Cloud Agent Configuration

Refer to the Cloud Agent Install Guide to know more about each supported operating system for the appropriate proxy configuration and certificate installation instructions.

Configure Cloud Agents to use the IP or DNS name of the QGS as the agent’s proxy is similar to any other proxy server configuration.

For Cloud Agent for Windows v3.1, or higher / Cloud Agent for Linux, AIX & Mac v2.5, or higher:

  • Cloud Agent supports up to five (5) proxy servers or QGS appliances (semi-colon separated) and uses them for connection in the order defined.
  • If the agent can't connect to the proxy server, the agent tries to connect to the next one in the defined list.
  • Once all listed proxy servers or wQGS appliances have been tried, Cloud Agent falls back to attempting a direct connection, if this is supported by network routing and firewalls.
  • Proxy server or QGS appliances can be aliased using DNS aliases or abstracted via Network Load Balancer Virtual FQDNs/IPs.
  • If using QGS appliance(s) behind one or more load balancers, define a compound keepalive configuration that is checking the availability of both QGS proxy + cache ports, periodically, in each case, and marking any QGS appliance that fails the keepalive check as unavailable.
  • QGS appliances can be nested to provide two layers of proxy communication:

The QGS immediately upstream from the Cloud Agent connection can be in Proxy, Cache, or Patch mode.

The second QGS layer must be in Proxy mode only.

The second QGS layer sizing must anticipate the overall number of agent communications that need to navigate this second layer and connect to the platform.

In Patch Mode, QGS behaves as an open proxy, with no content or category filtering, so there should always be a general-purpose proxy server, suitable for internet browsing, with the appropriate filters, upstream from QGS.

A Minimum 16GB of RAM is recommended for CAMS/QGS appliances. A total of 2000 concurrent cloud agent requests are supported by a QGS appliance. In case of more than 2000 agents communicating simultaneously, customers should deploy a new appliance instead of increasing RAM on the existing appliance.

Cloud Agent Cache Mode and Patch Mode Configuration

Cloud Agents deployed in Cache and Patch Mode require the public certificate of each QGS appliance installed on the host that runs the Cloud Agent.

There are two certificate deployment options available in the QGS User Interface:

  1. Certificate File in PEM file format for any operating system
    • Use any supported software distribution tool to deploy the certificate PEM to the host certificate store
  2. MSI Certificate File installer for Windows operating systems
    • Use any supported software distribution tool (SCCM, GPO, BigFix, etc.) to deploy the certificate by installing the Win.MSI file
    • Install the certificate manually on a single host C:\>msiexec -I <location_to_file\WIN.msi

Next Step

Virtual Appliance Local Configuration

 

© 2025 Qualys, Inc. All rights reserved. Privacy Policy.