Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Options for Moving the Vulnerability Processor in Your JSA Vulnerability Manager Deployment

 

If required, you can move the vulnerability processor from your JSA console to a dedicated JSA Vulnerability Manager managed host appliance.

For example, you might move your vulnerability processing capability to a managed host to minimize disk space impact on your JSA console.

Note

You can have only one vulnerability processor in your deployment. Also, you must deploy the vulnerability processor only on a JSA console or JSA Vulnerability Manager managed host processor appliance.

To move the vulnerability processor, choose one of the following options:

Option 1: Deploy a Dedicated JSA Vulnerability Manager Processor Appliance

To deploy a processor appliance you must complete the followings tasks:

  1. Install a dedicated JSA Vulnerability Manager processor appliance.

  2. Add the managed host processor appliance to your JSA console by using the System and License Management tool on the Admin tab.

    When you select the managed host option, the processor is automatically removed from the JSA console.

Option 2: Move the Vulnerability Processor from Your Console to Your Managed Host

If the vulnerability processor is on your JSA console, then later you can move your vulnerability processor to a previously installed JSA Vulnerability Manager managed host processor appliance.

At any time, you can move the vulnerability processor back to your JSA console.

Deploying a Dedicated JSA Vulnerability Manager Processor Appliance

You can deploy a dedicated JSA Vulnerability Manager processor appliance as a managed host.

When you deploy your vulnerability processor to a managed host, all vulnerabilities are processed on the managed host.

Note

After you deploy processing to a dedicated JSA Vulnerability Manager managed host, any scan profiles or scan results that are associated with a JSA console processor are not displayed. You can continue to search and view vulnerability data on the Manage Vulnerabilities pages.

Ensure that a dedicated JSA Vulnerability Manager managed host is installed and a valid processor appliance activation key is applied. For more information, see the Juniper Secure Analytics Installation Guide for your product.

  1. Log in to JSA console as an administrator:

    https://IP_Address_JSA

    The default user name is admin. The password is the password of the root user account that was entered during the installation.

  2. On the navigation menu, click Admin.
  3. In the System Configuration pane, click System and License Management.
  4. From the host table, click the JSA console host, and click Deployment Actions >Add Host.
  5. Enter the IP address and password for the host.
  6. To create an SSH tunnel on port 22, select Encrypt Host Connections.
  7. To enable encryption compression for communications with a host, select Encryption Compression.
  8. To enable NAT for a managed host, select Network Address Translation and add the following information:

    Table 1: NAT Configuration

    Field

    Description

    NAT Group

    If the managed host is on the same subnet as the JSA console, select the JSA console that is on the NATed network.

    If the managed host is not on the same subnet as the JSA console, select the managed host that is on NATed network.

    Public IP

    The managed host uses this IP address to communicate with other managed hosts in different networks that use NAT.

    The NATed network must use static NAT.

  9. Click Add.Note

    Don't close the window until the process for adding the host completes.

  10. Close the System and License Management window.
  11. On the Admin tab toolbar, click Advanced >Deploy Full Configuration.
  12. Click OK.

Moving Your Vulnerability Processor to a Managed Host or Console

If required, you can move your vulnerability processor between a JSA Vulnerability Manager managed host appliance and your JSA console.

Ensure that a dedicated JSA Vulnerability Manager managed host is installed and a valid processor appliance activation key is applied.

  1. On the navigation menu, click Admin.
  2. Click System and License Management > Deployment Actions > Manage Vulnerability Deployment.
  3. Click Enable Processor.
  4. Select the managed host or console from the Processor list.

    If your processor is on the managed host, you can select only the JSA console.

  5. Click Save.
  6. On the Admin tab toolbar, select Advanced >Deploy Full Configuration.
  7. Click OK.

    After you change your vulnerability processor deployment, you must wait for your deployment to fully configure. In the Scan Profiles page, the following message is displayed: : JSA Vulnerability Manager is in the process of being deployed.

Verifying That a Vulnerability Processor is Deployed

In JSA Vulnerability Manager, you can verify that your vulnerability processor is deployed on a JSA console or JSA Vulnerability Manager managed host.

  1. Log in to the JSA console.
  2. On the navigation menu, click Admin.
  3. Click System and License Management > Deployment Actions > Manage Vulnerability Deployment.
  4. Verify that the processor is displayed on Processor list.

Removing a Vulnerability Processor from Your Console or Managed Host

If required, you can remove the vulnerability processor from a JSA console or JSA Vulnerability Manager managed host.

  1. Log in to the JSA console.
  2. On the navigation menu, click Admin.
  3. Click System and License Management > Deployment Actions > Vulnerability Deployment Management.
  4. Click the Enable Processor check box to deselect it.
  5. Click Remove.
  6. Click Save.
  7. Close the System and License Management window.
  8. On the Admin tab toolbar, select Advanced >Deploy Full Configuration.
  9. Click OK.