Configure HA (optional)

After you have configured and licensed (if applicable) the Stand Alone UTM, you can configure the system for High Availability (HA) as described in chapter Stand Alone with HA (Cold and Warm Standby). The process requires that you run a conversion utility that converts the Stand Alone UTM to an HA (cold or warm standby).

Depending on the latest UTM release published in the AWS Marketplace, there may not be an Amazon Machine Image (AMI) that supports the conversion utility for your version. If so, the user interface will post a message to check back in a couple of days after the latest release is published.

Before proceeding with the Conversion feature, you will need a valid AWS Access Key ID and AWS Secret Access Key. The AWS keys are created using the AWS IAM module. You can follow the steps listed in Managing Access Key for IAM Users to create an AWS Access Keys ID and AWS Secret Access Key.

After creating the Access Key ID and a Secret Access Key select the HA deployment model for conversion. The conversion features support two HA models:

To begin the conversion process, follow these steps:

  1. Navigate to the Sophos UTM WebAdmin dashboard and select Management > HA/Autoscaling.

    Conversion Utility

  2. Enter the AWS access key ID and the AWS secret key.

  3. Select your Amazon deployment type.

  4. Click Conversion Pre-Check.

    This initiates the conversion process for Sophos UTM. The Conversion feature will use CloudFormation templates to convert the stand alone Sophos UTM into HA (warm or cold standby). We recommend you run the Conversion utility during a maintenance window as the process will start and stop several services.

    The Conversion Pre-Check screen will highlight:

    • The current EC2 Key Pair used for the deployment of the Sophos UTM instance

    • The current EIP, if available

    • The VPC for the single/standalone UTM

    • The current UTM license model (PAYG or BYOL)

    • The VPC Subnets for your deployment model (two for HA solutions)

    • The current Security Groups for the Sophos UTM EC2 Instance

    • Current size of configuration, log, and database files

    • AZ for your deployment model (two AZs are required for HA)

    • CloudFormation Stack Name

    • Optional – (Default) Copy log files from UTM standalone instance to new deployment.

    • Optional – (Default) Copy database from UTM standalone instance to new deployment.

    • Optional – (Not Default) Terminate UTM standalone after completion of conversion process.

  5. Click Convert to begin the conversion process.

    The conversion process will create the required AWS resources to support the Sophos deployment model per your selection. Additional resources will include VPC Subnets, Security Groups, Auto Scaling groups, and CloudWatch metrics to support the new deployment model. You can watch the Conversion feature status results and CloudFormation stack events under the CloudFormation Management Console to check the status of the conversion.

    After running the Conversion feature, you can review three menus to confirm the completed status:

    • Sophos UTM conversion results
    • AWS EC2 Instance Status

    • VPC subnets

The following figures show the completed status for the HA (Warm Standby) conversion.

Results of Conversion Utility

The EC2 Instances menu shows two new EC2 Instances replacing the previous standalone instance.

New EC2 Instances Hosting UTM HA

Related Topics Link IconRelated Topics