Follow these simple steps to configure a virtual scanner appliance using VMware vSphere. Qualys Virtual Scanner Appliance distribution for VMware vSphere is supported using VMware vCenter 5.5 and 6.0 and vSphere Client. Once you've successfully configured your scanner it'll be ready for scanning.
These instructions assume that you've 1) downloaded the virtual scanner image file qVSA.i386-<version>.vApp.ova (for example qVSA.i386-2.2.23-3.vApp.ova) and 2) obtained a personalization code.
We recommend you review these requirements. 1) The local network must be configured to allow outbound HTTPS (port 443) access to the Internet, so that the virtual scanner can communicate with the Qualys Cloud Platform. While conducting a scan the virtual scanner sends probes to the target assets (hosts and/or web applications). 2) The virtual scanner must be placed in the network in such as way that assets to be scanned are accessible to the virtual scanner.
Deploy OVF Template
Step 1: Install vSphere Client and log in
Step 2: Select an ESXi host in the left panel
Step 3: Go to File > Deploy OVF Template
Use the wizard to complete template sections. When you're done, power on the appliance to complete the deployment process.
|Source||Select the Virtual Scanner Image OVA file you downloaded earlier. The filename will be qVSA-<version>-vApp.ova (for example qVSA-2.0.13-1-vApp.ova).|
|OVF Template Details|
View the appliance details, including the Virtual Scanner Appliance version number.
|Name and Location||By default the name is “Qualys Virtual Scanner Appliance”. Provide a custom name if you wish, and select a location.|
|Storage||Select settings appropriate for your environment.|
|Disk Format||Select settings appropriate for your environment.|
|Network Mapping||Select destination networks for the LAN and WAN network interface that the deployed virtual scanner will use. The LAN interface services all network traffic unless the “Enable WAN Interface” property is selected. If selected, only scanning traffic is routed through this interface. The WAN interface is used to service management traffic (software updates and health checks) if the “Enable WAN Interface” property is selected.|
|Network connection||Supported network adapters on ESXi servers include E1000, VMXNET2 (Enhanced) and VMXNET3|
|IP Address Allocation||Choose the IP allocation method to be used: Fixed, Transient or DHCP. Using Fixed or Transient, the IP address and network properties are inherited from pools. Using DHCP, the local DCHP server is used for IP allocation.|
Enable WAN Interface -- By default the LAN interface services all network traffic. If the WAN interface is enabled, all software updates and health checks are routed through the WAN interface and scanning traffic is routed through the LAN interface.
Personalization Code -- A personalization code (14 digits) is required to power on and activate this virtual scanner. You received this code when you provisioned the virtual scanner using the Qualys user interface. One personalization code may be configured for one virtual scanner.
LAN IP / WAN IP -- By default DHCP mode is used for LAN and WAN interfaces. If you need static configurations, you can enter Static IP addresses for LAN and/or WAN interfaces under Properties. Leave this section blank to continue with DHCP mode. The appliance will not use the WAN IP unless the “Enable WAN Interface” property is selected.
LAN / WAN HTTP Proxy -- If your LAN or WAN networks have an HTTP proxy setup you must configure it under Properties. If your proxy requires authentication, include the credentials using this format: user:password@ip:port
LAN DEFAULT VLAN -- If you have connected the LAN interface to a 802.1q trunked port and need your virtual scanner to use VLAN tags on the LAN default network, enter the VLAN tag number (1-4094). The value 0 disables 802.1q tagging.
WINS 1 / WINS 2 -- Enter an IP address to configure a primary and secondary WINS address. This is used only if you are running Windows Internet Naming Service and the virtual scanner needs to use it for name resolution.
|Ready to Complete||Select “Power on after deployment” and then click Finish.|
Power on the appliance
Once you power on the virtual scanner appliance, the Qualys service completes the deployment process.
It may take a few minutes for this deployment to finish. The virtual scanner attempts to make a connection to the Qualys platform using its current configuration (network and proxy settings).
We recommend you take these steps to check the appliance status within VMware vCenter:
Step 1: Select the virtual scanner machine in the left panel
The virtual scanner will be listed under the ESXi host where you deployed the virtual scanner.
Step 2: Go to the Console tab
You’ll see system messages within the console during the the startup and activation process. You’ll see the friendly name and IP address after the appliance successfully connected to the Qualys Cloud Platform. This also means the virtual scanner is ready to be used for scanning. If a network error appears, you need to troubleshoot the issue at this time.
Step 3: Check the network settings
Press Enter to display to the main menu. (Tip: Use the Up and Down arrows to navigate the menu.) Press the Right arrow to display the network settings configured for the virtual scanner. Press the Left arrow to return to the main menu.
Still have questions?
Check out our Scanner Appliance FAQs.