Release 3.10: AWS | Azure | HyperV | VMware

April 23, 2024

 The operating system for Virtual Scanner cannot be upgraded. You need to replace the scanner image or deploy a new scanner with the latest image, although this may not always be necessary. For details on when scanner replacement is necessary, refer to the Know when scanner replacement is needed section. 

What's New?

This release brings new features and updates to supported cloud platforms, data centers, and desktop platforms.

  • Public Clouds: Amazon Web Services | Azure
  • DataCenter: VMware
  • Desktop Platforms:  HyperV
  • Availability of scanners in cloud marketplaces depends on cloud vendors and typically takes a few weeks after general availability from Qualys.
  • This version is not limited to the platforms listed above. In the upcoming releases, it will be available for all other supported virtualization platforms.

New Features

With this release, we have introduced new features for 

All Supported Platforms

  • Now, DHCPv6 support and full dual-stack IPv4+v6 mode have become the default settings.
  • Allows to run 64-bit applications like NextGen WAS.

Amazon Web Services (AWS)

  • IPv6 support on Eth0 network interface.

    IPv6 support can be Enabled or Disabled via the scanner's LAN Settings on VM/VMDR.

  • Support for Elastic Network Adapter (ENA) version upto 2.9.1g.

Azure

  • Support for Azure User Data (IMDS)

VMware

  • New vApp variable 'PREFER_USERDATA'

    Default value: FALSE

    If  'PREFER_USERDATA' is set to FALSE, changes made via Scanner VM Console takes precedence over user-data settings specified via vApp options; if set to TRUE, all changes made via Scanner VM Console is overridden by user data settings on scanner reboot.

Enhancements 

With this release, you get several improvements to enhance the handling of read-only filesystem conditions caused by virtual disk store outages. It also includes logging improvements such as a regular dump of systems stats and metrics for better overload troubleshooting. These improvements are applicable to all supported platforms.

  • qVSA-3.10.x is equipped with 64-bit kernel. All previous virtual scanners will continue to work with a 32-bit kernel. There is no performance impact on 32-bit kernel Scanners.
  • It improves compatibility with modern hypervisors and improves networking performance.

  • The scanner VM size max limit of 16 cores and 16 GB RAM has been removed.

    Recommended CPU:RAM ratio continues to be 1:2 or 1:3 as per available configurable sizes on the virtualization platform.

  • The default standard network interface MTU setting of 1500  is replaced by the DHCP option 'interface-mtu', which gets the interface's MTU setting from the DHCP server used in a customer environment.
  • The rotated syslog messages file names changed from *.n.gz to *-<date>.gz

Additionally, there are some improvements specific to Azure.

For Azure

  • The Azure Perscode configuration is now configured in User Data with the format of: PERSCODE=70612345678901
  • Azure proxy configuration is now configured in User Data with the format of: [<username>:<password>@]<host>[:<port>]
    where proxy host should be FQDN or IP. 

Deprecated Feature

With this release, we have deprecated a number of features in Azure, including the following common feature.

The maximum supported size for a virtual scanner instance with 16 CPU cores and 16 GB RAM has been deprecated, but the recommended 1:2 CPU: RAM ratio still applies.

For Azure

  • Azure proxy configuration value no longer accepts prepending 'proxy://'; the accepted format now is [<username>:<password>@]<host>[:<port>]
     where proxyhost should be FQDN or IP.
  • Azure Portal UI 'username' and 'password' fields are no longer supported for configuring Perscode and Proxy_URL values.
  • Azure Portal UI 'Reset Password' is no longer supported for modifying or disabling proxy configuration; all proxy configuration is now configured in User Data.
  • Azure Perscode and proxy configuration in Custom Data field is deprecated; all Perscode and proxy configuration should be configured in User Data.