Launch Virtual Scanner Appliance in AWS GovCloud via AWS Portal

AWS GovCloud customers (US) can launch a virtual machine(VM) from the Qualys Virtual Scanner Appliance image available in AWS Marketplace via the AWS GovCloud EC2 Console. If you have access to AWS Marketplace, you need to subscribe to Qualys Virtual Scanner Appliance first and then launch a VM in either one of the available GovCloud regions: 'us-gov-west-1' or 'us-gov-east-1'

Launch Virtual Scanner Appliances in AWS GovCloud

Following are the steps to launch virtual scanner appliances in AWS GovCloud:

1. Log in to your GovCloud account. Launch an instance from the EC2 GovCloud Console: EC2->Instances > Launch and Instance.

2. In the search bar, search for 'qualys virtual scanner appliance' or 'qvsa'.

3. Click on Select.

4. Proceed with 'Subscribe with Marketplace'

   

5. Review the product’s terms and conditions. To subscribe to Qualys Virtual Scanner Appliance, choose 'Continue to Subscribe' in the upper right and complete the subscription wizard. '

   

6. If you have acess only to the GovCloud account, then you need to find, configure, and launch the product in the EC2 console.

   How to use an AMI from AWS Marketplace,depends on whether you have access to AWS Marketplace or only to GovCloud. For more information, refer to the AWS market place document.

Launch an AMI instance in the Amazon AWS

Qualys Virtual Scanners can be launched from the AWS marketplace, or a custom AMI shared with your AWS account.

You can also launch an AMI instance using the AWS Management Console:

1. Sign in to the console.
2. Go to Services > EC2, and enter AMI settings per below.

Deploy the Qualys Virtual Scanner Appliance

To Launch from the AWS Marketplace, follow these steps:

Go to Qualys Virtual Scanner Appliance page at AWS Marketplace and login to your AWS account.

AWS Marketplace: Qualys Virtual Scanner Appliance HVM

To Launch Custom AMI from AWS Console

To launch from a custom AMI that has been shared with your AWS account:

1. Login to your AWS console.
2. Go to Images - AMI – Private Images.
3. Enter ‘qVSA’ in the search box.
4. Check all Qualys virtual scanner images shared with your account:

   

5. Launch the virtual scanner AMI in a region.

6. Use the wizard to enter AMI settings. Qualys now also supports V2(token required) version. In the Advance Details section, select Metadata version accordingly. So, in the User data field, you must enter the personalization code you obtained from the Qualys user interface and optionally proxy server (if used).

Personalization Code - Enter the personalization code that you obtained from Qualys preceded by PERSCODE=

Proxy Server (Optional) - Enter Proxy Server information on a separate line from the personalization code, preceded by PROXY_URL. A proxy server is used when your scanner does not have direct connectivity to the Qualys Enterprise TruRisk™ Platform.

Enter proxy information in the format username:password@proxyhost:port If you have a domain user, the format is domain\username:password@proxyhost:port If authentication is not used, the format is proxyhost:port

where proxyhost is the IPv4 address or the FQDN of the proxy server, port is the port the proxy server is running on.

Example:

PERSCODE=12345678901234
PROXY_URL=jdoe:abc12345@10.40.1.123:3128

If you use a proxy server, ensure that you configure the Amazon EC2 API Proxy server settings in Qualys UI.
For more information, refer to Define Amazon EC2 API Proxy settings in Qualys UI.

Virtual Appliance Connecting to Qualys Enterprise TruRisk™ Platform

Once launched, Virtual Appliance connects to Qualys Enterprise TruRisk™ Platform. This step registers the Virtual Scanner Appliance with your Qualys account. Also, your appliance downloads all the latest software updates immediately and is ready for scanning.