Instrument VMware Virtual Machines for Security and Compliance

Vinu Prasad

How do you ensure Qualys is managing the security and compliance of all your VMware workloads? First, you need to have Qualys Cloud Agent installed and running on all of your VMware virtual machines. While VMware vCenter knows the exact inventory of your virtual machines at all times, it doesn’t know about Cloud Agent.

That’s where the new Qualys Agent Checker open-source tool comes in. Agent Checker integrates with VMware vCenter to query and report the deployment status of Cloud Agent across all vCenter-managed virtual machines. With this knowledge, you can update your DevOps processes to ensure Cloud Agent is installed and running on all your virtual machines.

Running Agent Checker

Agent Checker connects securely via API to multiple VCenter instances to collect Cloud Agent details, including whether or not the Qualys Cloud Agent is installed on the host; and if installed, the Cloud Agent version. Once this data is collected, it is then parsed and presented in an easily readable Excel spreadsheet report. Excel handles large lists of assets easily, and gives the flexibility to sort assets based on Cloud Agent version. Qualys Agent Checker can be scheduled to run at regular intervals via Cron jobs, with regular reports mailed to appropriate parties. Qualys Agent Checker uses Ansible vaults for secure storage of the credentials used for logging into VMware vCenter.

Agent Checker Reports

The Excel reports generated by Agent Checker contain the following tables:

  • Running: The hostnames of all virtual machines where Cloud Agent is installed and running, and the Cloud Agent version
  • Not Running: The hostnames of all virtual machines where Cloud Agent is installed but not running, and the Cloud Agent version
  • Not Installed: The hostnames of all virtual machines where Cloud Agent is not installed
Agent Checker output showing VMware virtual machines with Cloud Agent running (left) and not installed (right).

Download

Download the Agent Checker tool from Qualys’ GitHub repository: https://github.com/Qualys/Qualys-Agent-Checker

Contributors

Agent Checker was developed by members of the Qualys Cloud Operations team, which manages Qualys’ data centers and ensures efficient and secure operation of Qualys cloud infrastructure. In addition to the blog author Vinu Prasad, technical contributors to the Agent Checker tool include:

  • Purushottam Soni, Lead Cloud Infrastructure Engineer, Qualys
  • Cody Yu, Cloud Infrastructure Engineer, Qualys
  • Vivek Sharma, Cloud Platform Engineer, Qualys
  • Junjie Lu, Cloud Infrastructure Engineer, Qualys
Show Comments (2)

Comments

Your email address will not be published. Required fields are marked *