Qualys Virtual Scanner Appliance Configuration with Microsoft Hyper-V

This document gives detailed deployment instructions for the Qualys Virtual Scanner Appliance in Microsoft Hyper-V Manager on Windows Server and Windows 11. To enable Hyper-V and create virtual machines on Windows, please refer to the Install Hyper-V topic in Microsoft documentation.

While Windows 11 Pro offers a functional Hyper-V client experience, it is not designed for the same level of scalability, reliability, and high availability as Hyper-V on Windows Server. It is suitable for smaller deployments and development environments, but not for enterprise-level virtualization needs.

Prerequisites

The following are the prerequisites for configuring Microsoft Hyper-V:

Must have a downloaded Qualys Virtual Scanner image- qVSA<version>.vhdx.zip for Microsoft Hyper-V.
Must have ‎personalization code that is generated from Qualys subscription for a new Virtual Scanner Appliance.

Refer to the article from Microsoft's official website.

Network Requirements

Following are the network requirements for configuring the virtual scanner with Hyper-V:

For single-network scanning, ensure the LAN destination network is configured to allow outbound HTTPS (port 443) access to the Internet for communicating with the Qualys Enterprise TruRisk™ Platform.
‎For split-network scanning, ensure the WAN destination network is configured to allow outbound HTTPS (port 443) access to the Internet for communicating with the Qualys Enterprise TruRisk™ Platform.
‎While conducting a scan, the virtual scanner sends probes to target assets (hosts and web applications, or one of them). The virtual scanner must be placed in a network to access the target assets for scanning.

Get Started

Perform the following steps to configure VSA with Microsoft Hyper-V: