Skip navigation
Currently Being Moderated

Reference: QualysGuard Virtual Scanner Appliance

Created by Justin Lute on Apr 10, 2012 12:39 PM - Last modified by Justin Lute on Jan 13, 2014 7:14 AM

Overview


Solution Functionality

All distributions provide full QualysGuard scanning functionality in support of QualysGuard Vulnerability Management, Policy Compliance, and Web Application Scanning.

 

Licensing

The QualysGuard Virtual Scanner Appliance has multiple distributions to support deployments on a variety of virtualization platforms.  However, the QualysGuard Virtual Scanner Appliance is sold as a single product with a single SKU.  Each purchased license entitles the user to one active QualysGuard Virtual Scanner Appliance.

 

The  QualysGuard Virtual Scanner Appliance acts as an extension of the customer's solution subscriptions on the QualysGuard Cloud Platform and is not a standalone solution.  Using the same license, customers are free to delete an instance of the QualysGuard Virtual Scanner Appliance at any time and redeploy another instance (of any distribution) in its place or in an entirely different location.

 

 


Technical Details


Configurable Resources

 

Minimum resource configuration

1 x vCPU  |  1.5 GB RAM*  |  1 x 40GB virtual HDD

 

Maximum resource configuration

32 x vCPU (recommended maximum of 8)  |  64GB RAM*

 

* Reserved RAM.  If your hypervisor supports it, Qualys strongly recommends that any RAM allocated to the QualysGuard Scanner Appliance also be reserved.  For example, if you allocate 4GB of RAM to the QualysGuard Scanner Appliance virtual machine, you should also reserve a full 4GB of RAM for the virtual machine.  Failure to do so can result in excessive memory paging by the hypervisor, resulting in decreased scanner performance and responsiveness and even a system failure if the hypervisor is thrashing badly.

 


 

Networking configurations supported

 

General

  • up to 2 x vNICs (virtual network interfaces)
    • One interface in use
      • Interface 1: "LAN/WAN" interface - used for both scanning of targets and outbound connection to the QualysGuard Cloud Platform
    • Two interfaces in use
      • Interface 1: "LAN" interface - used for scanning of targets
      • Interface 2: "WAN" interface - used for outbound connection to the QualysGuard Cloud Platform
  • IPv4 address assignment: static, DHCP
  • IPv6 address assignment (LAN interface only): autoconfiguration, static
  • Proxy server - outbound to QualysGuard Cloud Platform
    • username/password authentication supported
  • VLAN tagging
  • Static routing

 

 

Amazon Machine Image

  • up to 2 x vNICs (virtual network interfaces)
    • One interface in use
      • Interface 1: "LAN/WAN" interface - used for both scanning of targets and outbound connection to the QualysGuard Cloud Platform
    • Two interfaces in use
      • Interface 1: "LAN" interface - used for scanning of targets
      • Interface 2: "WAN" interface - used for outbound connection to the QualysGuard Cloud Platform
  • IPv4 address assignment:
    • Amazon EC2-Classic
      • Private IP: dynamic
      • Public IP: dynamic, Elastic
    • Amazon EC2-VPC
      • Private IP: static, customer-defined DHCP
      • Public IP: none, Elastic through Internet Gateway, NAPT through NAT Instance and Internet Gateway
  • Proxy server - outbound to QualysGuard Cloud Platform
    • username/password authentication supported
  • Static routing
  • Not supported:
    • IPv6 address assignment
    • VLAN tagging

 

 


Available Distributions


 

See QualysGuard Virtual Scanner Appliance: Platform Qualification Matrix for more specific version qualification details.


 

Distribution PackageTarget PlatformsTarget platformsNotes
Standard

* VMware vCenter Server
* VMware ESXi; ESX
* VMware Workstation; Player; Fusion
* Oracle VM VirtualBox
* Citrix XenServer

OVA

(w/ VMDK virtual disk format)


VMDK

* older VMware platforms lacking support for OVA and OVF formats

 

* miscellaneous platforms

ZIP
(w/ VMware VMX file + VMDK virtual disk format)

This  distribution exists to provide maximum deployment flexibility to those  customers running older versions of VMware which do not support the  OVF/OVA standard or who wish to attempt conversions and deployments onto  other virtualization platforms.  Note: Where needed, extract the VMDK and convert to the virtual disk format of your choosing.

Microsoft Hyper-V

* Microsoft Windows 2008 R2, Windows 2008, Windows 2012, Windows 8

ZIP
(w/ VHD virtual disk format)

Amazon Machine Image
(Pre-Authorized Scanning)

* Amazon EC2-Classic, EC2-VPC

AMI
(Not a download. Published at AWS Marketplace)

The  initial personalization and network configuration for bringing the  scanner appliance online with the QualysGuard Cloud Platform is done  through the Instance Launch workflow in the AWS Management Console.  No  direct console access to the scanner appliance is required or even  available.

 

AWS  prohibits Small and Micro Instance Types from participating in  vulnerability scanning (as source or target).  Provision scanner as m1.medium Instance Type or greater.

Amazon Machine Image

* Amazon EC2-Classic, EC2-VPC

AMI
(Not a download. Published at AWS Marketplace)
VMware vApp

* VMware vCenter

* VMware vCloud

VMware vApp OVA
(w/ VMDK virtual disk format)

Note: This is a very specialized vApp package. It must be deployed through VMware vCenter Server or vCloud Director. The IP Poolsfeature must be configured and enabled in VMware--this is not a common configuration. Confirm compatibility with your virtualization admin before proceeding with this distribution. The Standard distribution is more appropriate for most VMware environments.

 

The  initial personalization and network configuration for bringing the  scanner appliance online with the QualysGuard Cloud Platform is done  through the VMware vCenter Server deployment/configuration workflow.  No  direct console access to the scanner appliance is required.

OVF 0.9* VMWare ESX/ESXi 3.5ZIP
(w/ OVF 0.9 package including VMDK virtual disk format)

 

 

 


See Also


 



Update History


2013-01-02 - Updated minor details for downloading images; clarified with additional notes re:vSphere vApp distribution

2013-07-25 - Significant formatting and content updates.

 

~