Launching Virtual Scanner Appliance on GovCloud with Access to AWS Marketplace
To secure the AWS GovCloud, you need to follow the appropriate instructions based on your Qualys platform type.
Deploying qVSA from AWS GovCloud on SCPs with Access to Commercial Marketplace
AWS GovCloud customers (US) can launch the Qualys Virtual Scanner Appliance image, which is available in the AWS Marketplace through the AWS GovCloud EC2 Console.
Prerequisites
To launch the Qualys Virtual Scanner Appliance from the Marketplace, the following prerequisites must be met:
- Your AWS GovCloud subscription must have access to the AWS Commercial Marketplace to subscribe to the Qualys Virtual Scanner Appliance.
- You must launch the Qualys Virtual Scanner Appliance virtual machine from one of the following GovCloud regions: 'us-gov-west-1' or 'us-gov-east-1'.
If your AWS GovCloud subscription cannot access the AWS Commercial Marketplace, refer to the section on deploying the qVSA from AWS GovCloud on PCPs or SCPs without access to the AWS Commercial Marketplace.
Launch Virtual Scanner Appliances in AWS GovCloud
The following are the steps to launch virtual scanner appliances in AWS GovCloud:
-
Log in to your GovCloud account. Launch an instance from the EC2 GovCloud Console: EC2->Instances > Launch and Instance.
-
In the AMI search bar, search for qvsa in AWS Marketplace AMIs.
-
Click Select.
-
Proceed with Subscribe with Marketplace.
-
Review the product’s terms and conditions. To subscribe to Qualys Virtual Scanner Appliance, choose Continue to Subscribe in the upper right and complete the subscription wizard.
-
Use the wizard to enter AMI settings. Qualys now also supports the V2(token required) version. In the Advanced Details section, select the Metadata version accordingly.
In the User data field, you must enter the personalization code obtained from Qualys. In addition, you can configure other optional parameters.
Configuration Parameters in User Data
The following table includes the complete list of configurable parameters in user data.
Parameter
Description
Format/Example
Required
PERSCODE
Personalization code obtained from Qualys.
PERSCODE=12345678901234
Required
PROXY_URL
Proxy server details. Used when the scanner does not have direct connectivity to the Qualys Enterprise TruRisk™ Platform.
PROXY_URL=username:password@proxyhost:port
Example: PROXY_URL=jdoe:[email protected]:3128
Optional
DNS_SERVERS
Specify up to two custom DNS servers on the scanner, separated by a comma.
When configured, these DNS servers will be added at the top of the /etc/resolv.conf file. If the scanner is also configured with a DHCP lease, the DNS servers provided by the DHCP lease will be added below the custom entries.
DNS_SERVERS=dns1.example.com,dns2.example.com
Example: DNS_SERVERS=8.8.8.8,8.8.4.4
Optional
If you use a proxy server, ensure that you configure the Amazon EC2 API Proxy server settings in Qualys UI.
For more information, refer to Define Amazon EC2 API Proxy settings in Qualys UI.
Virtual Appliance Connecting to Qualys Enterprise TruRisk™ Platform
Once launched, the Virtual Appliance connects to the Qualys Enterprise TruRisk™ Platform. This step registers the Virtual Scanner Appliance with your Qualys account. Your appliance also downloads all the latest software updates immediately and is ready for scanning.