Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 22 replies
  • Subscribers 46 subscribers
  • Views 5046 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

What hypervisor would you use to install Sophos Home?

JasP

There have been a lot of posts in the forum about hardware compatible with Sophos Home and related posts about getting Sophos Home to run on XGS hardware (which is currently not possible). I asked what the future of Sophos Home was here, What is the future of Sophos Home License? and the response seemed to be "don't expect any changes soon but running it under a hypervisor will address most issues".

Clearly setting up a hypervisor adds a significant amount of complexity to a Sophos Home setup. I don't actually need this myself but thought it would be an interesting 'project' and something I may write up and post here for anybody else who needs it. The aim is to ultimately created an unattended install package so it can be deployed on hardware without a video card if needed.

With this in mind, I'm interested in what suggestions people have for a hypervisor.

My experience with operating systems is nearly all with Windows but I can (slowly) find my way around Linux when I have to. We run a couple of Ubuntu VMs for specific applications.

  • My criteria (please feel to add to this)
  • It has to be free
  • It has to have a wide range of hardware support
  • It should have a long term future
  • I have to be able to script it for unattended install
  • It would help if it is popular (more online resources)

I have ruled out Windows Hyper-V Server because 2019 is the last version they are going to make available. There is no Hyper-V Server 2022. My initial inclination is to go for VMware ESXi as it seems to fulfil all my requirements, and as a dedicated lightweight hypervisor, seems an obvious choice. I realise I could add KVM to my preferred Linux but as I don't consider myself knowledgeable with any version of Linux, there doesn't seem to be any advantage to that.

Does ESXi seem a good choice? Does anybody think there is something better?



This thread was automatically locked due to age.
  • 0 in reply to rfcat_vk

    Discontinued on Windows Server flavors that were free.

    Edit:  There is a rumor they want to produce their own dedicated VM Host product, similar to ESXi, Proxmox, etc.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • 0 in reply to Amodin

    Not mass installation, but I want to support as many hardware platforms as possible, including people who want to run Home on XGS hardware. As XGS hardware has no GPU, installation of the hypervisor would have to be unattended, and get you to the stage that you can log into it via the hypervisor's web interface or SSH.

    I'm interested what sort of issues you had 'battling hardware requirements'. I'm sort of leaning towards ESXi but haven't ruled out Proxmox (via a Debian unattended then install Proxmox).

  • 0 in reply to LuCar Toni

    Does the need to reboot to install updates with win 10/11 cause any issues with downtime? 

  • 0 in reply to JasP
    JasP said:
    Not mass installation, but I want to support as many hardware platforms as possible, including people who want to run Home on XGS hardwar

    I don't think you will be able to run anything on the XGS hardware.

    It's not because it doesn't have a GPU, but all network interfaces are connected directly to the Xstream Processor, which is a Marvell Octeon NPU, this NPU is then connected with the CPU by PCI.

    If you're looking to use those mini-pc (Firewalls) then I highly recommend you stick with Proxmox and use the latest 6.2 kernel.

    JasP said:
    installation of the hypervisor would have to be unattended

    Can you explain the exact need for this?

    Since you're talking about using the home license, there's no need to have unattended installation unless you're talking about dozens or hundreds of firewalls.

    JasP said:
    However, the idea of creating a platform that allows home users to use Home on any hardware platform appeals and I think will be useful to other people

    You're trying to fix an issue that you've created yourself.

    If someone is looking to use the home edition of Sophos Firewall, then that person already has enough knowledge on how-to do the basics. (Such as installing a hypervisor.) Or enough free time to search on how to do it.

    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v21 EAP @ Home

    Sophos ZTNA (KVM) @ Home

  • 0 in reply to Amodin

    No, my small office server version was no longer supported or was there any way forward other than buying a full blown MS server which to me was an overkill that I could not afford or justify. No free serever software from MS that i am aware of.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Prism

    The only thing I could think of is maybe install Proxmox on the XGS, then create an disk image of the hard drive, and then have a way for users to load the image onto their own XGS units and extract it to their HDD. It's not an installation, rather just extracting the hard drive image onto another device. Proxmox would be preinstalled after the extraction of the disk image. Of course then you would have to have a way to install Grub onto the MBR too.

  • 0 in reply to JasP
    JasP said:
    I'm interested what sort of issues you had 'battling hardware requirements'.

    It's not that I couldn't get anything to work, but every major revision they would discontinue another version of hardware that ESXi would not operate on and not allow you to install their bare metal OS.  That is frankly overkill and unnecessary, not even the open sourced VM hosts go to the extreme that VMWare was going with their requirements.  I could see that perhaps in an enterprise environment for this reason or that, but a lot - a LOT - of home/community users who have used their product don't need to cycle through that many versions of an OS host and don't have the finances to update hardware every revision.

    At least with Proxmox, I could use the server that EoL'd by VMWare standards (dual Xeon Intel server) until I could get rid of that boat anchor and move to my new Intel NUCs.  But I still use Proxmox on those - I just think Proxmox is a better product for me. VMWare is just a fancy name.  Either way - I am not a fan of my firewall running in a VM for some reason.  Sure, I could see HA standby there, but not my main firewall.  I don't like that setup and use a SuperMicro server for that specific need.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • 0 in reply to Prism
    Prism said:
    Not mass installation, but I want to support as many hardware platforms as possible, including people who want to run Home on XGS hardwar

    I don't think you will be able to run anything on the XGS hardware.

    It's not because it doesn't have a GPU, but all network interfaces are connected directly to the Xstream Processor, which is a Marvell Octeon NPU, this NPU is then connected with the CPU by PCI.

    If you're looking to use those mini-pc (Firewalls) then I highly recommend you stick with Proxmox and use the latest 6.2 kernel.

    installation of the hypervisor would have to be unattended

    Can you explain the exact need for this?

    Since you're talking about using the home license, there's no need to have unattended installation unless you're talking about dozens or hundreds of firewalls.

    However, the idea of creating a platform that allows home users to use Home on any hardware platform appeals and I think will be useful to other people

    You're trying to fix an issue that you've created yourself.

    If someone is looking to use the home edition of Sophos Firewall, then that person already has enough knowledge on how-to do the basics. (Such as installing a hypervisor.) Or enough free time to search on how to do it.

    Fully Agree with everything here, trying to script this to work on any hardware will just lead to a nightmare, there is always going to need to be a manual element where the hardware is going to be varied and not standardised. by the time you have a working deployment script for one piece of hardware the software will change or there will be a revision on the hardware and it will break the deployment.

    Sophos XG Engineer

    Sophos Silver Partner

  • 0 in reply to rfcat_vk

    There were/are two SKUs for Hyper-V, there was a free version that used to be on servers, and a server version (which can be installed via Server Manager).  I believe SBS had the free SKU version.  Server 2022 still has Hyper-V.  They basically referred everyone to alternatives, but Hyper-V is still active in regular Windows Servers.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • 0 in reply to rfcat_vk

    If this is home/lab use you can get away with using the evaluation version and reset the clock every 6 months, you can do this 6 time which gives 3 years worth of use

    Sophos XG Engineer

    Sophos Silver Partner

Unfiltered HTML