Scanner Network Communication

This section explains communication between the Qualys Scanner Appliance and the Qualys Platform. It covers how the scanner connects to the Qualys Platform, updates itself, runs scan and command jobs, and stays healthy through regular checks and logging. Understanding this process helps ensure the scanner runs smoothly and stays in sync with the Qualys system.

When the scanner is powered on for the first time, it undergoes a sequential setup process. This process begins with the scanner initiating a configuration sync with the Qualys Platform. Using a personalization code (perscode), the scanner sends a registration request. Once the platform acknowledges and activates the scanner, the binding between the scanner and the platform is established.

After this initial setup, the scanner enters its operational phase, during which multiple processes run simultaneously. The auto-update mechanism connects the scanner to the Distribution Server every four hours. During this interaction, the scanner checks for and installs necessary software packages, including the scand package, which is essential for executing scan jobs.

At the same time, the scanner polls the Qualys server at regular intervals—every 190 seconds by default— to check for any scheduled scan jobs. If a job is available, the Qualys server sends it to the scanner, which then launches the scan using the scand process. Upon completion, the scan results are uploaded back to the Qualys Platform, and the scanner synchronizes its internal clock with the Qualys server to maintain time alignment.

The scanner handles two types of jobs: scan jobs, which are scheduled by the platform, and command jobs, which are triggered by user actions on the Qualys server. Command jobs include tasks such as configuring routes or VLANs, manually initiating an auto-update, or rebooting the appliance.

Before executing any scan job, the scanner performs internal checks to validate its capacity and ensure it is not overloaded. It reports its current capacity status to the Qualys server, which helps optimize the distribution of scans across the network.

In addition to these core functions, the scanner continuously logs operational events such as disconnections or synchronization failures. These logs are sent to the Monitoring Server, which plays a critical role in maintaining the scanner's health and diagnosing potential issues. Regular monitoring of these logs is recommended to ensure consistent uptime and performance.

This workflow ensures that once a scanner is registered, it remains updated, responsive, and healthy while seamlessly integrating with the broader Qualys infrastructure.