Basic Settings in Azure CLI
To deploy the Qualys Scanner Appliance, you need to perform some basic settings from Azure CLI.
- Create Resource Group
- Create Storage Account
- Create Storage Container
- Create Virtual Network
- Copying Qualys image into your Storage Account
Creating Resource Group
We recommend you to create one resource group per location for your Qualys Virtual Scanners. Give your resource group a name that is easy to recognize and represents the group location and tell us where the group is created. Once created, the name cannot be changed.
az CLI
Example:
az group create --name resource-group-qualys-scanner --location centralus
Where name is the resource group name, and location is the location where we create the group
Help: -h, --help for output usage information
Creating Storage Account
A storage account is not mandatory for deploying Qualys Virtual Scanners, but it is highly recommended that you enable boot diagnostics to troubleshoot scanner issues.
We recommend you create at least one storage account for your Qualys Virtual Scanners.
az CLI
Example:
az storage account create --name storagequalys --resource-group resource-group-qualys-scanner --sku Standard_LRS --kind Storage --location centralus
Where name is the storage account name, resource-group is the resource group name, sku is the SKU name (Premium_LRS, Standard_GRS, Standard_LRS, Standard_RAGRS, Standard_ZRS), kind is the account kind (BlobStorage, Storage, StorageV2), location is the location
Help: -h, --help for output usage information
Creating Storage Container
You need to create a container in your storage account where qvsa images are stored.
az CLI
Example:
az storage container create --name images --account-name storagequalys --account-key "AbcdefDKBFEHMKxeelzL4fsxINIm7gPrG+dVoirJFuCVEknW9TbCXVEUDxs1Oeg+heAcosc/SiCUhAzwN0uy+2w=="
Where name is the storage container name, account-name is the storage account name, account-key is the storage account key
Help: -h, --help for output usage information
Creating Virtual Network
You may already have a virtual network set up for your Virtual Scanner. If not, create a new virtual network with 10.0.0.0/24 subnet.
az CLI
Example:
az network vnet create --name qualys-scanner-vnet --address-prefixes "10.0.0.0/24" --resource-group resource-group-qualys-scanner --location centralus
Where name is the name of the virtual network, address-prefixes is a comma-separated list of address prefixes for this virtual network, resource-group is the name of the resource group, location is the location
Help: -h, --help for output usage information
Copying Qualys Image into your Storage Account
Now you need to copy Qualys qVSA image to your storage account. The qVSA image link is provided to you by Qualys Operations.
az CLI
Example:
az storage blob copy start --source-uri "https://images.blob.core.windows.net/images/qVSA-Azure.X.X.XX-x.vhd?sr=b&sp=r&sv=YYYY-MM-DD&st=YYYY-MM-DDT18%3A48%3A39Z&sig=KC8UdRkX8XsdvG2efy5H8uIPVcdccqzWr6fiMzEMdY8%3D&se=YYYY-MM-DDT18%3A48%3A39Z" --account-name scanneraccount --account-key "Abcdefghijkl/XabePHYIyXX2qcHQ/mvghcZyvFoImSos2z87IhXUlHRSsO2k+awzUZePSqT3AbpOExAmPlE==" --destination-blob qVSA-Azure.X.X.XX-x.vhd.vhd --destination-container scanner-images
Where source-uri is the qVSA image link provided by Qualys Operations, account-name is the storage account name, account-key is the storage account key, destination-blob is the blob name, destination-container is the destination storage container name
Help: -h, --help for output usage information