Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 1 reply
  • Subscribers 2 subscribers
  • Views 16165 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Endpoint Protection. on-prem vs Cloud

JasonHolder

Help - So we currently have cloud.sophos.com endpoint access and have been using the cloud-based for a while with mixed results.  We are considering moving this to an on-premises server for stability and speed.  We have about 3000 endpoints and about 1600 active users. Of the 3000 end points, 1000 of them are used outside of our WAN. 

- Is there a way to use a hybrid system of cloud and on-premises?

- Can I publish my on-premises server to the web for mobile clients to access? 

- Or do I just stay with the cloud? 



This thread was automatically locked due to age.
  • +1

    Hi,

    Licences aside as you could possible arrange a split licence for Central and On-premise.

    There is no integration between Central and On-Premise.  The only thing that is aware of both is the Sophos Central Migration tool which helps move on-premise clients to Sophos Central.  It's for the most part a one way street.

    I think the answer here lies in the right solution for the groups of endpoints and the features you need.

    For the 1000 outside of the WAN, the Central probably works well in that you don't have to worry about the infrastructure and connectivity.  This is probably the main concern there.

    For the reamaining 2000 I assume internal connectivity is good so these would work well with the SEC on-premise solution.  Maybe a couple of Update Managers at different sites to help distribute the update locations.  You probably will not even need to worry about message relays, as sub 2000 you could easily get away with a single server to host the management server and it would be fine with 2000 direct connections at least for management. 

    You could go 100% on-premise but that would require 2 things:
    1. A "publically" accessible Message Relay for remote clients to message in.  I assume there is no 100% VPN uptime from a client and Direct Access will not work with RMS

    2. A "publically" accessible web server to host the updates.  Fine if you already expose this sort of role but otherwise could be a lot of work to manage and secure.

    This is where the infrastructure side maybe a burden and a cost so I would suggest splitting it based on management needs as I think that's where the most logical and cost effective split is. 

    If you really need to consolidate reports, then the Cloud Central solution does have a REST API to pull reporting data.  This data could therefore be pulled into a system as could the on-premise data via the Sophos Reporting API.  A simple joining of at least a common subset of the data could offer some consolidation if really needed.

    I think Central is the future of Sophos so using it for a good portion of your endpoints will also help you feel ready for in the long run.  Espeically when there is feature parity with on-premise.

    https://community.sophos.com/kb/en-us/121475 is worth a read but consider it might be a little out of date as Central is updated very frequently.

    Regards,
    Jak

Unfiltered HTML