Reference: Qualys Virtual Scanner Appliance

Document created by Justin Lute on Apr 10, 2012Last modified by Qualys Documentation on Aug 15, 2016
Version 34Show Document
  • View in full screen mode

Overview


Solution Functionality

All distributions provide full Qualys scanning functionality in support of Qualys Vulnerability Management, Policy Compliance, and Web Application Scanning.

 

Licensing

The Qualys Virtual Scanner Appliance has multiple distributions to support deployments on a variety of virtualization platforms.  However, the Qualys Virtual Scanner Appliance is sold as a single product with a single SKU.  Each purchased license entitles the user to one active Qualys Virtual Scanner Appliance.

 

The  Qualys Virtual Scanner Appliance acts as an extension of the customer's solution subscriptions on the Qualys Cloud Platform and is not a standalone solution.  Using the same license, customers are free to delete an instance of the Qualys Virtual Scanner Appliance at any time and redeploy another instance (of any distribution) in its place or in an entirely different location.

 


Available Distributions


 

See Qualys Virtual Scanner Appliance: Platform Qualification Matrix for more specific version qualification details.

 

 

Distribution Package
Target PlatformsFile / Package TypeFile Location
StandardVMware vSphere: vCenter Server, ESXi
OVA
with VMDK virtual disk format
Download from Qualys UI
VMware Workstation, Player, Workstation Player, Fusion
Oracle VM VirtualBox
Citrix XenServer
OpenStackOpenStackOVA
with VMDK virtual disk format
Download from Qualys UI
VMware vApp

VMware vSphere: vCenter Server

VMware vApp OVA
with VMDK virtual disk format

(see note below)

Download from Qualys UI
Microsoft Hyper-VMicrosoft Windows ServerZIP
with VHD virtual disk format
Download from Qualys UI

Amazon HVM Machine Image

(Pre-Authorized Scanning)

Amazon EC2-Classic, Amazon EC2-VPC

AMI

(see note below)

AWS Marketplace

Amazon HVM Machine ImageAmazon EC2-Classic, Amazon EC2 VPC

AMI

(see note below)

AWS Marketplace

Microsoft Azure Marketplace Image
Microsoft Azure Cloud Platform
VHD Azure Marketplace
Microsoft Azure Classic Image Microsoft Azure Cloud Platform (ASM)VHDDownload from Qualys UI
Google Compute Cloud ImageGoogle Cloud Platform

TAR.GZ

with raw format

Download from Qualys UI

 

Notes:

VMware vApp OVA - This is a very specialized vApp package that is primarily for automatic/programmatic deployments. The Standard distribution is more appropriate for most VMware environments. The initial personalization and network configuration for bringing the scanner appliance online with the Qualys Cloud Platform is done through the VMware vCenter Server deployment/configuration workflow.  No direct console access to the scanner appliance is required.

 

Amazon Machine Image (AMI) - The initial personalization and network configuration for bringing the scanner appliance online with the Qualys Cloud Platform is done through the Instance Launch workflow in the AWS Management Console. No direct console access to the scanner appliance is required or even available. AWS prohibits Small and Micro Instance Types from participating in vulnerability scanning (as source or target). Provision scanner as m1.medium Instance Type or greater.

 

 


Technical Details


Configurable Resources

 

Minimum resource configuration

1 x vCPU  |  1.5 GB RAM*  |  1 x 40GB virtual HDD

 

Maximum resource configuration

16 x vCPU (recommended maximum of 8)  |  16GB RAM*

 

* Reserved RAM.  If your hypervisor supports it, Qualys strongly recommends that any RAM allocated to the Qualys Scanner Appliance also be reserved.  For example, if you allocate 4GB of RAM to the Qualys Scanner Appliance virtual machine, you should also reserve a full 4GB of RAM for the virtual machine.  Failure to do so can result in excessive memory paging by the hypervisor, resulting in decreased scanner performance and responsiveness and even a system failure if the hypervisor is thrashing badly.

 


 

Networking configurations supported

 

General

  • up to 2 x vNICs (virtual network interfaces)
    • One interface in use
      • Interface 1: "LAN/WAN" interface - used for both scanning of targets and outbound connection to the Qualys Cloud Platform
    • Two interfaces in use
      • Interface 1: "LAN" interface - used for scanning of targets
      • Interface 2: "WAN" interface - used for outbound connection to the Qualys Cloud Platform
  • IPv4 address assignment: static, DHCP
  • IPv6 address assignment (LAN interface only): autoconfiguration, static
  • Proxy server - outbound to Qualys Cloud Platform
    • username/password authentication supported
  • VLAN tagging
  • Static routing

 

 

Amazon Machine Image

  • up to 2 x vNICs (virtual network interfaces)
    • One interface in use
      • Interface 1: "LAN/WAN" interface - used for both scanning of targets and outbound connection to the Qualys Cloud Platform
    • Two interfaces in use
      • Interface 1: "LAN" interface - used for scanning of targets
      • Interface 2: "WAN" interface - used for outbound connection to the Qualys Cloud Platform
  • IPv4 address assignment:
    • Amazon EC2-Classic
      • Private IP: dynamic
      • Public IP: dynamic, Elastic
    • Amazon EC2-VPC
      • Private IP: static, customer-defined DHCP
      • Public IP: none, Elastic through Internet Gateway, NAPT through NAT Instance and Internet Gateway
  • Proxy server - outbound to Qualys Cloud Platform
    • username/password authentication supported
  • Static routing
  • Not supported:
    • IPv6 address assignment
    • VLAN tagging

 

 


See Also


 

 


Update History


2013-01-02 - Updated minor details for downloading images; clarified with additional notes re:vSphere vApp distribution

2013-07-25 - Significant formatting and content updates.

2016-07-22 - Updates to distribution packages.

 

~

Attachments

    Outcomes