Perhaps saying “perfect” is a bit of a stretch, but there’s no doubt that our Sophos UTM solution is an industry-leading product that offers a comprehensive, yet simple approach to network security. What I really mean to say is that our UTM is perfect virtually — providing an outstanding base on which to build a flexible network security solution using virtualization platforms such as VMware vSphere and Microsoft Hyper-V.
We often highlight the flexible deployment options of our UTM product to partners and prospective customers, making them aware that virtualization is an option. Virtualization is not the best choice for everyone, but in the right environment, virtual UTM can offer unmatched flexibility, performance and scalability.
I recently joined the Sophos SE (sales engineering) team, coming from a partner where we built a “Sophos UTM as a Service” business on a virtualized UTM infrastructure as a Sophos MSP Partner.
The company was a regional Internet Service Provider and Hosted VoIP/PBX vendor, offering national and global Internet service and MPLS networks in addition to the hosted phones. Based on specific customer needs and my personal experience with the UTM product, they built a cluster of virtual host servers with Hyper-V 2012 in their core network datacenter specifically to support Sophos UTM as a virtual, hosted service.
All of their customers had direct Internet service and/or MPLS networks that routed through that datacenter from site to site and to our upstream Internet providers. This made that location a logical choice for hosted UTM, and there were very few customers who did not want the service after seeing a demonstration. They used RED 50 devices at customers’ remote sites to allow balancing/failover of our direct MPLS service and a secondary Broadband Internet service. This virtual deployment was and is very successful, growing exponentially as I write this.
This model has great potential for many of our partners and customers, not all of whom need be an ISP to take advantage of the virtualization benefits.
Companies who offer collocation, private cloud, or similar centralized, off-site infrastructure where rack space, power and bandwidth are sold from their location are well-positioned for virtual UTM.
Any business acting as a service provider for the above solutions could standardize on Sophos UTM as a service.
Consider some of the benefits of a virtualized UTM solution:
- Virtual UTM “instances” are easily spooled up in minutes and deployed from a standard template
- Service providers can allocate large public IP address blocks to the host cluster, and then provision exactly the number of IP addresses needed for a given virtual UTM customer, without losing the network and broadcast addresses. (Customer who needs 3 publics doesn’t need a whole /29)
- Redundancy is built in with the underlying virtual cluster solution, no single point of failure
- Performance can be easily scaled when customers grow or add features (just allocate more CPU and RAM to the virtual UTM instance)
- The MSP licensing model allows for instant deployment without a license order or initial cost to the provider. The provider can still bill up front for 1 to 3 years, but pays Sophos monthly for only actual number of users and features in use. (Managed by SUM)
- Outstanding UTM performance with very low resource utilization on host servers. (25 – 50 customers with 300 users each, 20 or more remote locations each, 100-500Mbps Internet connections for each customer and most using Network, Web, and Email at a minimum on a single, $9,000.00 host server at less than 25% utilization)
- Trusted Sophos partner providing unparalleled security as a service in a fully-managed offering with their customers able to manage some features (Role-based security)
- Sophos UTM Manager freely tracking and managing all deployments in a single, free offering
I will be discussing the technical considerations and architecture in later newsletters and an internal Virtual UTM training program in the future.
I hope you can see the potential in our virtualization option. If this is planned correctly and deployed to the right partners/customers, our virtually perfect UTM becomes perfect virtually.