Scanning in Microsoft Azure using Resource Manager (ARM)

Document created by George Akimov Employee on Jul 1, 2016Last modified by George Akimov Employee on Jun 8, 2017
Version 6Show Document
  • View in full screen mode

This document describes briefly how to deploy the Qualys Virtual Scanner Appliance using Microsoft Azure Resource Manager (ARM). This scanner, once deployed, will function as a standard Virtual Scanner and can scan based on IP address or CIDR block. Want to learn more about Microsoft Azure? Check out the Azure Support page.

 

We'll help you with these steps:

Create Resource Group

Create Storage Account

Create Virtual Network

Create Your Qualys Virtual Scanner

How do I know my scanner is ready to use?

Troubleshooting

 


 

Create Resource Group

We recommend you create one resource group per location for your Qualys virtual scanners. Give your resource group a name that will be easy to recognize and represents the group location. Once created, the name cannot be changed.

 

arm1.png

 

Create Storage Account

If you don't already have a storage account for your Qualys virtual scanners you'll need to create one at this time. 1) Give the storage account a name following Microsoft Azure guidelines. The name cannot be changed later. 2) Choose the deployment model "Resource manager". 3) Choose "Use existing" for the resource group, and select the group created in the previous step. Other recommended settings are shown in the image below.

 

arm2.png

 

Create Virtual Network

You may already have a virtual network set up for your Qualys virtual scanners. If not, create a new virtual network. 1) Give your network a name. We recommend including the location in the name so you know where the network is. 2) Choose "Use existing" for the resource group, and select the group created in the first step.

 

arm3.png

 

Create Your Qualys Virtual Scanner

Prior to deploying the Qualys Virtual Scanner in Azure, you must first create a virtual scanner in the Qualys Cloud Platform, assign it a distinct scanner name and record the exact personalization code.

 

Find and select Qualys Virtual Scanner Appliance in the Marketplace.

 

arm4.png

 

Review the requirements on the screen. When you're ready to proceed, click Create to set up your virtual scanner.

 

arm5.png

 

Make these settings: 1) Give the virtual scanner a name. This is the name that will appear in the Virtual machines list in Microsoft Azure. Tip - Use the scanner name assigned to the virtual scanner in Qualys for easy identification. 2) The User name is your personalization code, retrieved from the Qualys platform, with a 'u' prepended: “u2009XXXXXXXXXX”. 3) Choose "Use existing" for the resource group, and select the group created in the first step.

 

Notes:

- Since Qualys Virtual Scanner is a locked-down Linux appliance, managed completely from the Qualys Cloud Platform, Azure username, password and SSH public key are not used for any kind of authentication but rather as a mechanism to pass configuration information from Azure Cloud to the appliance.

- Azure passwords should not contain these 2 special characters:  ":" and "@". 

- Passwords that look like "proxy://[user:password@]IP[:port]" URLs could be used to configure Qualys Scanner to use SSL proxy for all outbound communication with the Qualys Cloud Platform.

 

screen1.png

 

Choose a size for your virtual scanner - up to 16 cores and no more than 16 GB. We recommend a ratio of 3-4 GB of memory per core. Other storage settings like number of data disks, max IOPS, load balancing, etc can be ignored and should not factor into your decision. For instance, the disk options will not have a significant impact on the performance of your scanner.

 

arm7.png

 

Be careful to choose the correct storage account and the network created in the previous steps for your Qualys virtual scanners. We do not use Azure extensions or availability sets.

 

arm8.png

 

Confirm your virtual scanner settings and hit OK.

 

screen2.png

 

Review the Offer details and hit Purchase. Your virtual scanner will appear on the Virtual machines list in Microsoft Azure.

 

arm11.png

 

The Qualys Virtual Scanner Appliance will appear on your Microsoft Azure Dashboard.

 

arm10.png

 

Your scanner will update and connect to the Qualys Cloud Platform.  This process may take some time, depending on location. Once connected, you'll be able to use your Azure scanner from the Qualys Cloud Platform as you would any virtual scanner appliance.

 

How do I know my scanner is ready to use?

Check your virtual scanner status in Qualys. Go to Scans > Appliances, and find your scanner in the list. Tip - It can take several minutes for the Qualys user interface to get updated after you add a new appliance. Please refresh your browser periodically to ensure that you are seeing the most up to date details.

 

appliance_list.png

 

ico_connected.jpgtells you your virtual scanner is ready. Now you can start internal scans! (Next to this, you’ll see the busy icon is greyed out until you launch a scan using this scanner).

 

Troubleshooting

Enable boot diagnostics to troubleshoot issues with your scanner. Diagnostics will include log output from the scanner. It's easy to do. Set Status to On, select the storage account created for your Qualys scanners, select the Boot diagnostics check box, and hit Save (appears above the settings).

 

arm12.png

 

Check out these sample diagnostics.

 

sample_boot_diagnostics.png

 

Looking for more help?

Check out our Help Center

Attachments

    Outcomes