View the QGS Appliance
The Activity Summary widgets provide aggregate activity information for all QGS appliances in the subscription. Active Agents and Total Agents count the number of unique agent IPs connecting through all appliances. Bandwidth Savings is calculated in cache mode.
- Status: This column shows the current status of your appliance. Appliances with a common CA certificate enabled are shown as an icon (Highlighted) on the appliance list page.
- Unique IPs: This column shows the count of unique IPs that have communicated through the QGS appliance proxy port during the last 60 minutes.
- Active Agents: This column shows the number of active agents that have communicated via the QGS appliance cache port during the last 60 minutes, with QGS and Cloud Agent configured to use Cache mode.
In Proxy mode, you’ll see only the unique IPs count on QGSUI, while in Cache mode, you’ll see the count of active agents and unique IPs on QGSUI.
To create a new appliance, click New Appliance.
Create a New Appliance
While creating a new appliance/personalization code, you can choose the appliance certificate type from the "Certificate Type" section.
Here are the four supported certificate types, along with their definitions.
| Certificate Type | Scope | Root Certificate | Use Case |
|---|---|---|---|
| Appliance | Single appliance | Unique to one appliance only | When certificate granularity at the appliance level is required. |
| Subscription | All appliances under one subscription | Shared across appliances in the subscription | When multiple appliances within the same subscription need a common certificate. |
| Global | Entire POD (Point of Delivery) | Shipped with the agent binary | When a single certificate should be valid across multiple appliances and subscriptions in a POD. |
| Customer Signed | Customer-defined | Uploaded by your organization | When organizations prefer to use their own certificate authority for communication with QGS. |
A Customer Signed certificate is signed by the customer from the Certificates tab of the QGS UI. Read more about creating Customer Signed certificates at Upload Certificates.
When you select the customer-signed certificate, you can see the below window to assign the custom certificate while generating the personalization code.
The newly created appliance status is displayed as 'Unregistered' until you complete the registration steps. Refer to Virtual Appliance Local Configuration to learn more.
A subscription-level common CA is available instead of an appliance-specific certificate on the appliance list if appliances are registered with the Subscription-based certificate option.
Appliances with a Subscription-based or Customer-Signed certificate enabled are shown as an icon, as highlighted on the appliance list page. Appliance-level certificates do not display the iconi.
If a registered appliance is accidentally deleted from the QGS UI, it cannot be registered again with a new personalization code. You need to redeploy the appliance.
Download Image of the Virtual Appliance
Download the virtualization platform image for the appliance from the given list.
To Download a Platform Image,
- Click Download dropdown
- Select Virtual Platform Image
You can select from the available list of hypervisors and download their image.
| Supported Appliance | Platform Image |
|---|---|
| Nutanix Hypervisor |  |
| VMWare Hypervisor |  |
| Microsoft Hypervisor |  |
| Cloud Environments |  |
| OpenStack Hypervisor |  |
Download Subscription-based Certificate
You can download the Subscription-based Certificate from the appliance details page or the appliance list page.
To download the Subscription-based certificate, you must create and register a new appliance with the Subscription-based certificate option enabled. After registering the appliance with a Subscription-based certificate, it takes approximately 15 to 20 minutes to generate the certificate.
After a Successful Setup and Registration, the Appliance has Active Status.
To know more about registering your appliance, refer to Virtual Appliance Local Configuration.
Identify the Appliance Certificate
The appliances registered with a certificate display different icons on the appliance list page. You can hover over the icon to know the certificate type.
There are three types of Certificates
Customer Signed - Appliances with a custom certificate uploaded by your organization.
Subscription-based - Appliances with a Qualys common certificate.
Global - Appliances with a platform (Pod-wise) certificate display the certificate.
You can also click the appliance name to view the complete details of your appliance, along with the Certificate Type associated with it.
Identify the Manifest Version
The QGS Appliance listing also displays appliance update status indicators, enhancing the visibility of appliance version compliance in the UP-TO-DATE column. These indicators help you quickly identify appliances that are not aligned with the latest deployed versions.
Conditions for Error Display
Existing Appliances:
If the manifest and image versions have not been updated for more than 7 days, despite newer versions being deployed to production.
New Appliances:
If the manifest and image versions have not been updated for more than 2 days since their initial creation.
Status Messages
"Your manifests are up-to-date."
Displayed when manifests and OS are updated.
"Your manifests are not up-to-date."
Displayed when manifest versions are outdated.
"Your OS is not up-to-date"
Displayed when the appliance OS version is outdated.
The UP-TO-DATE column displays '-' for newly deployed registered appliances, unregistered appliances, or inactive appliances. The symbol represents that the manifests have not yet been updated.
You can follow the steps laid out in Troubleshoot Manifests and Flatcar OS Updates to resolve the out-of-date versions in Manifests and Flatcar OS.
View Details and Stats of an Active Appliance
Click any of the appliance names to open its View Details screen. Here, you get the complete information on your appliance configurations.
You can click the Version value from the Identification column to view all the manifest versions.
The Performance graph shows connection counts by unique agent IP addresses over the time period selected.
Allowed Domains: This option displays your allowed domain's information.
Authorized IPs: This option displays the IPs of the agents allowed to interact with the appliance.
IPv4/IPv6 Address: This option displays which internet protocol this appliance is configured in and its address.
Appliance Health
The QGS system continually monitors your appliance for resource usage across hard disk drives (HDD), CPU, and secondary disk storage. When usage levels approach capacity limits, the system provides visual indicators to help you take proactive measures. These visual indicators can be found below the "Health" column of the Appliance lists.
If the storage utilization is within accepted range, the appliance health displays Normal. The status displays as Caution whenever any component (HDD, CPU or secondary storage) reaches or exceeds 95% utilization. Similarly, a Warning status appears when usage falls between 85% and 94% for any monitored resource. Since each component is evaluated independently (with an OR condition), even a single component exceeding these thresholds triggers the corresponding status indicator, regardless of the condition of other components.