3. Greenbone Security Manager – Overview

The Greenbone Security Manager (GSM) is a dedicated appliance for vulnerability scanning and vulnerability management. It is offered in different performance levels.

_images/Product_Overview.png

Solution overview physical appliances

_images/Product_Overview-2.png

Solution overview virtual appliances

3.1. Physical Appliances

3.1.1. Large Enterprise Class – GSM 5400/6500

The GSM 6500 and GSM 5400 are designed for the operation in large companies and agencies. The appliances themselves can be controlled as remote sensors by another appliance.

Aside from the current GSM 5400 and GSM 6500 appliances, Greenbone Networks is still fully supporting the older appliances in this class (GSM 5300/6400).

_images/GSM_5400.png

GSM of the Large Enterprise Class

The appliances in the Large Enterprise Class come in a 2U 19” chassis for easy integration into the data center. For easy installation and monitoring they are equipped with a two line LCD display with 16 characters per line. For uninterruptible operation they have redundant, hot swappable power supplies, hard drives and fans.

For managing the appliance, a serial port is available in addition to an out-of-band management Ethernet port. The serial port is set up as a Cisco compatible console port.

To connect to the monitored systems the appliances can be equipped with three modules. The following modules can be used in any order:

  • 8 Port Gigabit Ethernet 10/100/1000 Base-TX (copper)
  • 8 Port Gigabit Ethernet SFP (Small Form-factor Pluggable)
  • 2 Port 10-Gigabit Ethernet XFP

3.1.2. Medium Enterprise Class – GSM 400/600/650

The GSM 400, GSM 600 and GSM 650 are designed for medium-sized companies and agencies as well as larger branch offices. The appliances themselves can be controlled as remote sensors by another appliance.

Aside from the current GSM 400, GSM 600 and GSM 650 appliances, Greenbone Networks is still fully supporting the older appliances in this class (GSM 500/510/550).

_images/GSM_400.png

GSM of the Medium Enterprise Class

The appliances in the Medium Enterprise Class come in a 1U 19” chassis for easy integration into the data center. For easy installation and monitoring they are equipped with a two line LCD display with 16 characters per line. For uninterruptible operation the appliances come with redundant fans.

For managing the appliance, a serial port is available in addition to a management Ethernet port. The serial port is set up as a Cisco compatible console port.

To connect to the monitored systems the appliances are equipped with eight ports in total, pre-configured and set up as follows:

  • 6 Port Gigabit Ethernet 10/100/1000 Base-TX (copper)
  • 2 Port Gigabit Ethernet SFP (Small Form-factor Pluggable)

A modular configuration of the ports is not possible. One of these ports is also used as management port.

3.1.3. Small Enterprise/Small Branch (SME/SMB) Class – GSM 150

The GSM 150 is designed for small companies and agencies as well as small to medium branch offices. Controlling sensors in other security zones is not considered. However, the GSM 150 itself can be controlled as a remote sensor by another appliance.

_images/GSM_150.png

GSM of the SME/SMB Class

The appliance comes in a 1U steel chassis. For easy integration into the data center an optional rackmount kit can be used. The appliance does not come with a display.

For managing the appliance, a serial port is available in addition to a management Ethernet port. The serial port is set up as a Cisco compatible console port.

To connect to the monitored systems the appliance comes with four Gigabit Ethernet 10/100/1000 Base-TX (copper) ports in total. One of these ports is also used as management port.

3.1.4. Physical Sensor – GSM 35

The GSM 35 is designed as a sensor for smaller companies and agencies as well as small branches.

The GSM 35 requires the control of an additional appliance in master mode. GSMs of the Medium Enterprise Class and the Large Enterprise Class (GSM 400 and beyond) can be utilized as masters for the GSM 35.

The appliance comes in a 1U steel chassis. For easy integration into the data center an optional rackmount kit can be used. The appliance does not come with a display.

_images/GSM_35.png

Physical sensor

For managing the appliance, a serial port is available in addition to a management Ethernet port. The serial port is set up as a Cisco compatible console port.

To connect to the monitored systems the appliance comes with four Gigabit Ethernet 10/100/1000 Base-TX (copper) ports in total. One of these ports is also used as management port.

3.2. Virtual Appliances

3.2.1. Small Enterprise/Small Branch (SME/SMB) Class – GSM 150V

The GSM 150V is a virtual appliance designed for small companies and agencies as well as small to medium branch offices. Controlling sensors in other security zones is not considered. However, the GSM 150V itself can be controlled as a remote sensor by another appliance.

The GSM 150V can be deployed using VMware on Microsoft Windows, MacOS and Linux systems.

_images/GSM_150V.png

Virtual GSM of the SME/SMB Class

To connect to the monitored systems the appliance comes with four dynamic, virtual ports in total.

One of these ports is also used as management port.

3.2.2. Virtual Sensor – GSM 25V

The GSM 25V is designed as a virtual sensor for smaller companies and agencies as well as small branches. It provides a simple and cost effective option to monitor virtual infrastructures.

The GSM 25V can be deployed using VMware on Microsoft Windows, MacOS and Linux systems.

The GSM 25V requires the control of an additional appliance in master mode. GSMs of the Medium Enterprise Class and the Large Enterprise Class (GSM 400 and beyond) can be utilized as masters for the GSM 25V.

_images/GSM_25V.png

Virtual sensor

To connect to the monitored systems the appliance comes with four dynamic, virtual ports in total.

One of these ports is also used as management port.

3.2.3. GSM ONE

The GSM ONE is designed for specific requirements such as audit using a laptop or educational purposes. It can neither control other sensors nor be controlled as a sensor by another appliance.

The GSM ONE can be deployed using VMware on Microsoft Windows, MacOS and Linux systems.

_images/gsm-one-app_2000x600_transp.png

GSM ONE

The GSM ONE comes with one virtual port used for management, scan and updates.

The GSM ONE has all the functions of the Medium and Large Enterprise Class except for the following:

  • Master mode: The GSM ONE cannot control other appliances as sensors.
  • Sensor mode: The GSM ONE cannot be controlled as a remote sensor by another appliance.
  • Alerts: The GSM ONE cannot send any alerts via SMTP, SNMP, syslog or HTTP.
  • VLANs: The GSM ONE does not support VLANs on the virtual port.

Note

The GSM ONE is optimized for the usage on a mobile computer. Features required for enterprise vulnerability management like schedules, alerts and remote scan engines are only available on the full featured appliances.

3.2.4. GSM MAVEN

The GSM MAVEN is designed for micro offices as well as small branches. It can neither control other sensors nor be controlled as a sensor by another appliance.

The GSM MAVEN can be deployed using VMware on Microsoft Windows, MacOS and Linux systems.

_images/GSM_MAVEN.png

GSM MAVEN

The GSM MAVEN comes with one virtual port used for management, scan and updates.

The GSM MAVEN has all the functions of the Medium and Large Enterprise Class except for the following:

  • Master mode: The GSM MAVEN cannot control other appliances as sensors.
  • Sensor mode: The GSM MAVEN cannot be controlled as a remote sensor by another appliances.
  • Alerts: The GSM MAVEN cannot send any alerts via SMTP, SNMP, syslog or HTTP.
  • VLANs: The GSM MAVEN does not support VLANs on the virtual port.

Note

The GSM MAVEN is optimized for the usage on a mobile computer. Features required for enterprise vulnerability management like schedules, alerts and remote scan engines are only available on the full featured appliances.

3.3. GSM CE

The GSM Community Edition (GSM CE) is a derivative of the GSM ONE for evaluation purposes. The GSM CE can be deployed using VirtualBox on Microsoft Windows, MacOS and Linux systems.

In contrast to the commercial version the GSM CE uses the OpenVAS Community Feed instead of the Greenbone Security Feed (GSF). While the commercial versions support seamless updates of the operating systems, new versions of the GSM CE are provided as ISO images requiring a new full installation. Further differences between the other GSM models and the GSM CE are explained on https://www.greenbone.net/en/community-edition/.

Note

The GSM CE is optimized for the usage on a mobile computer. Features required for enterprise vulnerability management like schedules, alerts and remote scan engines are only available on the full featured appliances.