Best UTM 9.5 practise for UPS shutdown action

I can help with the last point: it won't!

If you shutdown (halt) a UTM you have to power-cycle - to be correct - press the small button on it's back to bring it back online again. So in my opinion shutting it down is not the best idea. Normally nothing should happen to it when the power fails as linux systems are quite more solid than e.g. windows server. And IF... allways keep an actual backup of the configuration ;-)

Hold on! Just so we're on the same page here.

Power-cycle by pressing the button is one thing, but the power-cycle I was referring to is the physical disconnection and reconnection of AC power (handled by the UPS).

What you're saying is that, in the unlikely event of a prolonged power failure, I should just let our UTM turn off due to AC power loss? Will it then turn itself on once AC power is restored, or will this also require us to press the small button on the back? What about the scenario where the UTM is gracefully shut down?

EDIT:
I've hooked a keyboard and a screen to the SG 115 box, turned it off and on. Just as I expected its small form doesn't change the fact that it's a PC underneath. I entered the BIOS and changed the "restore power on AC loss" to "always on". Basically, if I turn the box off (graceful shutdown) it'll be off. If I then take the power cord out and plug it back in it should (in theory at least) instantly power on.

Subsequently I should be able to make a graceful shutdown script for the host machine hooked up to the UPS... assuming that this IS the best practise, which I'm still not 100% sure about.

A "gracefully shutdown" UTM will stay down till cycling the power.

A "ungracefully shutdown" UTM will use the last state. If it was powered on it will boot up.

Maybe there is a difference with the big models that contain more than one power source but 1xx, 2xx, 330 (biggest one we have sold) all behave this way.

Correction: if a 330 loses power after a graceful shutdown it will boot up after the restore. But the main difference to a 1xx is that the 19 inch models have a 'real' power switch. Maybe 1xx will boot up, too after a power restore, BUT: if shutdown and power of the UPS isn't lost because the break was too short you will definately have to power-cycle it.

So IF you decide to power it down let it be the last device in the chain ;-)

If your UPS supports complex macros like powering down single ports you would have to implement a logic that takes UTMs power fully away after a restore before battery was depleted, too to cover all possibilities...

I feel a bit silly for correcting you (a Sophos Silver Partner [;)]), but I checked it today.

The small desktop-form devices (like the SG 115) are basically small PCs with a typical "soft" power switch. They also have a BIOS with a standard "power on after AC loss" setting, which has 3 options:

- always off - the device will never power up after power loss
- always on - the device will always power up after loss
- last state - the device will power up if it was already powered up before the AC loss

You're right in that the default setting is "last state". But it's easy to change (hook up a monitor and a keyboard, reboot the device, hit DEL to enter BIOS settings). Thus, I changed it to "always on" which means the UTM should power up after a graceful shutdown and a power-cycle.

As for everything else in your post - yeah, I've already got that covered. I already need to "carefully" shut down each of our Hyper-V hosts - because they share the RAID array, if they all went down at the same time most of the time would be wasted waiting for the virtual machines to save states. I'm already giving each of the hosts a different delay so that only one is shutting down at a time (to speed up the process). Likewise, I've also had to change the boot delay (each hosts' BIOS supports such a neat feature) so that each host powers up after a slightly different delay.

The UPS itself will finish a power-down operation once initiated (which includes a power-cycle) - even if AC power is restored during that operation.

I have no problem with being corrected ;-)

All models of UTM are in some kind 'PC-like' or 'Server-like' when you look at the hardware. They don't do funky foggy magic at Sophos, it is still a Linux OS running on more or less standard hardware. I must say, I never used a keyboard or screen after a new UTM is flashed with SUSI, nearly all of the devices I take care of are 'off-site' at our customers. When they are broken I don't fix hardware issues for myself, that is Sophos Support's job, not mine. :-)

I never was in BIOS of any of that devices, so I could not say anything to the power options there. My partner status only says 'sells Sophos stuff for xy $/year', no more, no less. It doesn't make me all-knowing, as the certified architect also doesn't do. I'm learning each day new things, mostly by doing or by reading this forum.

No worries. This is why I put a smiley in there. [:)]

On a side note I've had the exact same "issue" with our hyper-V host machines. They are part of a larger Intel host which doesn't have an "off" state, but despite that the server blades themselves would not turn on after a graceful shutdown and a power-cycle. Being able to KVM into them, however, revealed they all have the same BIOS setting as described above.

No worries. This is why I put a smiley in there. [:)]

On a side note I've had the exact same "issue" with our hyper-V host machines. They are part of a larger Intel host which doesn't have an "off" state, but despite that the server blades themselves would not turn on after a graceful shutdown and a power-cycle. Being able to KVM into them, however, revealed they all have the same BIOS setting as described above.