Thank you Tyler and Fabio for your answers. We experimented with the Manager -> n Scanners architecture, and it actually works well (we launch physically distant scanners directly from one manager), as long as the right Scanner IPs are provided and proper certificates are loaded in the Scanner profiles through the web interface. We will remain vigilant regarding eventual performance issues.
Now we wonder, though, how the NVT/SCAP/CERT Feed updates are managed on each scanner; in other words, when we click the "Synchronize with Feed now" button, in the web interface, does the Manager remotely call a syncing action with feed on *each scanner* defined in the Configuration/Scanners page? And if so, how can we be sure each scanner has independently performed the sync successfully? Another solution would be to launch a sync in a script as a cron job on each scanner machine, but that would be useless if the "Synchronize with Feed now" button does it all... Anyone has further info on this? Thank you! Ben LeBlanc -----Message d'origine----- De : Tyler Sable [mailto:tsa...@epic.com] Envoyé : 19 août 2016 11:00 À : LeBlanc Benjamin-Hugo (EXT); openvas-discuss@wald.intevation.org Objet : RE: Managing many scanners instead of a master-slave Ben, I have built the master-scanner architecture, and it works. But, I have been disappointed in its performance. The scans run on the external scanner seem to take a lot longer than scans run on the same machine. I think the communication between the manager and scanner is probably too chatty for it master-scanner to perform well. Dr. Wagner recently recommended the master-slave relationship rather than the manager-scanner relationship. I believe the improved performance is the reason for using master-slave. -Tyler _______________________________________________ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
