The Qualys Cloud Agent can be automatically deployed using any third-party software deployment tools including Microsoft SCCM, Microsoft Intune, Microsoft GPO, HCL BigFix, Dell KACE, and others.
For remote or roaming users, deploying packages using software deployment tools requires that the target system must be able to connect to the deployment management console while on the network or, if remote, using cloud-based console, using a VPN connection, or to allow remote users to access on-premises management console through DMZ or other inbound rules.
This post describes common deployment models and best practices to deploy the Cloud Agent for remote workforce.
Qualys Cloud Agent Installer
The installer for the Cloud Agent Windows is a very lightweight and easy to create deployment packages with only two required arguments and no pre-deployment or post-deployment scripts. The instructions are available at the Qualys documentation site at https://www.qualys.com/docs/qualys-cloud-agent-windows-install-guide.pdf
The installation is silent with no user pop-ups and does not require the system to reboot. The agent connects to the Qualys Cloud Platform over the Internet after successful installation.
If your organization’s IT team is already using software deployment tools to deploy and install software, the Cloud Agent installer documentation and the actual installer executable is all they need to create the deployment packages. Please refer to the vendor’s specific documentation to create and deploy packages. Here are some best practices for common software deployment tools.
Create a deployment package and specify the agent installer with the two required arguments, “Customer ID” and “Activation ID”. You can optionally create uninstall steps in the same package.
Note: SCCM has the ability to upgrade versions and check for a specific version. Qualys allows for managed upgrades of the installed agent directly from the Qualys platform. If you have auto-upgrade of the agent enabled from the Qualys platform, do not use a SCCM version check as there will be a version upgrade/downgrade conflict between SCCM and the Qualys upgrade.
Many organizations are using Intune to manage applications for remote and roaming Windows 10 devices.
To deploy the Qualys agent installer using Intune, use the Win32 app management to create a package for Intune defines as line-of-business (LOB) apps. To use Win32 app management, there are required pre-requisites that include Windows 10 version 1607 or later (Enterprise, Pro, and Education versions) and the Windows 10 client must be joined to Azure AD and auto-enrolled.
More detailed instructions are available in Intune’s documentation website: https://docs.microsoft.com/en-us/mem/intune/apps/apps-win32-app-management
Use the Qualys Installer Bundle Utility to Install from Email or Web download
For organizations that do not have software deployment tools for remote and roaming end-users, Qualys has created an installer bundle utility that will wrap the Qualys agent installer and the two required installation arguments into a single installer .exe application.
Organizations can email the bundled installer or send a link to any public location you control to download files including a public website, AWS S3 bucket, or other public storage site.
Note: the end-user must have Administrator permissions to their machine to install software and any local security agents must allow the bundled installer to execute.
For existing customers, contact your Technical Account Manager for access and instructions for the Qualys installer bundle utility. (Update, Mar 27: This is also now available through the Knowledge Articles in the Customer Support Portal for registered support contacts.)