Software UTM (Home) hardware spec

I have been using UTM for a while and it has performed well.  I used a 150M/15 conection with a 8/1 backup originally and saw throughput over 120M routinely.  On the same hardware I have changed to three ADSL connections 8/1, 5/1 and 3/1 and obviously the hardware copes fine.

 

I have the option of a 1000/1000 connection in a few months and wondered what spec of hardware I should use, choosing low energy components where possible.  Does anyone have any relevant experience to share ?

 

Thanks in advance. 

  • Using one of these https://www.ebay.com/itm/4-Lan-Intel-core-I5-5250U-Home-Router-Qotom-Q355G4-8G-RAM-32G-SSD-fanless/263596333613 .  UTM is installed under esxi with 4GB of ram.  Even 3GB would be fine.

    Intrusion prevention is disabled (via exceptions) for certain tasks to benefit from full bandwidth (att fiber gigabit).

    Typical idle power draw is ~32 watts per the UPS. This includes the following

    * esxi box running utm, freepbx, and small ups monitoring appliance
    * Netgear R7000 in AP mode with xwrt firmware (for wifi and vlan)
    * Obi200
    * Lucent G-010G-A ONT (fiber <> ethernet bridge)
    * 120mm usb powered fan to keep the qotom box cool (plugged into one of those 120V > 2A usb adapters
    * 5 port dgs-1005G dumb switch with 2 ports in use.

    I did have the att residential gateway connected too at one point, that adds another 8W.  For the last 2 weeks it's been eliminated using the dumb switch method.

    When running speed tests that saturate the connection, power use shoots up to 40watts.

    Considering an average 36watts, and a per KWH rate of 11¢, this comes out to roughly $35 per year to power.

  • You have many options here. Since you will be getting a 1000/1000 connection you will definitely need hardware fast enough to handle that speed without being bottlenecked by the intrusion prevention system or a slow CPU. The CPU you should be looking at is an Intel i5 or possibly a Celeron J1900.

    The most important aspect is that you choose something with compatible NICs, preferably Intel, such as the Intel i211-AT. The qotom devices are highly recommended and if you purchase from Aliexpress you can customize your unit with the correct size hard drive and RAM that you need. I'd go with 8 Gb of RAM since it's fairly cheap. A 64Gb or 120Gb SSD should be plenty for the UTM.

    https://www.aliexpress.com/item/QOTOM-Q355G4-2017-New-fanless-X86-4-LAN-Micro-Computer-I5-5250U-Dual-core-onboard-1080P/32800711474.html

     

    The other way to go is by building a mini ITX system using parts from a site like Jetway but stick to the embedded motherboards with Intel I211-AT NICs such as this one.

  • I used the QOTOM hardware listed above (i5 version) for building my setup and quiet pleased with the results. I have a 1G fiber broadband at home with about 20 devices. I have an IPSEC from behind the firewall to a VPN provider which is on 24x7 - I tunnel the IPTV traffic through it. The average CPU utilisation is below 3% and the unit runs pretty cool. The setup was a breeze and no issues encountered with the hardware. 

     
  • In reply to Jay Jay:

    Jay Jay - Thank you.

     

    The one requirement I didnt mention was the need to have the ISP supplied static on the UTM;  Does that happen with the Lucent bridge ?

  • In reply to CharlesErrington:

    I'm not sure.  I don't subscribe to any static ip's.

    I first connect the cable from the ONT and the provided gateway's wan port to ports on a dumb switch. Once broadband light is solid (indicating it has connectivity) I disconnect the gateway entirely and connect utm's wan port cable in its place.  This allows my to bypass the att gateway entirely.

    UTM wan is set to dhcp.  So long as a dhcp event occurs every 2 weeks and nothing is disconnected, the ONT remains authenticated.

    I suppose this may work with static ip's too but not something I can test.