The following diagram represents a Splunk SOAR (On-premises) Single Server topology.

This deployment topology is implemented with a single Splunk SOAR (On-premises) node. This architecture can be scaled up vertically to account for higher event ingestion or more active playbook runs.

The topology is suitable for one of the following situations:

• You do not have any requirements to provide high-availability or automatic disaster recovery for your Splunk SOAR (On-premises) deployment
• Your event ingestion is < 30,000 events per hour
• You have less than 50 users accessing Splunk SOAR (On-premises)

The primary benefits of this topology include the following:

• Simple administration, performance automation and orchestration, and a fixed total cost of ownership (TCO)
• Effective solution for organizations with a small number of users accessing the Splunk SOAR (On-premises) User Interface

The primary limitations of this topology include the following:

• No High Availability for ingestion and automation
• Scalability limited by hardware capacity

When using the topology, you may find the following information helpful:

• This deployment must be vertically scaled to handle higher event rates