Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2508
Views
5
Helpful
1
Replies

Cisco ironport replacement / upgrade

Bryan Hance
Level 1
Level 1

‎11-05-2021 04:55 PM

Hello all,

 

We're phasing out our two Cisco Ironport C170's due to End of life status and upgradability on the hardware.

 

We've been extremely happy with them, and they sit in our colo in front of a couple of on-prem mail servers. They've been great.

 

It's been nice having these running as separate hardware, as clustered systems because we can always take one down, blow one up and RMA it, run upgrades etc. without any email downtime. Having physical hardware we can get our hands on and deal with ourselves is also a plus, instead of say being at the mercy of a third party provider / their support staff.

 

I'm faced with three replacement decisions here and wanted to hit the community up for advice, specifically with respect to

 

- any finicky 'gotchas' with specific options (like VM versions)

- pricing/licensing 'gotchas' with hosted versions / Cisco CES versions

- availability of potential hardware procurement 

 

Option 1) replace these with on-prem Ironports as VMs in our own VM stack

 

There are some reasons I'm against this, mainly some networking bugs I've seen in discussion threads with the VM versions of Ironports. I also like having the Ironports 100% separate than our regular server environment for uptime and maintenance reasons. If anything failed in the server environs, the ironports always stayed alive ... with these as VMs, this would not be the case.

 

 

Option 2) Go to Cisco CES / Cisco Secure Email / whatever their current name for it is

As I understand it this is basically "run ESA VM, but in Cisco's cloud" but the premise is the same: you get an Ironport GUI and that Ironport is yours, you're just running through Cisco infrastructure instead of your own on-prem infrastructure. I have a lot of concerns about this option, mainly

a) cost: I'm assuming this is more expensive than running an on prem device + licensing. Need to nail this down and hear from others about this.

b) uptime: I'd like to hear how people's actual experiences with uptime/outages has been. What is the real world reliability? etc.

c) support: same as above, i.e. how is the support for the CES version? Is this yet another expensive add on? etc.

d) Management overhead of dealing with A Hosted Thing in a Cisco Environment as opposed to just running an appliance that you own.

 

Option 3) Just replace the C170s we have with a more modern hardware equivalent, perhaps a C190.

 

As I understand it though the C190 is End of Sale and will be end of support 2024 so this only buys me another 3 years.

 

Thoughts/advice/pointers? Anything I have missed?

Labels:
1 Reply 1

Ken Stieers
VIP
VIP

‎11-06-2021 08:24 AM

>>- any finicky 'gotchas' with specific options (like VM versions)

I haven't run into any, and we have run on "unsupported" (newer) vmware versions just fine.


>>Option 1) replace these with on-prem Ironports as VMs in our own VM stack.

>>There are some reasons I'm against this, mainly some networking bugs I've seen in discussion threads with the VM versions of Ironports. I also like having the Ironports 100% separate than our regular server environment for uptime and maintenance reasons. If anything failed in the server environs, the ironports always stayed alive ... with these as VMs, this would not be the case.


I've not run into any networking bugs, but our infrastructure is pretty vanilla.

But if you're having uptime concerns about your VM infrastructure you're doing it wrong and maybe none of your servers should be in that environment? If you don't trust your current VMware infrastructure, what the heck is the point???


>>Option 2) Go to Cisco CES / Cisco Secure Email / whatever their current name for it is

>>As I understand it this is basically "run ESA VM, but in Cisco's cloud" but the premise is the same: you get an Ironport GUI and that Ironport is yours, you're just running through Cisco infrastructure instead of your own on-prem infrastructure. I have a lot of concerns about this option, mainly

>>a) cost: I'm assuming this is more expensive than running an on prem device + licensing. Need to nail this down and hear from others about this.

>>b) uptime: I'd like to hear how people's actual experiences with uptime/outages has been. What is the real world reliability?

>>c) support: same as above, i.e. how is the support for the CES version? Is this yet another expensive add on? etc.

>>d) Management overhead of dealing with A Hosted Thing in a Cisco Environment as opposed to just running an appliance that you own.

You actually get at least 2 ESAs and an SMA. So if you don't have an SMA now there is where some perceived extra cost might be.

>>Option 3) Just replace the C170s we have with a more modern hardware equivalent, perhaps a C190.

C195 is available.

https://www.cisco.com/c/en/us/products/collateral/security/cloud-email-security/datasheet-c78-742868.html


>>Thoughts/advice/pointers? Anything I have missed

You could also buy a couple of boxes, put ESXi on them and run the a VM on each one...


0 Helpful
Customers Also Viewed These Support Documents