Skip to content

Nutanix AHV

Deploy the Sophos Remote Testing Appliance (RTA) as a virtual machine on a Nutanix AHV cluster. We provide the appliance as two QCOW2 disk images — a root disk and a small cidata seed disk — that you upload to your cluster's Image Service, then create a UEFI VM with both disks attached.

How delivery works on Nutanix

You receive the following from your engagement lead:

Item What it is
QCOW2 archive (or two URLs/files) A ZIP containing two QCOW2 disks — the appliance root disk and a small cidata seed disk — or direct-download URLs for each. Provided by your engagement lead.

The image is customized for your engagement before you receive it. The cidata seed disk carries the appliance's identity and credentials, so once you attach both disks the appliance boots already registered and connects to the Sophos headend automatically — there is no activation step, and the console shows a live status and troubleshooting dashboard. Nutanix AHV's Image Service accepts QCOW2 natively — no conversion required.

Upload and attach BOTH disks

The RTA needs both the root disk and the cidata seed disk. Upload both to the Image Service and attach both to the VM — the root disk as the boot disk (SCSI 0) and the cidata disk as a second disk. Without the cidata disk the appliance has no engagement identity and will not register.

Requirements

Resource Minimum Recommended
vCPU 2 4 or more
Memory 4 GB 8 GB or more
Boot disk 40 GB 40 GB
Firmware UEFI (required)
Secure Boot Disabled (required)
Networking L2 access to target network; outbound internet Dedicated engagement VLAN

UEFI is required — Nutanix defaults to Legacy BIOS

Nutanix AHV creates new VMs with Legacy BIOS by default. This image will not boot on Legacy BIOS — it uses a GPT disk with an EFI System Partition. You must explicitly enable UEFI firmware (uefi_boot=true in acli, or the UEFI boot option in the Prism VM wizard) every time you create a new RTA VM.

Secure Boot must be off

Secure Boot requires the Q35 machine type and a signed bootloader. The RTA bootloader is unsigned. Leave Secure Boot disabled (the default when you enable UEFI without explicitly enabling Secure Boot).

Choose a deployment method

  • Prism GUI

    Upload both QCOW2 disks and create the VM with both attached entirely through the Prism Element or Prism Central web console — no command line required.

  • acli (Command Line)

    Use acli on the CVM (or via SSH) to import both disks and provision the VM in a single scripted sequence.