Scanner Appliance

How to configure a scanner appliance for OnPrem deployments?

If you want to install a new Scanner Appliance for local scanning, simply follow these step-by-step instructions.

Preparing the images

Before you begin the installation process, we highly recommend that you take a look at the requirements. This step will ensure a smooth and successful installation of the Scanner Appliance.

System requirements

The system requirements need to be set prior to booting the scanner appliance for the first time. Read more about system requirements here:
https://support.holmsecurity.com/knowledge/what-are-the-system-requirements-for-the-scanner-appliance

  1. Login to Security Center.
  2. Click Scanner appliance > Add appliance.
  3. Click On-Premise.
  4. Click Get Started.
  5. Add the name of the Scanner Appliance, and download the image for the chosen virtualization environment.
  6. Click Next twice.
  7. You should see the screen with the scanner name and appliance token. Please write down the appliance token.
  8. Install the virtualization image on your virtualization platform and start it.
    Important: The system requirements must be set before booting the Scanner Appliance for the first time.

Important: The system requirements must be set before booting the Scanner Appliance for the first time.

Configuring the VM

  1. When the appliance boots, you will see on its screen a Holm Security Probe Configurator menu with four options:
    1. Configuration
    2. Probe Registration
    3. Status
    4. Reboot
  2. Choose Status by pressing s or navigate using arrow keys and press enter (you can always use the highlighted character or navigate using arrows and enter). Ensure you see information about interfaces and IP addresses and that the IP settings look correct. Press enter to go back to the main menu. If the settings are correct, go directly to step 16.
  3. If there were no IP addresses and you want to use the DHCP to assign an IP address to the Scanner Appliance, go to step 12. If the setting was incorrect, and you want to assign a static IP address to the Sacnner Appliance, then go to step 13.
  4. Choose Configuration > Endpoints > On-Prem in the main menu and press enter.
    The listed endpoints are the following:

    a. API
    b. NVT (download feed)
    c. APT (note the use of HTTP and not HTTPS)
    d. SSH (optional: only required for NAT mode. See below for more information)

    The endpoints can be found in the Web administration user interface of the On-Prem system under the General section. (port 8001)
    Make sure the protocol and port are correct before saving.
    Use Tab and Press OK/Save or F11 (Fn+F11)
  5. It will ask you to trust the certificate if the endpoint server uses a self-signed certificate. Confirm that you want to trust it.
    NOTE: It only displays this option if the endpoints are reachable.
    Confirm and proceed with rebooting the Scanner Appliance.
  6. Choose Configuration > Network and press enter. Now, you need to fill out the following values manually:
    1. IPv4 address
    2. IPv4 network
    3. IPv4 gateway
    4. IPv4 DNS-nameservers
    5. IPv6 address
    6. IPv6 network
    7. IPv6 gateway
    8. IPv6 DNS-nameservers
  7. You are only required to configure one protocol. Press F11 (Fn+F11) when you are done, and you will be returned to the main menu, and the interface will be reconfigured.

    Note that if you are using a Macbook, you can save the settings by clicking Actions on the top right menu of the UI console, then Guest OS > Send keys > F11.
  8. Make sure you have the correct firewall settings. The appliance must be able to communicate to the core machine on it's endpoints. 
  9. Choose option Probe registration, input the token you wrote down in step 7, and press F11 (Fn+F11).
  10. You are now ready to start the registration procedure. Click Register. The Scanner Appliance sends registration requests and retrieves configuration responses from the platform. You should see a confirmation that the probe has been successfully registered and configured. Click OK to get back to the main menu.
  11. You can check the activation in the Security Center to ensure the scanner was registered correctly.
  12. Done!

Validate the connection
Through the endpoints by running a connectivity test. To do so, follow this article: https://support.holmsecurity.com/knowledge/how-do-i-run-a-connectivity-test-for-the-scanner-appliance.

Please notice that it can take up to 20 minutes before the Security Center indicates a connection is established. 

Collector Proxy
Please note that the collector Proxy feature is unavailable for the latest generations (Revision 49+). This feature will be enabled in an upcoming update of the new Scanner Appliance. If this is required, you can keep using the previous generation (Revision 48).