We support scans on your ESXi hosts through vCenter. The ESXi hosts are successfully scanned even if a firewall or proxy exists between the ESXi hosts and vCenter.
- This feature is supported in Qualys 8.14 and beyond. If you are running on a private cloud platform (PCP), please make sure that your Qualys Cloud Platform is updated to version 8.14 or later.
- An account setup to access vCenter with the proper credentials.
- A list of the vCenter IPs.
Here's a quick look at the steps you'll need to complete.
1) Set up Qualys to map using vCenter. Request vCenter credentials and IP addresses from your VMware administrator.
2) Create a vCenter authentication record. Enter vCenter credentials and vCenter IP addresses.
3) Gather vCenter map data: a) Launch a map in VM using vCenter authentication, or b) Upload a map from your VMware administrator.
To upload a map, go to Scans > Authentication > New > VMware > vCenter Mapping Upload. Upload the mapping file in CSV format. (Note - The file cannot have UTF-8 BOM encoding because you'll get an incorrect column header).
4) Register and organize vCenter and ESXi assets. Add the assets to your account and organize them into asset groups.
5) Create a VMware authentication record. Select the "Use vCenter" option in the record and enter ESXi IP addresses.
Note: The vCenter mapping list displays the association between vCenter and VMware IP addresses. This list can be created using a map scan or manual CSV upload. All users, regardless of their role, can view the IPs in the mapping list because user-level scoping applies only to hosts, not to IP addresses.
6) For compliance scanning, please note that certain controls also require Unix authentication. Create a Unix authentication record to scan these controls. See the following article for a list of ESXi controls that require Unix authentication: VMware ESXi Controls That Require Unix Authentication
7) View and confirm vCenter and ESXi mapping data.
8) Launch a scan on your ESXi hosts through vCenter.