Configuring distributed Scan Engines

Your organization may distribute Scan Engines in various locations within your network, separate from your Security Console.Unlike the local Scan Engine, which is installed with the Security Console, you need to separately configure distributed engines and pair then with the console, as explained in this section.

Configuring a distributed Scan Engine involves the following steps:

• Adding an engine on page 1
• Pairing the Scan Engine with the Security Console on page 1
• Assigning a site to the new Scan Engine

Before you configure and pair a distributed Scan Engine

1. Install the Scan Engine. See the installation guide for instructions. You can download it from Support: Technical Support and Customer Care.
2. Start the Scan Engine. You can only configure a new Scan Engine if it is running.

Configuring the Security Console to work with a new Scan Engine

By default, the Security Console initiates a TCP connection to Scan Engines over port 40814. If a distributed Scan Engine is behind a firewall, make sure that port 40814 is open on the firewall to allow communication between the Security Console and Scan Engine.

Adding an engine

The first step for integrating the Security Console and the new Scan Engine is adding information about the Scan Engine.

You can add a Scan Engine while you're configuring a site:

If you are adding an engine while configuring a new site, click the Create site button on the Home page.
If you are adding a new engine option to an existing site, click that site's Edit icon in the Sites table on the Home page.

1. In the Site Configuration click the Engines tab.
2. Select the Add Scan Engine tab and then the General tab.
3. Enter a unique name that will make it easy for you to remember the engine.
4. Enter the Scan Engine's address and port number on which it will listen for communication from the Security Console.
5. Click Save.

Adding a Scan Engine

After you add the engine, the Security Console creates the consoles.xml file. You will need to edit this file in the pairing process.

If you are a Global Administrator, you also have the option to add an engine through the Administration tab:

1. Click the Administrationicon.

2. On the Administration page, click Create to the right of Scan Engines.
3. Click the General tab of the Scan Engine Configuration panel.
4. Enter a unique name that will make it easy for you to remember the engine.
5. Enter the IP address and port on for the computer on which the engine is installed.

6. If you have already created sites, you can assign sites to the new Scan Engine by going to the Sites page of this panel. If you have not yet created sites, you can perform this step during site creation.

7. Click Save.

After you add the engine, the Security Console creates the consoles.xml file. You will need to edit this file in the pairing process.

Pairing the Scan Engine with the Security Console

Note:  You must log on to the operating system of the Scan Engine as a user with administrative permissions before performing the next steps.

Edit the consoles.xml file in the following step to pair the Scan Engine with the Security Console.

1. Open the consoles.xml file using a text editing program. Consoles.xml is located in the [installation_directory]/nse/conf directory on the Scan Engine.
2. Locate the line for the console that you want to pair with the engine. The console will be marked by a unique identification number and an IP address.
3. Change the value for the Enabled attribute from 0 to 1.

The Scan Engine's consoles.xml file showing that the Security Console is enabled

4. Save and close the file.
5. Restart the Scan Engine, so that the configuration change can take effect.

Verify that the console and engine are now paired:

1. Click the Administration icon.

2. On the Administration page, click Manage to the right of Scan Engines.

3. On the Scan Engines page, locate the Scan Engine that you added.

Note that the status for the engine is Unknown.

4. Click the Refresh icon for the engine.

The Status column indicates with a color-coded arrow whether the Security Console or a Scan Engine is initiating communication in each pairing. The color of the arrow indicates the status of the communication. A green arrow indicates Active status, which means you can now assign a site to this Scan Engine and run a scan with it.

For more information on communication status, see Managing the Security Console in the Nexpose Administrator's Guide. Changing Scan Engine communication direction in the Console

The Scan Engines table with the Refresh icon and Active status highlighted

Note:  If you change the address of the Scan Engine, you will have to pair it with the Security Console again.

On the Scan Engines page, you can also perform the following tasks:

• You can edit the properties of any listed Scan Engine by clicking Edit for that engine.
• You can delete a Scan Engine by clicking Delete for that engine.
• You can manually apply an available update to the scan engine by clicking Update for that engine. To perform this task using the command prompt, see Using the command console.

You can configure certain performance settings for all Scan Engines on the Scan Engines page of the Security Console configuration panel. For more information, see Changing default Scan Engine settings.

Assigning a site to the new Scan Engine

Note:  If you have not yet set up a site, create one first. See Creating and editing sites.

If you are assigning a site to an engine while configuring it, see Selecting a Scan Engine or engine pool for a site.

If you are assigning a site via the Administration tab:

1. Go to the Sites page of the Scan Engine Configuration panel and click Select Sites.

The console displays a box listing all the sites in your network.

2. Click the check boxes for sites you wish to assign to the new Scan Engine and click Save.

Assigning a site to a Scan Engine

The sites appear on the Sites page of the Scan Engine Configuration panel.

3. Click Save to save the new Scan Engine information.