Release 3.10: AWS | Azure | HyperV | VMware

April 23, 2024

Newly published images do not always require replacing existing scanner VMs from the previous version. To know details on when scanner replacement is needed, refer to the Know when scanner replacement is needed section.

What's New?

This release brings new features and updates to supported cloud platforms, data centers, and desktop platforms.

Public Clouds: Amazon Web Services | Azure
DataCenter: VMware
Desktop Platforms: HyperV

Availability of scanners in cloud marketplaces depends on cloud vendors and typically takes a few weeks after general availability from Qualys.
This version is not limited to the platforms listed above. In the upcoming releases, it will be available for all other supported virtualization platforms.

New Features

With this release, we have introduced new features for

All Supported Platforms

Now, DHCPv6 support and full dual-stack IPv4+v6 mode have become the default settings.
Allows to run 64-bit applications like NextGen WAS.

Amazon Web Services (AWS)

IPv6 support on Eth0 network interface.
IPv6 support can be Enabled or Disabled via the scanner's LAN Settings on VM/VMDR.
Support for Elastic Network Adapter (ENA) version upto 2.9.1g.

Azure

Support for Azure User Data (IMDS)

VMware

New vApp variable 'PREFER_USERDATA'
Default value: FALSE

If 'PREFER_USERDATA' is set to FALSE, changes made via Scanner VM Console takes precedence over user-data settings specified via vApp options; if set to TRUE, all changes made via Scanner VM Console is overridden by user data settings on scanner reboot.

Enhancements

With this release, you get several improvements to enhance the handling of read-only filesystem conditions caused by virtual disk store outages. It also includes logging improvements such as a regular dump of systems stats and metrics for better overload troubleshooting. These improvements are applicable to all supported platforms.

qVSA-3.10.x is equipped with 64-bit kernel. All previous virtual scanners will continue to work with a 32-bit kernel. There is no performance impact on 32-bit kernel Scanners.
It improves compatibility with modern hypervisors and improves networking performance.
The scanner VM size max limit of 16 cores and 16 GB RAM has been removed.
Recommended CPU:RAM ratio continues to be 1:2 or 1:3 as per available configurable sizes on the virtualization platform.
The default standard network interface MTU setting of 1500 is replaced by the DHCP option 'interface-mtu', which gets the interface's MTU setting from the DHCP server used in a customer environment.
The rotated syslog messages file names changed from *.n.gz to *-<date>.gz

Additionally, there are some improvements specific to Azure.

For Azure

The Azure Perscode configuration is now configured in User Data with the format of: PERSCODE=70612345678901
Azure proxy configuration is now configured in User Data with the format of: [<username>:<password>@]<host>[:<port>]
where proxy host should be FQDN or IP.

Deprecated Feature

With this release, we have deprecated a number of features in Azure, including the following common feature.

The maximum supported size for a virtual scanner instance with 16 CPU cores and 16 GB RAM has been deprecated, but the recommended 1:2 CPU: RAM ratio still applies.

For Azure

Azure proxy configuration value no longer accepts prepending 'proxy://'; the accepted format now is [<username>:<password>@]<host>[:<port>]
where proxyhost should be FQDN or IP.
Azure Portal UI 'username' and 'password' fields are no longer supported for configuring Perscode and Proxy_URL values.
Azure Portal UI 'Reset Password' is no longer supported for modifying or disabling proxy configuration; all proxy configuration is now configured in User Data.
Azure Perscode and proxy configuration in Custom Data field is deprecated; all Perscode and proxy configuration should be configured in User Data.