Configuring the VSA

Virtual Scan Appliance

You must complete this procedure for each VSA you install on your network.

At any time during the configuration, you can press CTRL-C to run diagnostic commands (continue, debug, ping, reset, web, help) or to restart the configuration process.

  1. Install the downloaded OVA file on your VMware environment.
  2. Boot your VSA and log into the secure, local console using the username appliance and the password appliance. You see the following:

  3. The system detects if you are using DHCP or static. If you want to change this setting, the system prompts you to change it.

  4. Enter the following network addresses:
    • Static IP address (if you opted to use static and not DHCP)
    • Network address
    • Netmask address
    • Default gateway
    • DNS server 1
    • DNS server 2 (optional)

  5. Ensure the connection established message shows a successful connection to Veracode Services. If the VSA cannot successfully access Veracode, verify that you have added the Veracode jobservice (192.157.28.50) to your firewall settings.

  6. If necessary, enter your proxy server information, including:
    • Proxy type
    • Proxy host
    • Proxy port
    • Type of authentication (NTLM or basic)
    • Proxy username
    • Proxy password

  7. Go to the Veracode Platform to add the appliance under VSA Management in the Administration menu (gear icon) at top of the screen. This action generates the token you need to enter next. You have to create a group and assign the VSA to the group, and then you can assign DynamicDS scans to this group.
    Add the new VSA from the Veracode Platform
  8. Enter the VSA token. This field is case-sensitive. Each token is unique to each appliance, so ensure you are entering the correct token for the correct VSA. You can only use a token once.

The VSA then attempts to connect to the YUM repository through either a direct, midpoint, or proxy route. If the VSA can connect to one of these routes, the scan software installs.

If the VSA cannot connect to the YUM repository, verify that you have whitelisted 192.157.28.52 for outbound traffic over port 443.

If your organization has chosen to not use a midpoint and the software is installed, your VSA is ready to start scanning. If you are using a midpoint, you must connect your VSA to its midpoint.