2. GSM Overview
The Greenbone Security Manager is a dedicated appliance for vulnerability scanning and vulnerability management.
It is a specifically developed platform optimized for vulnerability management.
It is offered in different performance levels.
2.1. Enterprise class (GSM 5300/6400)
The GSM 5300 and GSM 6400 are designed for the operation in large companies and agencies.
The GSM 6400 can control sensors in up to 50 security zones and is recommended for up to 50,000 monitored IP addresses.
The GSM 5300 can control sensors in up to 30 security zones and is recommended for up to 30,000 monitored IP addresses.
The appliances themselves can be controlled as a slave sensor by another master.
The appliances in the enterprise class come in a 2U 19” chassis for easy integration into the data center.
For easy installation and monitoring they are equipped with a two line, 16 characters per line LCD display.
For uninterruptable operation they have redundant, hot swappable power supplies, hard drives and fans.
For management of the appliance, in addition to an out-of-band management Ethernet port, a serial port is available.
The serial port is setup as a Cisco compatible console port.
To connect to the monitored systems both appliances can be equipped with three modules.
The following modules can be used in any order:
- 8 Port Gigabit Ethernet 10/100/1000 Base-TX (copper)
- 8 Port Gigabit Ethernet SFP (small-form factor-pluggable)
- 2 Port 10-Gigabit Ethernet XFP
Up to 256 VLANs can be configured and managed per port.
2.2. Midrange class (GSM 400/600/650)
The GSM 400, GSM 600 and GSM 650 are designed for mid-sized companies and agencies as well as larger branch offices.
The GSM 650 can control sensors in up to 12 security zones and is recommended for up to 10,000 monitored IP addresses.
The GSM 600 can also control sensors in up to 12 security zones and is recommended for up to 6,000 monitored IP addresses.
The GSM 400 can control 2 sensors and is recommended for up to 2,000 monitored IP addresses.
The appliances themselves can be controlled as a slave sensor by another master.
Aside from the current GSM 400, GSM 600 and GSM 650 appliances, Greenbone is still fully supporting the older appliances in this class.
The GSM 500, GSM 510 and GSM 550 appliances were replaced by more up to date hardware in 2014.
The appliances in the midrange class come in a 1U 19” chassis for easy integration into the data center.
For easy installation and monitoring they are equipped with a two line, 16 characters per line LCD display.
For uninterruptable operation the appliances come with redundant fans.
However, hot-swapping during operation is not possible.
For management of the appliance, in addition to a management Ethernet port, a serial port is available.
The serial port is setup as a Cisco compatible console port.
To connect to the monitored systems both appliances are equipped with eight ports in total, which are pre-configured and set up as follows:
- 6 Port Gigabit Ethernet 10/100/1000 Base-TX (copper)
- 2 Port Gigabit Ethernet SFP (small-form factor-pluggable)
A modular configuration of the ports is not possible.
Up to 128 VLANs can be configured and managed per port.
One of these ports is also used as management port.
2.3. SME class (GSM 100)
The GSM 100 is designed for smaller companies and agencies as well as branches.
The GSM 100 is recommended for the monitoring of up to 100 IP addresses.
Controlling sensors in other security zones is not considered.
However, the GSM 100 itself can be controlled as a slave-sensor by another master.
The appliance comes as 1U steel chassis.
For easy integration into the data center an optional rack kit can be used.
The appliance does not come with a display.
For management of the appliance, in addition to a management Ethernet port, a serial port is available.
The serial port is setup as a Cisco compatible console port.
To connect to the monitored systems the appliance comes with four 10/100/1000 Gigabit Ethernet Ports (RJ45) in total.
These ports support up to 64 VLANs.
One of these ports is also used as management port.
2.4. Sensors (GSM 25/25V)
The GSM 25 is designed as sensor for smaller companies and agencies as well as branches.
The GSM 25 is recommended for up to 300 monitored IP addresses and requires the control of an additional appliance in master mode.
The GSM of the midrange an enterprise class (GSM 500 and up) can be utilized as controllers for the GSM 25/25V.
The GSM 25 appliance comes as a 1U steel chassis.
For easy integration into the data center an optional rack kit can be used.
The appliance does not come with a display.
For management of the appliance, in addition to a management Ethernet port, a serial port is available.
The serial port is setup as a Cisco compatible console port.
To connect to the monitored systems the appliance comes with four 10/100/1000 Gigabit Ethernet Ports (RJ45) in total.
These ports support up to 64 VLANs.
One of these ports is also used as management port.
The GSM 25V is a virtual Appliance and provides a simple and cost effective option to monitor virtual infrastructures.
In contrast to the GSM 25 the virtual version only comes with one virtual port for management, scanning and updates.
However, the virtual port does support 64 VLANs as well.
2.5. GSM ONE
The GSM ONE is designed for specific requirements such as audit using a laptop or educational purposes.
The GSM ONE is recommended for up to 300 monitored IP addresses and can neither control other sensors nor be controlled as a sensor by a larger appliance.
The GSM ONE only comes with one virtual port that is used for management, scan and updates.
This port does not support the use of VLANs.
The GSM ONE has all the functions of the larger systems except for the following:
- Master Mode: the GSM ONE cannot control other appliances as sensors.
- Slave Mode: the GSM ONE cannot be controlled as a slave sensor by other master-mode appliances.
- Alerts: the GSM ONE cannot send any alerts via SMTP, SNMP, syslog or HTTP.
- VLANs: the GSM ONE does not support VLANs on the virtual port.
