As the Vulnerability Manager guru for our company, I am responsible for deployment of scanners across the US. I would like to make it as easy as possible on the folks who are doing the racking and stacking, so I would like to install and configure the MVM3000s before shipping them out to the datacenters. Installing the software, putting in all of the settings to add them to our existing environment, and all that fun stuff. The idea is that the Datacenter folks plug it up, validate that there is connectivity, then we are up working.
This seems a bit off from the quick start guide - is there a problem with this approach? Am I missing something that will doom me to failure? Has anyone out there done this before and can provide me with any feedback or tips?
That approach should work just fine using the MVM3000.
The remote scan engines need communicate to two devices on your network.
If the IP Address for the Database and FCServer are going stay static between your staging area and production then all you need to do is change the IP Address on the scan engine before it ships out and make sure there is a communication path on TCP ports 1433 and 3801 back to the DB and FCServer.
If the IP Address for the Database and FCServer are not going to stay static then you will need to also change the FCServers IP Address on the engine using the Foundstone Configuration Agent utility. Once the FCAgent on the scan engine checks back in with the FCServer it will pull down the new database IP Address that is configured in the FCM Console under Tools>Preferences>Database.
I'm attached a screen shot of the two configurations screens in MVM that you might need to make changes too.
The FC (Report Server) and the DB server will indeed remain static, so essentially, I should ensure that there is connectivity and that we are working well, then just ensure I change the IP address of the scan engine prior to sending it out. Will I need to make that change on both the engine and the FC, or just the engine, and the FC will understand when it makes that first connection?
Well first we need to get some termanology straight so we are both on the same page.Assumeing that you are only using MVM3000's.
FCServer and FCAgents:
Scan Engine, Report Server, FCServer, API Server and Database:
From what I understood in your last post there will be a single system running the Database, FCServer and Report Server. If that is accurate and the IP Address of that system will not change then once you have a scan engine configured you will just need to assign it a new IP Address. Once it boots up on the new network it will just use normal TCP to connect back to the correct components. There isn't anything else you will need to do.
Looks like I was good and confusing -
We have one DB server A
One report server (Enterprise Manager) B
What used to be called a Primary Scan Engine(but now is the FC Server?) C which contains the API Server, Data Sync Server, two turtledoves and a partridge in a pear tree.
A horde of Engines, happily scanning away D +
So all my new engines will need to speak with DB on 1433 - check
all my new engines will need to speak with Primary Scan Engine C and its backpack of functionality on 3801 - check
The report server already speaks to the DB on 1433, so its happy, and it doesnt have to muck about with the engines - check
The Primary Scan Engine (FC Server) speaks with all my other engines, sends updates and the like, and can converse with the DB on 1433.
I think we are speaking the same terms now - I was off a bit in my youthful enthusiasm.
Currently I am not using exclusively MVMs. The new devices will be the first MVMs, we have installed the software, and are slowly converting to appliances (with these new scanners being in the forefront). Once they are all up and functioning like greased lightning, we will be converting our other servers to an all MVM environment (probably over a 9 month - to a year time frame)
Appreciate the info!
MVM 6.5 and previous used the concept of the Primary Scan Engine. The job of the Primary Scan Engine was to ack as the conduit for all requests made using the Enterprise Manager.That job has been taken over by the API Server.
So when you say "What used to be called a Primary Scan Engine(but now is the FC Server?)" you are not correct . I put a quick jpg together on the data flow in MVM and the slight difference between 6.5 and 6.7 (6.7 and 6.8 works the same way).