1. home icon for breadcrumbs >
  2. Deploying Sensors >
  3. Deploying Scanners in Azure Platform >
  4. Deploying Qualys Scanner Appliance >
  5. Scanner Configuration in Azure using Resource Manager Templates

Scanner Configuration in Azure using Resource Manager Templates

This section walks you through deploying a Qualys Scanner from the Azure Marketplace using the Azure CLI and Resource Manager templates.

Your template can be a local file on your machine or an external file accessible through a URL.

To get started, you need to download the Azure Resource Manager deployment template and parameters file from the Azure portal UI. 

You can find the latest Qualys Virtual Scanner offering in the marketplace by following the instructions in the Deploy Qualys Scanner from Azure Portal section, and you can set up the scanner for deployment.

On the Review + Create page, click Download a template for automation instead of Create.
Downloaded file is in .zip format.

Deploy Your Qualys Scanner using Azure CLI

Use the Azure CLI command to query for the latest version of the Qualys Virtual Scanner Appliance image in the marketplace by using the following Azure CLI command:

az vm image list --publisher qualysguard --sku qvsa --all --query '[-1]' --output table

  1. Unzip the template zip file on your machine with Azure CLI installed.
  2.  Modify the parameters.json file as needed.

    • When deploying a virtual machine (VM) on Azure, it is mandatory to include 'adminUsername' and 'adminPublicKey' (or 'adminPassword') keys. However, when using the Azure Portal UI workflow to download the 'parameters.json' file, it may not include any value for 'adminPublicKey' or 'adminPassword', resulting in a null value. For successful deployment, you can specify any random public key or password for the entry, but note that the Qualys Virtual Scanner Appliance does not have ssh enabled and will ignore the public key or password setting upon deployment. 

    • In the parameters.json file, ensure 'userData' key is base64-encoded.
      userData is where you will configure PERSCODE and optional PROXY_URL configuration. 

    Before encoding, the format should be:

    PERSCODE=[14-digit Personalization Code obtained from Qualys]

    PROXY_URL=[user]:[password]@[host]:[port]

    Example (before encoding):

    PERSCODE=21012345678901

    PROXY_URL=user:pass@10.10.10.100:443

    Optional proxy configuration takes the following formats:

    <host>:<port> (No auth proxy)<user>:<password>@<host>:<port> (Auth proxy)

    <domain\user>:<password>@<host>:<port> (Auth proxy with domain user)

    Example (after encoding):

    "userData":

          {   "value": "UEVSU0NPREU9NzA2MTIzNDU2Nzg5MDEKUFJPWFlfVVJMPXVzZXI6cGFzc3dvcmRAcHJv eHlob3N0LnF1YWx5cy5jb206NDQz" }

    To learn more about Azure templates, visit Microsoft Documentation on Azure Resource Manager Templates

  3. Run the Azure CLI command to deploy the scanner:
    az deployment group create --resource-group [resource group name] --template-file [path to template.json] --parameters [path to templates.json]

    Example:
    az deployment group create --resource-group myResourceGroup --template-file template.json --parameters parameters.json

© 2024 Qualys, Inc. All rights reserved. Privacy Policy.