Deploy Scanner Instance Using Launch Instance Wizard via OpenStack Application
Launch the scanner instance using the OpenStack Launch Instance wizard. The scanner instance can be launched using dashboard or command line.
Launch the Scanner Instance Using the Dashboard
To launch the scanner instances using dashboard, provide the basic details, network configuration, security group, and configuration.
Basic Details
- Click the Launch Instance under Instances.
- Enter a name for your instance.
- Select the scanner image.
The scanner instance needs at least 56 GB of free disk space, 2 GB memory, and network connectivity to the outside world.
Qualys Scanner Appliance supports up to 16 GB RAM and 16 CPU cores.
- Select the flavor.
You must choose the flavor with the capacity mentioned in the previous step. You can use medium or large flavors if you are using the default flavors.
You can assign an IP through the Networks section or the Network Ports option.
If assigning through the Network section, select the network from the given networks and proceed to the Security Groups option.
Network Configuration
qVSA image version 3.10 and above supports Dual-Stack mode, meaning the Scanner VM LAN interface can receive IPv4 and IPv6 addresses if the attached network interface is dual-stack capable.
- Select the network from the given networks and proceed to the Security Groups option.
- Select the network which has connectivity to the outside world.
Optional Network Configuration
Proxy ConfigurationProxy Configuration
Scanner Instance supports IP and FQDN for the proxy server configuration. Proxy can be configured using the following methods:
- Method #1: via Scanner UI or console
After the Scanner Instance is deployed, the Proxy can be configured by selecting the Enable Proxy option on the Scanner UI/console. Refer to Optional Network configuration via Scanner UI/console after the Instance is deployed
- Method #2: via customization script
During Scanner instance deployment using the dashboard, OpenStack customization script can be used to enable proxy by providing a
PROXY_URL variable. PROXY_URL = username:password@proxyhost:portFormatting:If you have a domain user, the format is domain or username:password@proxyhost:port
If authentication is not used, the format is proxyhost:port
where proxyhost is the IPv4 address or the FQDN of the proxy server, port is the port the proxy server is running onExamples:
jdoe:abc12345@10.40.1.123:3128
jdoe:abc12345@myproxy.qualys.com:3128
ntlm\jdoe:abc1234@10.40.1.123:3128
customization script example Optional Proxy Configuration
WAN/Split Network ModeWAN/Split Network Mode
The qVSA image version 3.10 and above supports WAN/Split Network configuration. With two network adapters attached to the Scanner Instance, the WAN interface can be enabled using the following methods:
-
Method #1: via Scanner UI or console
With two network interfaces attached to Scanner Instance VM, Scanner UI/console has an option to enable the WAN interface. Refer to Optional Network configuration via Scanner UI/console after the Instance is deployed
-
Method #2: via customization script
During Scanner instance deployment using the dashboard, the OpenStack customization script can be used to enable the WAN interface. Provide the ENABLE_WAN variable in the customization script and set it to True.
For example,
ENABLE_WAN=True.
customization script example WAN/Split Network Mode Configuration
The qVSA image version 3.10 and above supports IPv6-only mode. This mode is supported only in a single network mode. LAN interface have only an IPv6 address. IPv6-only mode can be enabled using the following methods:
- Method #1: via Scanner UI or console
After the Scanner instance is deployed, IPv6-only mode can be enabled by selecting the Reset to IPv6-only mode option under Reset network settings.
Optional Network configuration via Scanner UI/console after the Instance is deployed
-
Method #2: via customization script
OpenStack customization script can enable IPv6-only mode by providing the IPV6_ONLY variable and setting it to True.
Customization script example Optional IPv6 Only mode configuration.
VLAN on LAN InterfaceVLAN on LAN Interface
The qVSA image version 3.10 and above supports VLAN configuration on LAN interface. VLAN can be configured via Scanner UI/console by selecting the Enable VLAN on LAN option in Setup Network (LAN).
Security Group
Skip the Key Pair Step - Since you are not allowed to log in to the Scanner Instance, you do not need the key. Proceed to Configuration.
Configuration
The Scanner Instance VM can be customized using the customization script. In the Customization Script, enter the personalization code you obtained from the Qualys Cloud Platform.
Customization script supports optional configurations such as Proxy, WAN/Split network mode, and IPv6-only mode.
Optional Proxy ConfigurationOptional Proxy Configuration
We support IP and FQDN for the proxy server configuration.
In the Customization Script, add the following information:
PERSCODE = xxxxxxxxxxxxxx
PROXY_URL = username:password@proxyhost:port
Formatting:
If you have a domain user, the format is domain\username:password@proxyhost:port
If authentication is not used, the format is proxyhost:port
where proxyhost is the IPv4 address or the FQDN of the proxy server, port is the port the proxy server is running on
Examples:
jdoe:abc12345@10.40.1.123:3128
jdoe:abc12345@myproxy.qualys.com:3128
ntlm\jdoe:abc1234@10.40.1.123:3128
Optional WAN/Split Network ConfigurationOptional WAN/Split Network Configuration
qVSA image version 3.10 and above supports Split network configuration (LAN and WAN interface). Set ENABLE_WAN to True in customization script to enable this mode. Scanner Instance will boot up with WAN interface enabled
Optional IPv6 Only mode configurationOptional IPv6 Only mode configuration
The qVSA image version 3.10 and above supports IPv6 Only mode where Scanner Instance boots up in IPv6 mode (LAN interface with only IPv6 address) if IPV6_ONLY is set to True in customization script.
Note :
-
You can enter the personalization code via Scanner UI/console even after launching the instance.
-
Proxy information can be provided during Instance creation (via customization script) or via Scanner UI/console after launching the Instance.
-
WAN interface can be enabled during Instance creation (via customization script) or via Scanner UI/console after launching the Instance.
-
IPv6-onlymode can be enabled during Instance creation (via customization script) or via Scanner UI/console after launching the Instance.
Skip the Metadata Step - To launch the Scanner Instance, you do not need to provide any metadata.
After downloading all the packages, the GUI displays 'Welcome to Qualys Virtual Scanner.
After this section and the screenshot, add the following section:
If Perscode is not provided in the customization script during Scanner instance deployment via the dashboard, the following message is displayed on the Scanner UI or console. The UI or console has a Personalization Code field where you can enter the Perscode.
Optional Network Configuration via Scanner UI or Console after the Instance is Deployed
Configure Proxy via Scanner UI/consoleConfigure Proxy via Scanner UI/console
Configure IPv6-only mode via Scanner UI/consoleConfigure IPv6-only mode via Scanner UI/console
