Primary Use Case
We have quite a lot of web service hosting, either websites or hosting APIs. We use Sophos as a two-factor authentication process. So, if they are outside or working in a remote office, they will need to use the Sophos VPN, which is gotten from the Sophos UTM, then ideally they will be developers. However, they can also be BI guys, DevOps people, etc.
Sophos UTM allows you to compartmentalize different sections or different people, having those people connect to different services.
We use it for primarily for two-factor authentication, for VPN to allow employees security access the servers and to ensure people do not access things they should not have access to.
Improvements to My Organization
- It has allowed us to have one solution for our AWS needs.
- It allows our developers to be able to securely log into servers to deploy and manage software.
- It has allowed us to design a bespoke cloud space for our clients, while still having an excellent level of protection.
- The combination of server protection
- Seamless incorporation with AWS
- Its VPN feature
Room for Improvement
You (currently) need to buy the Sophos software per availability, zone, and per VPC. It should offer an account-based solution.
When you buy a Sophos license, you have to buy a license for each location. We have clients in the US. We have clients in Ireland. We have clients in the UK. With GD-PI coming, the clients' data needs to stay in-house, so when you buy the Sophos license, it only works for the UK. Then, you have to buy another in the USA and another one in Ireland, then you have to have a VPN tunnel between all of them to have them talk to each other because Sophos blocks them talking to each other.
So, ideally, a multi-VPC or a multi-talented Sophos would be great because it would take away the fact that you need to build a tunnel and you have one management console for all your different locations. Instead of having three different locations with three different IP addresses and having to add users to probably two out of three, sometimes all three, having just one centralized location would be good.
No, we did not. Backups were done daily, and its Linux backend gave us no issues.
Adding new servers was seamless. Adding new users and allowing for VPN access was also fantastic.
Customer Service and Technical Support
For the AWS version, it was atrocious. None really. For the bespoke cloud space that we designed though, they were very good.
To further clarify, there is absolutely no support when using AWS. If you buy the on-premise Sophos solution, you get support and you get all the stuff. Whereas if you are using the AWS version, you do not. So, you kind of have to research. There's something simple really which affects Sophos quite a bit during setup.
No, we didn't. It was our first choice and it was definitely a good one.
For a user who hasn't done it before, it may be a bit complex but with a general understanding of networks, it was fine.
However, when you build everything up using the AWS version (setup), it actually does not work until you write it on the Sophos UTM and in the networking, you have to change the source destination check. You have to do that at the end of it, but there is nowhere in the documentation or anything where it tells you that. It was just somebody happened to find that out. It is a pretty straightforward setup, but it should be some sort of documentation that takes you step-by-step to help set it up for your VPC. There really is not that much difference setting it up in different VPCs, but there is not enough information out there. It is a very good solution that a lot of people would be using more of except you are doing different things, and you have to try and figure it out yourself.
The support, there is none; AWS themselves, they support it the best, because they have some knowledge of it, but they do not fully support it because it is not their product. It is a third-party product.
Pricing, Setup Cost and Licensing
Licensing is a bit complicated, as it is based on products -- so define your requirements and find what best suits you, as you do not need the whole suite of software they provide.
For AWS, it is pretty straightforward. You buy it, then you have all your licenses that you need, approximately 60 or 70, or it might even be unlimited. However, that is for one margin to expand to different margins. If you have an on-premise AWS, or one of our clients wanted on-premise AWS Assistant, the problem is to build the Sophos UTM on it. We get the software, then the licensing was not explained well because when you buy the licenses, you buy five (or 50) licenses, that is for the first module. So if you expand to second module, you have to buy more licenses of that.
Again, it is one of those things where it is not well explained. Unless you are in the United States, or you have to use Sophos, you can't contact Sophos directly. You have to use a third-party company, and they all have different ways of how they explain their licensing. So, we have clients that want the database on-premise, and we went to get the Sophos licensing system and stuff like that. It was just they were doing it a different way to who we had in Ireland, so the conformity is a bit iffy.
It is one of those things where it is not very well explained, so it is a lot of grunt work, a lot research has to be done before you progress, and there are the pitfalls that you encounter. There are quite a few of them. Once you get it working, it is a fantastic product. It is just getting it that is the issue.
Other Solutions Considered
We looked at a few, but I can't remember right now.
Great product which works without issues or downtime.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Jan 01 2018