Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 5 subscribers
  • Views 8868 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM HA @ AWS?

lprikockis

Is anyone out there actually using the HA-version of the UTM architecture outlined here:  https://www.sophos.com/en-us/support/knowledgebase/122202.aspx ?

I've managed to get a trial HA cluster up and running, but haven't been able to figure out how to access the logs that are, according to their diagram, "streamed to CloudWatch in real time" ...

would love to compare notes with someone else who's taken this thing for a spin.

(note: I've been using the UTM software w/AWS for several years now, so I'm very familiar with it in general-- this HA and autoscaling stuff is new though)



This thread was automatically locked due to age.
Parents
  • 0

    I'd be interested in trying this as I'm considering moving our infrastructure to AWS...

    Did you setup cold- or warm-standby?  How does the cost compare to just having a regular instance?  When AlanT first created the template, he used a fairly large instance, is that now selectable?

    Cheers - Bob

Reply
  • 0

    I'd be interested in trying this as I'm considering moving our infrastructure to AWS...

    Did you setup cold- or warm-standby?  How does the cost compare to just having a regular instance?  When AlanT first created the template, he used a fairly large instance, is that now selectable?

    Cheers - Bob

Children
  • 0 in reply to BAlfson

    Hi Bob--

      - initially, I tried cold-standby, but I think what I really want is a warm-standby (even though that means I'll be paying ec2 usage costs to keep the standby instance around).  It takes a number of minutes to stand up the new instance though and that would be too long in an actual failover scenario.

    The template utilizes m3.medium instances... not technically selectable when launching, but you could easily modify the auto-scaling-group later to use a different instance type I think.   Or if you're comfortable modifying CloudFormation templates, you could rather easily adjust it to suit your requirements.

    I'm still trying to work out with Sophos exactly what the differences are between theiir AWS HA template (which is what this diagram appears to show: https://www.sophos.com/en-us/medialibrary/SophosNext/Images/LP/AWS/sophos_aws-architecture_diagram_letter-HA.jpg?la=en ) and their Auto-scaling template (https://community.sophos.com/kb/en-US/122742)

    What I basically need is just a HA solution that has a warm-failover... however, their AS template appears to use a newer AMI that actually uses Amazon's newer HVM virtualization instead of the older paravirtualization used by their HA AMIs.   Confused yet? [*-)] I'm supposed to have a call with a Sophos engineer later today, so hopefully that will help cut through the fog a bit.

    Bottom line appears to be-- Sophos has taken some great strides towards making the UTM a really excellent option for AWS ... and they have created some fabulous looking diagrams ... but the actual implementation is still a tad rough around the edges and I think would be an absolute nightmare for someone who wasn't already familiar both with the UTM and AWS.

    Still, it's far better than the roll-our-own solution we've been cobbling together on our own.

  • 0 in reply to lprikockis

    "you could easily modify the auto-scaling-group later to use a different instance type I think." - Did Support confirm that?

    "an absolute nightmare for someone who wasn't already familiar both with the UTM and AWS." - That was my impression, and I don't have enough confidence in my AWS Kung-Fu to want to try this without a wingman.

    Let me know when you're ready to start and I'll try at the same time.  I assume that we're each going to use a config backup from our currently-running instance.

    Cheers - Bob

    PS I tried to send you a PM, but your Settings apparently don't have that open for Everyone.  Mine is, so please message me so that we can exchange personal contact info.