Reference: Qualys Virtual Scanner Appliance

Document created by Justin Lute on Apr 10, 2012Last modified by Qualys Documentation on Sep 20, 2017
Version 43Show Document
  • View in full screen mode

Overview


Solution Functionality

All distributions provide full Qualys scanning functionality in support of Qualys Vulnerability Management, Policy Compliance, and Web Application Scanning.

 

Licensing

The Qualys Virtual Scanner Appliance has multiple distributions to support deployments on a variety of virtualization platforms.  However, the Qualys Virtual Scanner Appliance is sold as a single product with a single SKU.  Each purchased license entitles the user to one active Qualys Virtual Scanner Appliance.

 

The  Qualys Virtual Scanner Appliance acts as an extension of the customer's solution subscriptions on the Qualys Cloud Platform and is not a standalone solution.  Using the same license, customers are free to delete an instance of the Qualys Virtual Scanner Appliance at any time and redeploy another instance (of any distribution) in its place or in an entirely different location.

 


Available Distributions


 

See Qualys Virtual Scanner Appliance: Platform Qualification Matrix for more specific version qualification details.

 

 

Distribution Package
Target PlatformsFile / Package TypeFile Location
StandardVMware vSphere: vCenter Server, ESXi
OVA
with VMDK virtual disk format
Download from Qualys UI*
VMware Workstation, Workstation Player, Fusion
Citrix XenServer
OpenStackOpenStack Newton
OVA
with VMDK virtual disk format
Download from Qualys UI*
VMware vApp

VMware vSphere: vCenter Server

VMware vApp OVA
with VMDK virtual disk format

(see note below)

Download from Qualys UI*
Microsoft Hyper-VMicrosoft Windows ServerZIP
with VHD virtual disk format
Download from Qualys UI*

Amazon HVM Machine Image

(Pre-Authorized Scanning)

Amazon EC2-Classic, Amazon EC2-VPC

AMI

(see note below)

AWS Marketplace

How to instructions

 

Amazon HVM Machine Image

Amazon EC2-Classic, Amazon EC2 VPC

AMI

(see note below)

AWS Marketplace

How to instructions

Microsoft Azure Marketplace Image
Microsoft Azure Cloud Platform
VHD

Azure Marketplace

How to instructions

Microsoft Azure Classic Image Microsoft Azure Cloud Platform (ASM)VHDDownload from Qualys UI*
Google Compute Cloud ImageGoogle Cloud Platform

Google Compute Engine Image

Google Cloud Launcher

How to instructions

 

Notes:

VMware vApp OVA

This is a very specialized vApp package that is primarily for automatic/programmatic deployments.The Standard distribution is more appropriate for most VMware environments. The initial personalization and network configuration for bringing the scanner appliance online with the Qualys Cloud Platform is done through the VMware vCenter Server deployment/configuration workflow. No direct console access to the scanner appliance is required.

 

Amazon Machine Image (AMI)

Virtual Scanner Appliance is packaged into an AMI format and available in the Marketplace.

Qualys provides two variants:

- the Pre-Authorized AMI (scan by Instance Id) which needs no permission from AWS for scanning, and

- the regular AMI (scan by IP address) which requires permission for scanning from AWS by filling out the penetration testing form.

 

Want help with choosing the correct Amazon Machine Image?

Check out Choosing The Correct Scanner AMI (Amazon Machine Image).

 

It's easy to launch the Qualys AMI. Log in to the Qualys UI and get a personalization code, then launch the AMI into an Instance from your AWS management console - the personalization and network configuration are part of the workflow. No direct console access to the scanner appliance is required or even available.

 

* Download from Qualys UI

Log in to the Qualys UI and choose a module - either Vulnerability Management (VM) or Policy Compliance (PC) depending on our needs. Then navigate to Scans > Appliances and select New > Virtual Scanner Appliance. Choose the "Download Image Only" option, and select the distribution package you want to download.

 


Technical Details


Configurable Resources

 

Minimum resource configuration

1 x vCPU  |  1.5 GB RAM*  |  1 x 40GB virtual HDD

 

Maximum resource configuration

16 x vCPU (recommended maximum of 8)  |  16GB RAM*

 

* Reserved RAM.  If your hypervisor supports it, Qualys strongly recommends that any RAM allocated to the Qualys Scanner Appliance also be reserved.  For example, if you allocate 4GB of RAM to the Qualys Scanner Appliance virtual machine, you should also reserve a full 4GB of RAM for the virtual machine.  Failure to do so can result in excessive memory paging by the hypervisor, resulting in decreased scanner performance and responsiveness and even a system failure if the hypervisor is thrashing badly.

 


 

Networking configurations supported

 

General

  • up to 2 x vNICs (virtual network interfaces)
    • One interface in use
      • Interface 1: "LAN/WAN" interface - used for both scanning of targets and outbound connection to the Qualys Cloud Platform
    • Two interfaces in use
      • Interface 1: "LAN" interface - used for scanning of targets
      • Interface 2: "WAN" interface - used for outbound connection to the Qualys Cloud Platform
  • IPv4 address assignment: static, DHCP
  • IPv6 address assignment (LAN interface only): autoconfiguration, static
  • Proxy server - outbound to Qualys Cloud Platform
    • username/password authentication supported
  • VLAN tagging
  • Static routing
  • Supported network adapter types on ESXi servers include E1000, VMXNET2 (Enhanced) and VMXNET3

 

 

Amazon Machine Image

  • up to 2 x vNICs (virtual network interfaces)
    • One interface in use
      • Interface 1: "LAN/WAN" interface - used for both scanning of targets and outbound connection to the Qualys Cloud Platform
    • Two interfaces in use
      • Interface 1: "LAN" interface - used for scanning of targets
      • Interface 2: "WAN" interface - used for outbound connection to the Qualys Cloud Platform
  • IPv4 address assignment:
    • Amazon EC2-Classic
      • Private IP: dynamic
      • Public IP: dynamic, Elastic
    • Amazon EC2-VPC
      • Private IP: static, customer-defined DHCP
      • Public IP: none, Elastic through Internet Gateway, NAPT through NAT Instance and Internet Gateway
  • Proxy server - outbound to Qualys Cloud Platform
    • username/password authentication supported
  • Static routing
  • Not supported:
    • IPv6 address assignment
    • VLAN tagging

 

 


See Also


 

 


Update History


2013-01-02 - Updated minor details for downloading images; clarified with additional notes re:vSphere vApp distribution

2013-07-25 - Significant formatting and content updates.

2016-07-22 - Updates to distribution packages.

2017-09-20 - Updates to target platforms

 

~

Attachments

    Outcomes