How to configure a virtual scanner using Microsoft Hyper-V

Document created by Qualys Documentation Employee on Jan 10, 2013Last modified by Qualys Documentation Employee on Aug 22, 2016
Version 4Show Document
  • View in full screen mode

Follow these simple steps to configure a virtual scanner appliance using Microsoft Hyper-V. Once you've successfully configured your scanner it'll be ready for scanning.

 

These instructions assume that you've 1) downloaded the virtual scanner image (qVSA-2.0.13-1-vhd.zip or later) and 2) obtained a personalization code.

 

We recommend you review these requirements. 1) The local network must be configured to allow outbound HTTPS (port 443) access to the Internet, so that the virtual scanner can communicate with the Qualys Cloud Platform. While conducting a scan the virtual scanner sends probes to the target assets (hosts and/or web applications). 2) The virtual scanner must be placed in the network in such as way that assets to be scanned are accessible to the virtual scanner.

 

Step 1: Start the virtual scanner machine

You’ll see the Virtual Scanner Console that you’ll use to configure and activate your virtual scanner.

 

Follow these steps using Windows 2008 or Windows 2008R2:

  • Unzip the download file qVSA-2.0.13-1-vhd.zip to obtain the virtual hard disk file qVSA-2.0.13-1-disk1.vhd.
  • Log in to the Hyper-V server. Go to Manager > HyperV Manager and add a new Virtual Machine.
  • Provide a name for the scanner.
  • Configure the memory. Recommended is 2048 MB or more.
  • Configure the networking as appropriate so the network adapter on the scanner can use a virtual network for communication.
  • For the the virtual hard disk configuration, select “Use an existing virtual hard disk” and provide the location of the .vhd file (obtained from the download .zip file).
  • Click Next and then Finish.

 

Step 2: Press the Right arrow to select “Personalize this scanner”

The virtual scanner will use DHCP without proxy configuration, unless you make custom settings first.

 

For custom configuration: Go to “Set up network” by pressing the Down arrow one time and then the Right arrow one time. See instructions below for help with static IP and proxy configuration. After choosing settings, use the Up/Down arrows to navigate to “Personalize this scanner” and then press the Right arrow.

 

console_welcome.png

 

Step 3: Enter your personalization code

One activation code may be used to activate one virtual scanner. After entering the code the activation process starts and the service reports the progress. Activation may take a few minutes to complete.

 

console_personalization.png

 

Step 4: Wait until activation completes

The virtual scanner attempts to make a connection to the Qualys Cloud Platform using its current configuration (network and proxy settings). Upon success, the scanner’s friendly name and IP address appear and the scanner is ready to be used for scanning. Press Enter to go to the main menu.

 

console_activation_complete.png

 


Want to customize your configuration?

If you wish to enable a static IP address, go to the main menu and select “Set up network (LAN)”, press the Right arrow to highlight “Enable static IP config on LAN” and then press the Right arrow.

 

console_lan_settings.png

 

How to enter settings: Press Up and Down arrows to select input fields. Press the Right and Left arrows to scroll within a field. When you are done, select the last item, for example “Configure static IP address on LAN?”, and type “Y” to confirm (or type “N” to cancel).

 

Additional configurations: There are additional configurations that you can choose. These may be required to successfully connect to our Cloud Security Platform.

 

Enable VLAN on LAN. Select this if you have connected the LAN interface to a 802.1q trunked port and need your virtual scanner to use VLAN tags on the LAN default network. Enter the VLAN tag number (1-4094) to use.

 

Enable WAN interface. By default the LAN interface services all network traffic. By selecting this option, all software updates and health checks are routed through the WAN interface and scanning traffic is routed through the LAN interface.

 

Enable proxy. Select this option to enter a proxy server configuration, with or without authentication (Basic or NTLM). The proxy server must allow transparent SSL tunneling.

 


Still have questions?

Check out our Scanner Appliance FAQs.

Attachments

    Outcomes