3 Greenbone Enterprise Appliance – Overview

The Greenbone Enterprise Appliance is a dedicated appliance for vulnerability scanning and vulnerability management. It is offered in different performance levels.

3.1 Hardware Appliances

3.1.1 Large Organizations – Greenbone Enterprise 5400/6500

The Greenbone Enterprise 5400 and Greenbone Enterprise 6500 are designed for the operation in large organizations.

_images/Hardware_Appliance_large.png

Fig. 3.1 Greenbone Enterprise Appliance for large organizations

They can control other appliances as sensors and can also be controlled as remote scanners by other appliances.

The appliances come in a 2U 19” chassis for easy integration into the data center. For simple installation and monitoring, they are equipped with a two-line LC display with 16 characters per line. For uninterruptible operation, they have redundant, hot-swappable power supplies, hard drives and fans.

For managing the appliance, a serial port is available in addition to two out-of-band management Ethernet ports. The serial port is set up as a Cisco-compatible console port.

To connect to other systems, the appliances can be equipped with up to four modules. The following modules can be used in any order:

  • Module(s) with 8 ports GbE-Base-TX (copper)
  • Module(s) with 8 ports 1 GbE SFP (Small Form-factor Pluggable)
  • Module(s) with 2 ports 10 GbE SFP+ (Enhanced Small Form-factor Pluggable)

3.1.2 Medium-Sized Organizations and Branches – Greenbone Enterprise 400/450/600/650

The Greenbone Enterprise 400, Greenbone Enterprise 450, Greenbone Enterprise 600 and Greenbone Enterprise 650 are designed for medium-sized organizations and larger branch offices.

_images/Hardware_Appliance_medium.png

Fig. 3.2 Greenbone Enterprise Appliance for medium-sized organizations

They can control other appliances as sensors and can also be controlled as remote scanners by other appliances.

The appliances come in a 1U 19” chassis for easy integration into the data center. For simple installation and monitoring, they are equipped with a two-line LC display with 16 characters per line. For uninterruptible operation, the appliances come with redundant fans.

For managing the appliance, a serial port is available in addition to a management Ethernet port. The serial port is set up as a Cisco-compatible console port.

To connect to other systems, the appliances are equipped with ten ports in total, pre-configured and set up as follows:

  • 8 ports GbE-Base-TX (copper)
  • 2 ports 10 GbE SFP+ (Enhanced Small Form-factor Pluggable)

A modular configuration of the ports is not possible. One of these ports is also used as management port.

3.1.3 Small Organizations and Branches – Greenbone Enterprise 150

The Greenbone Enterprise 150 is designed for small organizations as well as for small to medium-sized branch offices.

Controlling sensors in other security zones is not considered. However, the Greenbone Enterprise 150 itself can be controlled as a remote scanners by other appliances.

_images/Hardware_Appliance_small.png

Fig. 3.3 Greenbone Enterprise Appliance for small organizations

The appliance comes in a 1U steel chassis. For easy integration into the data center, an optional rackmount kit can be used. The appliance does not come with a display.

For managing the appliance, a serial port is available in addition to a management Ethernet port. The serial port is set up as a Cisco-compatible console port.

To connect to other systems, the appliance comes with four GbE-Base-TX (copper) ports in total. One of these ports is also used as management port.

3.1.4 Sensor – Greenbone Enterprise 35

The Greenbone Enterprise 35 is designed as a sensor for distributed scan systems.

_images/Hardware_Appliance_sensor.png

Fig. 3.4 Hardware sensor

The appliance can only be used in sensor mode and has to be managed via a master appliance. For this reason, it does not have a web interface itself. Appliances from Greenbone Enterprise 400/DECA can be utilized as masters for the Greenbone Enterprise 35.

The appliance comes in a 1U steel chassis. For easy integration into the data center, an optional rackmount kit can be used. The appliance does not come with a display.

For managing the appliance, a serial port is available in addition to a management Ethernet port. The serial port is set up as a Cisco-compatible console port.

To connect to other systems, the appliance comes with four GbE-Base-TX (copper) ports in total. One of these ports is also used as management port.

_images/gsm_overview_physical.png

3.2 Virtual Appliances

3.2.1 Medium-Sized Organizations and Branches – Greenbone Enterprise DECA/TERA/PETA/EXA

The Greenbone Enterprise DECA, Greenbone Enterprise TERA, Greenbone Enterprise PETA and Greenbone Enterprise EXA are designed for medium-sized organizations and larger branch offices.

_images/Virtual_Appliance.png

Fig. 3.5 Greenbone Enterprise Appliance for medium-sized organizations

They can control other appliances as sensors and can also be controlled as remote scanners by other appliances.

The appliances can be deployed using VMware ESXi on Microsoft Windows, MacOS and Linux systems.

To connect to other systems, the appliances come with eight dynamic, virtual ports in total in case of the Greenbone Enterprise TERA/PETA/EXA, or with four dynamic, virtual ports in total in case of the Greenbone Enterprise DECA.

One of these ports is also used as management port.

3.2.2 Small Organizations – Greenbone Enterprise CENO

The Greenbone Enterprise CENO is designed for small organizations as well as for small to medium-sized branch offices.

Controlling sensors in other security zones is not considered. However, the Greenbone Enterprise CENO itself can be controlled as a remote scanners by other appliances.

The appliance can be deployed using VMware ESXi on Microsoft Windows, MacOS and Linux systems.

To connect to other systems, the appliance comes with four dynamic, virtual ports in total.

One of these ports is also used as management port.

3.2.3 Sensor – Greenbone Enterprise 25V

The Greenbone Enterprise 25V is designed as a sensor for distributed scan systems.

The appliance can only be used in sensor mode and has to be managed via a master appliance. For this reason, it does not have a web interface itself. Appliances from Greenbone Enterprise 400/DECA can be utilized as masters for the Greenbone Enterprise 25V.

The appliance can be deployed using VMware ESXi on Microsoft Windows, MacOS and Linux systems.

To connect to other systems, the appliance comes with four dynamic, virtual ports in total.

One of these ports is also used as management port.

3.2.4 Training and Audit-via-Laptop – Greenbone Enterprise ONE

The Greenbone Enterprise ONE is designed for special use cases such as audit-via-laptop or trainings. It can neither control other sensors nor be controlled as a sensor by another appliance.

The appliance can be deployed using various virtualization environments. The recommended and supported environment is Oracle VirtualBox.

The appliance comes with one virtual port used for management, scan and updates.

The appliance has all the functions of the appliances for medium-sized and large organizations except for the following:

  • Master mode: the Greenbone Enterprise ONE cannot control other appliances as sensors.
  • Sensor mode: the Greenbone Enterprise ONE cannot be controlled as a remote scanner by other appliances.
  • VLANs: the Greenbone Enterprise ONE does not support VLANs on the virtual port.

Note

The Greenbone Enterprise ONE is optimized for the usage on a mobile computer. Features required for enterprise vulnerability management like remote scan engines are only available on the full-featured appliances.

_images/gsm_overview_virtual.png