How to Scan ESXi hosts on vCenter

We support scans on your ESXi hosts through vCenter. The ESXi hosts are successfully scanned even if a firewall or proxy exists between the ESXi hosts and vCenter.


- This feature is supported in Qualys 8.14 and beyond. If you are running on a private cloud platform (PCP), please make sure that your Qualys Cloud Platform is updated to version 8.14 or later.

- An account setup to access vCenter with the proper credentials.

- A list of the vCenter IPs.


Here's a quick look at the steps you'll need to complete.

1) Set up Qualys to map using vCenter. Request vCenter credentials and IP addresses from your VMware administrator.

2) Create a vCenter authentication record. Enter vCenter credentials and vCenter IP addresses.

3) Gather vCenter map data: a) Launch a map in VM using vCenter authentication, or b) Upload a map from your VMware administrator.

To upload a map, go to Scans > Authentication > New > VMware > vCenter Mapping Upload. Upload the mapping file in CSV format. (Note - The file cannot have UTF-8 BOM encoding because you'll get an incorrect column header).  

4) Register and organize vCenter and ESXi assets. Add the assets to your account and organize them into asset groups.

5) Create a VMware authentication record. Select the "Use vCenter" option in the record and enter ESXi IP addresses. 

6) For compliance scanning, please note that certain controls also require Unix authentication. Create a Unix authentication record to scan these controls. See the following article for a list of ESXi controls that require Unix authentication: VMware ESXi Controls That Require Unix Authentication

7) View and confirm vCenter and ESXi mapping data.

8) Launch a scan on your ESXi hosts through vCenter.


Step-by-Step Tutorial

Our user guide will walk you through all the steps.

Download the user guide >>