Reference: Qualys Virtual Scanner Appliance

Version 34

    Overview


    Solution Functionality

    All distributions provide full Qualys scanning functionality in support of Qualys Vulnerability Management, Policy Compliance, and Web Application Scanning.

     

    Licensing

    The Qualys Virtual Scanner Appliance has multiple distributions to support deployments on a variety of virtualization platforms.  However, the Qualys Virtual Scanner Appliance is sold as a single product with a single SKU.  Each purchased license entitles the user to one active Qualys Virtual Scanner Appliance.

     

    The  Qualys Virtual Scanner Appliance acts as an extension of the customer's solution subscriptions on the Qualys Cloud Platform and is not a standalone solution.  Using the same license, customers are free to delete an instance of the Qualys Virtual Scanner Appliance at any time and redeploy another instance (of any distribution) in its place or in an entirely different location.

     


    Available Distributions


     

    See Qualys Virtual Scanner Appliance: Platform Qualification Matrix for more specific version qualification details.

     

     

    Distribution Package
    Target PlatformsFile / Package TypeFile Location
    StandardVMware vSphere: vCenter Server, ESXi
    OVA
    with VMDK virtual disk format
    Download from Qualys UI
    VMware Workstation, Player, Workstation Player, Fusion
    Oracle VM VirtualBox
    Citrix XenServer
    OpenStackOpenStackOVA
    with VMDK virtual disk format
    Download from Qualys UI
    VMware vApp

    VMware vSphere: vCenter Server

    VMware vApp OVA
    with VMDK virtual disk format

    (see note below)

    Download from Qualys UI
    Microsoft Hyper-VMicrosoft Windows ServerZIP
    with VHD virtual disk format
    Download from Qualys UI

    Amazon HVM Machine Image

    (Pre-Authorized Scanning)

    Amazon EC2-Classic, Amazon EC2-VPC

    AMI

    (see note below)

    AWS Marketplace

    Amazon HVM Machine ImageAmazon EC2-Classic, Amazon EC2 VPC

    AMI

    (see note below)

    AWS Marketplace

    Microsoft Azure Marketplace Image
    Microsoft Azure Cloud Platform
    VHD Azure Marketplace
    Microsoft Azure Classic Image Microsoft Azure Cloud Platform (ASM)VHDDownload from Qualys UI
    Google Compute Cloud ImageGoogle Cloud Platform

    TAR.GZ

    with raw format

    Download from Qualys UI

     

    Notes:

    VMware vApp OVA - This is a very specialized vApp package that is primarily for automatic/programmatic deployments. The Standard distribution is more appropriate for most VMware environments. The initial personalization and network configuration for bringing the scanner appliance online with the Qualys Cloud Platform is done through the VMware vCenter Server deployment/configuration workflow.  No direct console access to the scanner appliance is required.

     

    Amazon Machine Image (AMI) - The initial personalization and network configuration for bringing the scanner appliance online with the Qualys Cloud Platform is done through the Instance Launch workflow in the AWS Management Console. No direct console access to the scanner appliance is required or even available. AWS prohibits Small and Micro Instance Types from participating in vulnerability scanning (as source or target). Provision scanner as m1.medium Instance Type or greater.

     

     


    Technical Details


    Configurable Resources

     

    Minimum resource configuration

    1 x vCPU  |  1.5 GB RAM*  |  1 x 40GB virtual HDD

     

    Maximum resource configuration

    16 x vCPU (recommended maximum of 8)  |  16GB RAM*

     

    * Reserved RAM.  If your hypervisor supports it, Qualys strongly recommends that any RAM allocated to the Qualys Scanner Appliance also be reserved.  For example, if you allocate 4GB of RAM to the Qualys Scanner Appliance virtual machine, you should also reserve a full 4GB of RAM for the virtual machine.  Failure to do so can result in excessive memory paging by the hypervisor, resulting in decreased scanner performance and responsiveness and even a system failure if the hypervisor is thrashing badly.

     


     

    Networking configurations supported

     

    General

    • up to 2 x vNICs (virtual network interfaces)
      • One interface in use
        • Interface 1: "LAN/WAN" interface - used for both scanning of targets and outbound connection to the Qualys Cloud Platform
      • Two interfaces in use
        • Interface 1: "LAN" interface - used for scanning of targets
        • Interface 2: "WAN" interface - used for outbound connection to the Qualys Cloud Platform
    • IPv4 address assignment: static, DHCP
    • IPv6 address assignment (LAN interface only): autoconfiguration, static
    • Proxy server - outbound to Qualys Cloud Platform
      • username/password authentication supported
    • VLAN tagging
    • Static routing

     

     

    Amazon Machine Image

    • up to 2 x vNICs (virtual network interfaces)
      • One interface in use
        • Interface 1: "LAN/WAN" interface - used for both scanning of targets and outbound connection to the Qualys Cloud Platform
      • Two interfaces in use
        • Interface 1: "LAN" interface - used for scanning of targets
        • Interface 2: "WAN" interface - used for outbound connection to the Qualys Cloud Platform
    • IPv4 address assignment:
      • Amazon EC2-Classic
        • Private IP: dynamic
        • Public IP: dynamic, Elastic
      • Amazon EC2-VPC
        • Private IP: static, customer-defined DHCP
        • Public IP: none, Elastic through Internet Gateway, NAPT through NAT Instance and Internet Gateway
    • Proxy server - outbound to Qualys Cloud Platform
      • username/password authentication supported
    • Static routing
    • Not supported:
      • IPv6 address assignment
      • VLAN tagging

     

     


    See Also


     

     


    Update History


    2013-01-02 - Updated minor details for downloading images; clarified with additional notes re:vSphere vApp distribution

    2013-07-25 - Significant formatting and content updates.

    2016-07-22 - Updates to distribution packages.

     

    ~