Skip to content

Sophos UTM in AWS: The world’s first elastic firewall

amazonwebservicesIf you’re familiar with Amazon Web Services (AWS), you love Amazon’s Elastic Computing Cloud (EC2) Auto Scaling. It allows you to scale your capacity up or down automatically, according to conditions you define. And we’re bringing this feature to Sophos UTM for AWS. Now, you can seamlessly scale up during demand spikes to maintain performance, or minimize costs by scaling back automatically during demand lulls.

In our previous blog post, we covered how Sophos UTM and the Amazon Cloud go perfectly together. But we also wanted to let you know we’re actively working to support auto-scaling groups for the Sophos UTM. True to EC2 auto scaling, it will allow you to expand a UTM “swarm” when your network needs it and contract it during lulls to save money.

Our UTM will be fully integrated with Amazon Cloudwatch metrics, so you can customize the scaling decisions using an array of advanced options. And support for Amazon’s Elastic Load Balancers allows your network to automatically adapt to the ever-changing amount of UTMs.

How it works

In creating an elastic UTM, we’re leveraging many of the great tools available as part of the Amazon cloud platform such as Auto-Scaling, Cloudwatch and Elastic Load Balancers. A dedicated, out-of-band UTM called the “Controller” manages an auto-scaling group of UTMs called the “Swarm.”

UTMs can be added and removed from the Swarm automatically using a variety of customizable triggers to achieve elasticity. When a new UTM is spawned into the Swarm, it gets the same configuration as the other UTMs and is able to handle sessions given to it by the Elastic Load Balancer. This also provides an automated self-healing defense if an existing Swarm UTM suffers a failure and needs to be replaced.

Amazon Web Services Elastic

Operationally, changes of any kind are not made separately on any single UTM. In fact, you cannot log in to the Swarm UTMs. You administer everything from the Controller, which syncs its configuration to the Swarm. Swarm members periodically check the Controller for changes. Upon detection, they directly initiate roll-out of the new configuration.

Using the configuration of the Controller to synchronize across the Swarm ensures all definitions, certificates, rules, objects and systems are operationally identical. Swarm members know they’re incorporated without needing to be aware of other Swarm members individually. And, they’ll have special handling for logging, reporting, central management (via Sophos UTM Manager) and other areas as needed to ensure proper operation in this configuration.

Learn more about Sophos UTM in the Amazon Cloud

We’ll be bringing you more information on these exciting developments as we near launch early next year. In the meantime, you can sign up to take a no-obligation test drive of Sophos UTM in AWS. Click over to our informational webpage to see demonstration videos, read a FAQ, and download our datasheet.

To learn more about Sophos UTM, visit our UTM product page.


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!