3 Greenbone Security Manager – Overview¶
The Greenbone Security Manager (GSM) is a dedicated appliance for vulnerability scanning and vulnerability management. It is offered in different performance levels.
The specifications of the physical and virtual appliances are explained in two videos:
3.1 Physical Appliances¶
3.1.1 Enterprise Class – GSM 5400/6500¶
The GSM 6500 and GSM 5400 are designed for the operation in large companies and agencies.
The appliances of the Enterprise Class can control other appliances as sensors. The appliances themselves can be controlled as remote scanners by another appliance.
The appliances in the Enterprise Class come in a 2U 19” chassis for easy integration into the data center. For easy installation and monitoring they are equipped with a two line LC display with 16 characters per line. For uninterruptible operation they have redundant, hot swappable power supplies, hard drives and fans.
For managing the appliance, a serial port is available in addition to two out-of-band management Ethernet ports. The serial port is set up as a Cisco compatible console port.
To connect to other systems the appliances can be equipped with up to four modules. The following modules can be used in any order:
- Module(s) with 8 ports GbE-Base-TX (copper)
- Module(s) with 8 ports 1 GbE SFP (Small Form-factor Pluggable)
- Module(s) with 2 ports 10 GbE SFP+ (Enhanced Small Form-factor Pluggable)
3.1.2 Midrange Class – GSM 400/450/600/650¶
The GSM 400, GSM 450, GSM 600 and GSM 650 are designed for medium-sized companies and agencies as well as larger branch offices.
The appliances of the Midrange Class can control other appliances as sensors. The appliances themselves can be controlled as remote scanners by another appliance.
The appliances in the Midrange Class come in a 1U 19” chassis for easy integration into the data center. For easy installation and monitoring they are equipped with a two line LC display with 16 characters per line. For uninterruptible operation the appliances come with redundant fans.
For managing the appliance, a serial port is available in addition to a management Ethernet port. The serial port is set up as a Cisco compatible console port.
To connect to other systems the appliances are equipped with eight ports in total, pre-configured and set up as follows:
- 6 ports GbE-Base-TX (copper)
- 2 ports 1 GbE SFP (Small Form-factor Pluggable)
A modular configuration of the ports is not possible. One of these ports is also used as management port.
3.1.3 SME (Small Enterprise) Class – GSM 150¶
The GSM 150 is designed for small companies and agencies as well as small to medium branch offices. Controlling sensors in other security zones is not considered. However, the GSM 150 itself can be controlled as a remote scanners by another appliance.
The appliance comes in a 1U steel chassis. For easy integration into the data center an optional rackmount kit can be used. The appliance does not come with a display.
For managing the appliance, a serial port is available in addition to a management Ethernet port. The serial port is set up as a Cisco compatible console port.
To connect to other systems the appliance comes with four GbE-Base-TX (copper) ports in total. One of these ports is also used as management port.
3.1.4 Sensor – GSM 35¶
The GSM 35 is designed as a sensor for smaller companies and agencies as well as small branches.
The GSM 35 can only be used in sensor mode and has to be managed via a GSM master. No web interface is available on the GSM 35. GSMs of the Midrange Class and the Enterprise Class (GSM 400/GSM DECA and beyond) can be utilized as masters for the GSM 35.
The appliance comes in a 1U steel chassis. For easy integration into the data center an optional rackmount kit can be used. The appliance does not come with a display.
For managing the appliance, a serial port is available in addition to a management Ethernet port. The serial port is set up as a Cisco compatible console port.
To connect to other systems the appliance comes with four GbE-Base-TX (copper) ports in total. One of these ports is also used as management port.
3.2 Virtual Appliances¶
3.2.1 Midrange Class – GSM DECA/TERA/PETA/EXA¶
The GSM DECA, GSM TERA, GSM PETA and GSM EXA are designed for medium-sized companies and agencies as well as larger branch offices.
The appliances of the Midrange Class can control other appliances as sensors. The appliances themselves can be controlled as remote scanners by another appliance.
The appliances in the Midrange Class can be deployed using VMware ESXi on Microsoft Windows, MacOS and Linux systems.
To connect to other systems the appliances come with eight dynamic, virtual ports in total in case of the GSM TERA/PETA/EXA or with four dynamic, virtual ports in total in case of the GSM DECA.
One of these ports is also used as management port.
3.2.2 SME (Small Enterprise) Class – GSM CENO¶
The GSM CENO is designed for small companies and agencies as well as small to medium branch offices. Controlling sensors in other security zones is not considered. However, the GSM CENO itself can be controlled as a remote scanner by another appliance.
The GSM CENO can be deployed using VMware ESXi on Microsoft Windows, MacOS and Linux systems.
To connect to other systems the appliance comes with four dynamic, virtual ports in total.
One of these ports is also used as management port.
3.2.3 Sensor – GSM 25V¶
The GSM 25V is designed as a sensor for smaller companies and agencies as well as small branches. It provides a simple and cost effective option to monitor virtual infrastructures.
The GSM 25V can be deployed using VMware ESXi on Microsoft Windows, MacOS and Linux systems.
The GSM 25V can only be used in sensor mode and has to be managed via a GSM master. No web interface is available on the GSM 25V. GSMs of the Midrange Class and the Enterprise Class (GSM 400/GSM DECA and beyond) can be utilized as masters for the GSM 25V.
To connect to other systems the appliance comes with four dynamic, virtual ports in total.
One of these ports is also used as management port.
3.2.4 Entry Class – GSM ONE¶
The GSM ONE is designed for specific requirements such as audit using a laptop or educational purposes. It can neither control other sensors nor be controlled as a sensor by another appliance.
The GSM ONE can be deployed using various virtualization environments. The recommended and supported environment is Oracle VirtualBox.
The GSM ONE comes with one virtual port used for management, scan and updates.
The GSM ONE has all the functions of the Midrange and Enterprise Class except for the following:
- Master mode: the GSM ONE cannot control other appliances as sensors.
- Sensor mode: the GSM ONE cannot be controlled as a remote scanner by another appliance.
- VLANs: the GSM ONE does not support VLANs on the virtual port.
Note
The GSM ONE is optimized for the usage on a mobile computer. Features required for enterprise vulnerability management like remote scan engines are only available on the full featured appliances.
3.2.5 Entry Class – GSM MAVEN¶
The GSM MAVEN is designed for micro offices as well as small branches. It can neither control other sensors nor be controlled as a sensor by another appliance.
The GSM MAVEN can be deployed using various virtualization environments. The recommended and supported environment is Oracle VirtualBox.
The GSM MAVEN comes with one virtual port used for management, scan and updates.
The GSM MAVEN has all the functions of the Midrange and Enterprise Class except for the following:
- Master mode: the GSM MAVEN cannot control other appliances as sensors.
- Sensor mode: the GSM MAVEN cannot be controlled as a remote scanner by another appliances.
- Alerts: the GSM MAVEN cannot send any alerts via SMTP, SNMP, syslog or HTTP.
- VLANs: the GSM MAVEN does not support VLANs on the virtual port.
Note
The GSM MAVEN is optimized for the usage on a mobile computer. Features required for enterprise vulnerability management like schedules, alerts and remote scan engines are only available on the full featured appliances.