a Splunk partner, Avocado attended the SBOX Partner Launch Party on 10 October in Sydney. The event was well attended with a number of professional services organisations represented. I have previously blogged about the rise of Splunk and the many business benefits it will bring to the current landscape.
A challenge for businesses looking to leverage Splunk is the current length of time it takes to get a proof of concept off the ground and to subsequently deploy a Splunk architecture. Both of these require planning, design and procurement before final implementation. This is currently something that a professional services organisation can help with, but ultimately still takes more time that is desired in a landscape where organisations require faster and faster turnaround to meet their objectives and individual business unit challenges.
A common thing we see in technology is that when something is complex and time-consuming it is ripe for disruption through innovation and ultimately simplification. The timely introduction of SBOX sets up a further stepping stone for Splunk to accelerate into the marketplace. Born in the US, SBOX packages all of the current provisioning steps for a Splunk architecture into an appliance which comes in two flavours – a hardware appliance and a software appliance.
The licensing setup continues to be based around the concept of the traditional Splunk ingestion model and a separate cost for SBOX. Sizing the SBOX configuration is as simple as providing the Splunk license size and retention period. Anyone who has designed large Splunk architectures will understand how much time and planning this potentially removes.
SBOX have created a software platform as part of the offering known as the SBOX Solution Centre. This adds further value in deployment and speed of delivery. They are currently looking to grow this ecosystem through technology alliances and partners. The platform has a number of other management advantages in a Splunk deployment such as version control, optimised configurations and handling of failover to mention a few.
The product is currently predominately aimed at the security analyst. It helps them to address security concerns in an ever increasing world of complexity by using the appliance to deploy a solution much faster and with better performance than is commonly achieved on private, on-premise infrastructure. They are also targeting Big Data with Hadoop, enabling you to leverage it for Splunk much faster again than would commonly be achievable.
In a world that is moving towards greater competition and increased complexity, the most important thing to get right is focusing on the things that will bring the quickest return on investment and maximum value for time spent. SBOX can help move an organisation away from time spent on delivery and implementation of Splunk, to time spent on getting value out of Splunk. For this reason alone it could start to see some good traction in the Asia/Pacific region.