Distributed nodes architecture with GSE?

Hello everybody ,

We at INRAe (National Institute for Agricultural & Environmental Research, France) are testing Greenbone GVMD ‘OpenVAS’ vulnerabilities scanner, v21.4 . We’re not using appliances, we’ve been installing the opensource software (sources fetched on GitHub) and compiling on a Debian 10.10 virtual machine.
We’re in a POC phase, with only one VM (VMware hosted) node installed. It works quite fine.

However, moving from a POC to deployment on the many networks of our organization, scalability and distributing the scanning workload is now the question.

From previous (and now obsolete) versions of ‘OpenVAS’ prior to Greenbone, it would appear that one OpenVAS could possibly control several ‘remote scanner agents’ ( … ? nothing very clear though)
Nowadays, code maintenance & evolutions has moved with Greenbone Networks - and they are doing an outstanding job. Nevertheless, the main documentation available (GSM-Manual-GOS-21.04-en.pdf) is quite ‘appliances oriented’. It says that controlling multiple ‘OpenVAS-scanners’ nodes (or OSP compliants scanners) from a single ‘GVMD’ is possible, with a distributed architecture of appliances.
But I can’t find a single section describing how to set up a distributed architecture with the opensource software (GSE).

Questions are :
- is it possible (or NOT) to set up a distributed nodes architecture using Greenbone GVM opensource software only … ? (1 GVMD + multiple remote ‘scanning agents’ nodes)
- if yes, where can we find the detailed pertaining documentation ?
- finally, wouldn’t the simplest way to proceed be to just clone the whole VM into as many instances as required ?

many thanks for any answer, regards , J. Le Moigne ( jean.le-moigne [at] inrae [dot] fr

GVM versions

**gsad: Greenbone Security Assistant 21.04.0~git
**gvmd: Greenbone Vulnerability Manager 21.4.0, Manager DB revision 242
Copyright © 2009-2021 Greenbone Networks GmbH
**openvas-scanner: OpenVAS 21.4.0
**gvm-libs: gvm-libs 21.4.0

Environment

  • Debian 10.10 VM (hosted on a VMware vCenter)
  • Kernel : Linux 4.19.0-17-amd64 #1 SMP Debian 4.19.194-3 (2021-07-18) x86_64 GNU/Linux
    *Installation method / source: compiled from sources ‘GVM v21.4’ (from GitHub)

Hi,

for such setups you should really consider getting in contact with our sales department at sales@greenbone.net Distributed setups require a lot of knowledge and resources and additionally you should use the commercial feed.

At the moment we have only a build from source guide at https://greenbone.github.io/docs/ that you should follow/adapt when using git directly. For a production setup I would strongly suggest to use release tarballs or git tags instead of git branches if you don’t follow our development very closely. The documentation doesn’t include a guide on how to configure a distributed master/sensor setup (yet). Nevertheless you can find some advice and howtos in this forum about that topic provided by the community.

3 Likes

Hi ‘bricks’ ,

Many thanks for your quick feedback.
We’ve been ‘suspecting’ that it probably wasn’t that simple … ;-D)
Calling for professional services could be an option.
Thank you anyway for the links you suggest. We’ll look into it.

best regards , J. Le Moigne (jean.le-moigne [at] inrae [dot] fr)