This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Qotom Core i7 mini computer - too good to be true?

Hi I just purchased a miniComputer from the chinese vendor Qotom.  It seems like a pretty nice little device but I've run into a very significant problem in that the UTM ISO won't recognize more than a single NIC of the 4 available.

 

Can anyone assist?

 

Thanks,

Doug

 

SPECS:

Intel Core i7 4500U Haswell

Intel 4400 Graphics

1x HDMI   1x RS-232  1x mini-PCIe  1x mSATA 

4x Intel I211-AT Gigabit Network

  



This thread was automatically locked due to age.
Parents
  • Dear Doug

     

    you can install ESXI VMware  on your pc and make a virtual machine SOPHOS UTM 9 

  • No, that is not what I'm interested in doing.  It's possible to remove an entire VM from an ESXi implementation.  I'm looking for a bare iron installation not VM.
    Note: I'm running a VM on ESXi at the present time.  This is not secure enough for me.

  • well snort isn't multi threaded so 1 transfer = 1 snort process (as far as i know), i think there can be more than 1 snort process if multiple sources/destinations are called.

    ---

    Sophos UTM 9.3 Certified Engineer

  • just wanted to give a quick update after a little more than 2 weeks of usage:

    performance is great like i said, IPsec Site2Site via AES is up to 850MBit/s over LAN, OpenVPN via CPU is 200Mbit/s per Core and about the same for IPS (200Mbit/s per Core for IPS)

    ---

    Sophos UTM 9.3 Certified Engineer

  • dougga said:

    I don't think the number of snort processes is configurable.  Did you figure out how to do that?

    This works easily:

    console> show ips-settings
    -------------IPS Instances------------
    IPS CPU
    1    0
    

     

    console>set ips ips-instance add IPS cpu 1
    0     1
    console> set ips ips-instance apply

    Finally proof, you have assigned a second CPU to the second IPS instance:
    console> show ips-settings
    -------------IPS Instances------------
    IPS CPU
    1    0
    2    1
    

    Please send me Spam gueselkuebel@sg-utm.also-solutions.ch

  • ^^What command are you typing in to access the console once in the ssh shell?

  • Hey Ben,

     

    So I can't do a thing to challenge this Qotom box with only 40Mb/s download.

    I started doing power and cost analysis and am running into something strange.

    My UPS has a sensor that tells me how much power various devices are using.

    Well, the Qotom while booting doesn't register any power at all.  I'm assuming this is a bug in the UPS.

    Do you have the ability to test power consumption (watts)?

    I've been doing calculations to see if or how much running on AWS would save me but it's possible these very lower power implementations might match the savings of Amazon and adding the simplicity & security of onsite has some value vs. remote/hosted.

    Note: I think this Qotom is  fairly close to the M4 Large AWS instance which is $0.10/hr of processing of 2cores @ 2.4GHz.  Half the cores but twice the speed. [?]  The break even for power cost for me in Seattle would be 24 watts.  Given my UPS doesn't register any power, I'm assuming I'm beating this. 

    All of this is based on my extremely low utilization which probably means this is only a guestimate. I'd be very interested in plugging in your numbers to see what your break even would be based on your more robust workload.

    Cheers,

    ~Doug

  • An interesting thought occurred to me.  If you have similarly low (negligible) power usage, I'm wondering if these are knock-off intel cpus.

    I'll wait before investigating this red herring.

     

    Examination of a fake Intel Core i7:  https://www.youtube.com/watch?v=92uflDSYUHw

    New Egg dealing with counterfeit merchandise: https://gizmodo.com/5488699/newegg-confirms-that-counterfeit-intel-core-i7-processors-were-shipped

    Chinese Knock-off Intel CPUs: https://www.quora.com/Are-some-Chinese-manufacturers-duplicating-Intel-CPUs-as-well-like-the-Core-i7-i5-i3-etc

    Intels testing software: https://downloadcenter.intel.com/download/19792/Intel-Processor-Diagnostic-Tool

     

    After reading these article, I'm tempted to install Windows and test the thing.  The power consumption seems just too good to be true.  I'm wondering if we've been scammed - though for this use-case, fewer CPU features for better power consumption is exactly what I'd choose.  Diving further down the paranoid rabbit-hole, there might be some features we may not have bargained for that could be "problematic" for firewall usage.

     

    The Intel specifications show a 15 W general power consumption when all cores are active.  That's very low... so who knows?  Perhaps everything's fine and these are exceptional little machines.  Given my power break-even number is 24 watts it appears these Qotoms are as good or better than Amazon AWS... unless they're knock-offs in which case I'd never trust 'em.

  • Regarding power.  My ups reads 32 watts for all the network equipment during idle.  This includes modem, r7000 router in AP mode, a 10 yr old 3com 8port gigabit switch, obi200, the qotom box (w/ esxi, utm, freepbx, and a light centos install for monitoring the ups).  The problem with this is this is a converted value.  Specifically ups reports a percentage of rated power (in my case 810 watts).  4% is roughly 32 watts.  The values reported are integers only.  When saturating the pipe (350mbps), power will spike up to 50 watts per the ups.

    Load 4% (32 Watts)

    Sometime tomorrow I'll shut the qotom down but leave everything else up to get an idea how much draw there is from the other devices.  Then a more accurate power consumption can be evaluated.

     

    CPU:

    Looks pretty genuine to me.

    Ran the validator using win10 installed on an external usb 3 drive.  Makes for a handy tool without having to swap drives.

     

    --------------------------------------------------------------------
    CPU1
    Genuine Intel CPU Test
    Module Version: 1.0.12.64b.W
    Start Time: Sat Nov  4 08:29:22 2017
    Test Result - PASS
    Expected: GenuineIntel
    Detected: GenuineIntel
    End Time: Sat Nov  4 08:29:22 2017
    Total Time:  seconds: 0
    --------------------------------------------------------------------
    CPU1
    CPU Brand String Test
    Module Version: 1.0.14.64b.W
    Start Time: Sat Nov  4 08:29:22 2017
    Test Result - PASS
    Expected: Intel(R) Core(TM) CPU @
    Detected: Intel(R) Core(TM) i5-5250U CPU @ 1.60GHz
    Intel(R) Core(TM) processor detected..!!..
    End Time: Sat Nov  4 08:29:22 2017
    Total Time:  seconds: 0
    --------------------------------------------------------------------

    TESTRESULTS.TXT

     

    ----------------

     

    UPDATE:

    Powered everything down, then restarted just the qotom box.  UPS wattage jumped between 0 and 16 watts.  I believe the smallest resolution is 8 watts.  So considering there's a 5400 rpm drive inside, I'd say probably upwards of 20 watts is the max it'll draw under full load.  Booting esxi and the vm's is a load but not 100% load.  I think based on the results above this thing is the real deal.

  • Good info. 
    The Genuine Intel question appears to be resolved.  I think I'll do the same thing just for practice.

    Regarding the power consumption, however, the comparison is to the Qotom mini PC running Sophos UTM directly on bare metal. 

    The number of variables of virtualized scenarios is hard to track: there are just too many settings that impact load.

    Having said that, though, one can safely say that running bare metal would be considerably less power / more efficient that via a hypervisor & vm so 20+ watts max is astonishingly good news!


    Security is a principle concern as this is a security gateway product.  The whole VM scenario for running security gateways seems suspect as people have contests to see how quickly a hacker can retrieve AN ENTIRE ESXi VM from a hypervisor without any knowledge let alone authorization from the VM administrator.   The notion of running Sophos UTM on a hypervisor has outlived its usefulness (IMHO).  Admittedly, I did it for years.  No longer.

     

    Great data, thanks!

     

    Cheers,

    ~D

  • ^^In a business environment I agree entirely.  For home use I think the risk is acceptable.

  • Well, it certainly beats a Linksys!  :-)

    Note: I updated my earlier reply... I missed the point of your post initially.  My apologies.

     

    Also, these are 4th generation processors.  Imagine when they start using 7th gen.

Reply Children
No Data