2. GSM Overview

The Greenbone Security Manager is a dedicated appliance for vulnerability scanning and vulnerability management. It is a specifically developed platform optimized for vulnerability management. It is offered in different performance levels.

_images/gsm-product-spec-head.png _images/gsm-product-spec-usecases.png _images/gsm-product-spec-ports.png _images/gsm-product-spec-hardware.png _images/gsm-product-spec-networks.png _images/gsm-product-spec-gos.png

2.1. Enterprise class (GSM 5300/6400)

The GSM 5300 and GSM 6400 are designed for the operation in large companies and agencies. The GSM 6400 can control sensors in up to 50 security zones and is recommended for up to 50,000 monitored IP addresses. The GSM 5300 can control sensors in up to 30 security zones and is recommended for up to 30,000 monitored IP addresses. The appliances themselves can be controlled as a slave sensor by another master.

_images/gsm_6400_side_2000x600_transp.png

The GSM 6400 supports up to 50,000 IP addresses

The appliances in the enterprise class come in a 2U 19” chassis for easy integration into the data center. For easy installation and monitoring they are equipped with a two line, 16 characters per line LCD display. For uninterruptable operation they have redundant, hot swappable power supplies, hard drives and fans.

For management of the appliance, in addition to an out-of-band management Ethernet port, a serial port is available. The serial port is setup as a Cisco compatible console port.

To connect to the monitored systems both appliances can be equipped with three modules. The following modules can be used in any order:

  • 8 Port Gigabit Ethernet 10/100/1000 Base-TX (copper)
  • 8 Port Gigabit Ethernet SFP (small-form factor-pluggable)
  • 2 Port 10-Gigabit Ethernet XFP

Up to 512 VLANs can be configured and managed per port for the GSM 6400, up to 256 for the GSM 5300.

2.2. Midrange class (GSM 400/600/650)

The GSM 400, GSM 600 and GSM 650 are designed for mid-sized companies and agencies as well as larger branch offices. The GSM 650 can control sensors in up to 12 security zones and is recommended for up to 10,000 monitored IP addresses. The GSM 600 can also control sensors in up to 12 security zones and is recommended for up to 6,000 monitored IP addresses. The GSM 400 can control 2 sensors and is recommended for up to 2,000 monitored IP addresses. The appliances themselves can be controlled as a slave sensor by another master.

Aside from the current GSM 400, GSM 600 and GSM 650 appliances, Greenbone is still fully supporting the older appliances in this class. The GSM 500, GSM 510 and GSM 550 appliances were replaced by more up to date hardware in 2014.

The appliances in the midrange class come in a 1U 19” chassis for easy integration into the data center. For easy installation and monitoring they are equipped with a two line, 16 characters per line LCD display. For uninterruptable operation the appliances come with redundant fans. However, hot-swapping during operation is not possible.

_images/gsm-6x0-sidefront_2562x663.png

The GSM 650 supports up to 10,000 IP addresses

For management of the appliance, in addition to a management Ethernet port, a serial port is available. The serial port is setup as a Cisco compatible console port.

To connect to the monitored systems both appliances are equipped with eight ports in total, which are pre-configured and set up as follows:

  • 6 Port Gigabit Ethernet 10/100/1000 Base-TX (copper)
  • 2 Port Gigabit Ethernet SFP (small-form factor-pluggable)

A modular configuration of the ports is not possible. Up to 64 VLANs can be configured and managed per port for the GSM 650 and GSM 600, 16 VLANs for GSM 400. One of these ports is also used as management port.

2.3. SME class (GSM 100)

The GSM 100 is designed for smaller companies and agencies as well as branches. The GSM 100 is recommended for the monitoring of up to 100 IP addresses. Controlling sensors in other security zones is not considered. However, the GSM 100 itself can be controlled as a slave-sensor by another master.

The appliance comes as 1U steel chassis. For easy integration into the data center an optional rack kit can be used. The appliance does not come with a display.

_images/gsm100_side_1686x367.png

The GSM 100 intended for smaller companies

For management of the appliance, in addition to a management Ethernet port, a serial port is available. The serial port is setup as a Cisco compatible console port.

To connect to the monitored systems the appliance comes with four 10/100/1000 Gigabit Ethernet Ports (RJ45) in total. These ports support up to 8 VLANs. One of these ports is also used as management port.

2.4. Sensors (GSM 25/25V)

The GSM 25 is designed as sensor for smaller companies and agencies as well as branches. The GSM 25 is recommended for up to 300 monitored IP addresses and requires the control of an additional appliance in master mode. The GSM of the midrange an enterprise class (GSM 500 and up) can be utilized as controllers for the GSM 25/25V.

The GSM 25 appliance comes as a 1U steel chassis. For easy integration into the data center an optional rack kit can be used. The appliance does not come with a display.

_images/gsm25_side_1686x367.png

The GSM 25 is a sensor and can only be operated with a GSM

For management of the appliance, in addition to a management Ethernet port, a serial port is available. The serial port is setup as a Cisco compatible console port.

To connect to the monitored systems the appliance comes with four 10/100/1000 Gigabit Ethernet Ports (RJ45) in total. These ports support up to 8 VLANs. One of these ports is also used as management port.

The GSM 25V is a virtual Appliance and provides a simple and cost effective option to monitor virtual infrastructures. In contrast to the GSM 25 the virtual version only comes with one virtual port for management, scanning and updates.

2.5. GSM ONE

The GSM ONE is designed for specific requirements such as audit using a laptop or educational purposes. The GSM ONE is recommended for up to 300 monitored IP addresses and can neither control other sensors nor be controlled as a sensor by a larger appliance.

The GSM ONE only comes with one virtual port that is used for management, scan and updates. This port does not support the use of VLANs.

_images/gsm-one-app_2000x600_transp.png

The GSM ONE is a virtual instance.

The GSM ONE has all the functions of the larger systems except for the following:

  • Master Mode: the GSM ONE cannot control other appliances as sensors.
  • Slave Mode: the GSM ONE cannot be controlled as a slave sensor by other master-mode appliances.
  • Alerts: the GSM ONE cannot send any alerts via SMTP, SNMP, syslog or HTTP.
  • VLANs: the GSM ONE does not support VLANs on the virtual port.

2.6. GSM CE

The Greenbone Security Manager Community Edition (GSM CE) is a derivative of the GSM ONE for evaluation purposes. The GSM CE may be deployed using VirtualBox on Microsoft Windows, MacOS and Linux systems.

In contrast to the commercial version the GSM CE uses the OpenVAS Community Feed instead of the Greenbone Security Feed. While the commercial versions support seamless updates of the operating systems new versions of the GSM CE are provided as ISO images requiring a new full installation. Further differences between the other GSM models and the GSM CE are explained on http://www.greenbone.net/community-edition/.

Both the Community Edition and the GSM ONE are optimized for the usage on a mobile computer. Features required for enterprise vulnerability management like schedules, alerts and remote scan engines are only available on the full featured appliances.