Deploying Qualys Virtual Scanner Appliances in Google Compute Engine (GCE)

Document created by Hari Srinivasan Employee on Mar 11, 2017Last modified by Hari Srinivasan Employee on Mar 24, 2017
Version 9Show Document
  • View in full screen mode

Users can now scan their Google Cloud compute engine instances along with all other global elastic cloud and on-premise assets from within the Qualys Cloud Platform. Qualys Virtual Scanner Appliance (QVSA) is now available to be directly deployed from the Google Cloud Launcher to GCP - as a Compute Engine instance. 

 

Pre-requisites

  1. You require a Qualys subscription to able to complete the deploy successfully. If you are a new user, you can sign up for a free 30-day trial account.
  2. A personalization code from your Qualys subscription to register every new appliance instance.
    • Log into your Qualys portal
    • Choose the module either Vulnerability Management or Policy Compliance depending on your need
    • Under the module navigate to Scans > Appliances > select New > Virtual Scanner Appliance...
    • Choose "I have my image" > specify a name (Note: GCP expects lowercase letters, numbers, and hyphens.) 

                                          Generate Qualys Scanner Appliance Personalization Code

               For more detailed step-by-step walkthrough, refer to the section 'Generate personalization code'

 

Deploy Qualys Virtual Scanner Appliance Instance from Google Cloud Launcher

 

  1. Log into Google Cloud with your account, and navigate to launcher
  2. Search for Qualys or open up this URL
  3. Click "Launch on Compute Engine" 
    Qualys Appliance in Google Cloud Launcher
  4. Fill out the details for the virtual scanner appliance instance you will launch on compute engine
    • Deployment name, specify the same name used in Qualys while generating a personalization code.
    • Zone: Select a zone depending upon on the zone of the instances you want to scan. Recommend colocating the appliance and the compute engine instances it will perform a remote scan on. If you want scanner appliances to reach other zones, setup connectivity with appropriate network configurations.
    • Perscode: Provide the 14 digit Personalization code generated from Qualys.
    • Proxy URL:  Format  "[proxy_user:proxy_pass@]proxy_IP[:proxy_port]". Add it if you need the appliance to communicate with Qualys via SSL proxy.
    • Machine type:  It has a preset list or can be customized. For pre-set, recommended a basic type of 2 vCPUs and 7.5 GB. Note the appliance only supports up to 16 cores and 16GB memory. If you customize pick core to memory in the ratio of 1:3.5.
    • Do not change "
  5. Click "Deploy"
  6. The appliance deployment takes few to 10 minutes.  Upon completion, the VM instance will be deployed,

    Upon the creation of the virtual machine, the appliance uses the personalization code to configure itself from the Qualys platform. As a part of this step, it also checks for updates and applies it.

    You can monitor the progress of the instance creation in the GCE VM instances. In GCE, you can also check VM status graphs

gce6.png

 

The view further progress of the appliance configuration or to diagnose any issues, look at the serial output console. Click 'View Serial port' at the bottom of the VM instance.

Serial Output Link

Serial o/p log lines

Serial Output Log Success

 

From your Qualys portal, you could check for Activation. Click 'Check Activation' in the dialog where you copied the Personalization code from.

 

CheckActivationSuccessful Activation

 

If you have any issues in deploying the appliances. Check for the information in the section below.

 

 

Diagnosing Common Errors in Scanner Deployment

 

Check for errors in the output in the Serial Output console.  

 

gce7.png

If you find issues with personalization code, shut down the VM, fix Metadata PERSCODE value and start it up again. If the problem persists and the appliances are not communicating with Qualys, contact Qualys support.  Include your Qualys portal URL, username and attach the serial output logs to the support ticket.

 

 

Generating Personalization Code

  1. A personalization code from your Qualys subscription to register every new appliance instance.
    • Log into your Qualys portal
    • Choose the module either Vulnerability Management or Policy Compliance depending on your need
    • Under the module navigate to Scans > Appliances > select New > Virtual Scanner Appliance...

      Navigation
    • Choose "I have my image" > specify a name (Note: GCP expects lowercase letters, numbers, and hyphens.) 

               GeneratePersCode1PersonalizationCode

            Click 'Next' and scroll down and copy the personalization code.  
                        Generate Qualys Scanner Appliance Personalization Code

            Leave the window open and switch to your google cloud portal to Launch the appliance.  You can check for activation status in the same window after deployment.

2 people found this helpful

Attachments

    Outcomes