How much does it cost to run a Qualys Virtual Scanner Appliance on Amazon EC2?

Document created by Justin Lute on Oct 10, 2013Last modified by Qualys Documentation on Aug 12, 2016
Version 5Show Document
  • View in full screen mode

Qualys Virtual Scanner Appliance is available as an Amazon Machine Image (AMI) at AWS Marketplace, ready for customers to launch onto Amazon EC2-Classic and EC2-VPC.  Customers commonly ask how much it will cost them to run a Qualys scanner on EC2.

 

There are two aspects to consider:

  • Qualys costs for the virtual scanner license subscription
  • AWS costs for the computing resources to run the appliance as an EC2 Instance

 

 


Qualys Costs


You will need to acquire a Qualys license for each virtual scanner appliance Instance you would like to run.  This license is acquired from Qualys, not from AWS, and our scanner appliances are listed at AWS Marketplace with a BYOL (i.e., "bring your own license") model accordingly.

 

Each QualysGuard Virtual Scanner Appliance profile that you define in the Qualys Cloud Platform UI will consume a single virtual scanner appliance license.  If you delete a virtual scanner appliance profile from your Qualys subscription, that license is freed up and immediately available for re-use.

 

Contact your Qualys technical account manager or Qualys reseller for a pricing quotation or to request an evaluation.

 

 


AWS Costs


Each virtual scanner appliance Instance will be launched into one of your own AWS accounts.  You will be responsible for paying AWS for the costs of running the appliance.  Those costs include:

 

  • compute capacity, based upon Instance Type
  • storage
    • per-GB of provisioned storage
    • per 1 million I/O requests
  • data transfer IN/OUT

 

The compute capacity charges (i.e., CPU, RAM) are overwhelmingly the largest part of the costs to run an Instance.

 

Note that you are not required to keep your scanner appliance(s) running at all times.  Any hours during which your Instance is Stopped will incur only per-GB provisioned storage charges.  However, scanners should be turned on for at least several hours per week in order to ensure that they stay up-to-date with software and signatures.

 

See Amazon EC2 Pricing for their current rates.

 

 


Sample AWS Cost Exercise


This exercise uses AWS prices published as of 2013-10-10 for the US East Region.

 

Medium Instance Type

 

OPTION 1: On-Demand

You may run the QualysGuard Virtual Scanner Appliance as an m1.medium (general purpose) or c1.medium (compute-optimized).  m1. medium is recommended for most use cases.

 

On-demand price for a standard Linux m1.medium Instance:

$0.12 per Hour @ 8760 hours = $1,051.20/year

 

OPTION 2: Reserved

If you expect to have an EC2 Instance on much or even all of the time, you can pre-pay for a Reserved Instance to obtain a lower per-hour rate.  Reserved Instances are available in different types for Light, Medium, and Heavy Utilization use cases, with different pricing models for each.  This example uses a Heavy Utilization pricing model suitable for an Instance that would be on all of the time.

 

Reserved price for a Linux - Medium - Heavy Utilization:

$338 upfront + $0.028 per Hour @ 8760 hours = $583.28/year

 

 

Storage

The virtual scanner appliance has a ~25GB virtual disk attached to it.

 

Per-GB-month of provisioned storage:

$0.10 per-GB-month for 25GB @ 12 months = $30/year

 

Per 1 million I/O requests:

$0.10 per million @ [indeterminate quantity] = variable, but negligible

 

 

Data Transfer IN/OUT

Consider the following types of data transfer which can occur:

 

  • Management traffic (Internet)
    • OUT from appliance to QualysGuard Cloud Platform (compressed scan results)
    • IN from QualysGuard Cloud Platform to appliance (signature and software updates, scan job profiles)
  • Scanning traffic (local)
    • OUT queries from appliance to scanning targets
    • IN responses from targets to appliance

 

Considering these facts:

  • Data transfer IN from the Internet is priced at $0.00 per GB
  • Data transfer OUT to the Internet is priced variably, but no more than $0.12 per GB in any case.
  • Internal data transfer charges on EC2 within the same Availability Zone are priced at $0.00 per GB
  • Internal data transfer charges across Availability Zones are priced at $0.01 per GB

 

Given all of this, total costs for data transfer charges are variable, but neglible.

 

 


Additional Information


 

 


See Also


 

 


Update History


2013-10-11 - Minor semantic corrections

2013-10-10 - Updated with more detail

2013-10-10 - Created

 

 

~

Attachments

    Outcomes