Subscription Object Management Service (SOAM) – Enhancement 

As part of our commitment to delivering cutting-edge solutions for Qualys customers facing complex challenges in VMDR, we proudly announce significant product innovations. At Qualys, we are transitioning from a monolithic code base to a robust microservices architecture, enabling us to enhance our capabilities and responsiveness. At Qualys, we are moving away from the monolithic code base and have introduced multiple microservice architectures. 

These microservices result in significant performance enhancements for the end users and benefit the Qualys engineering teams by allowing them to adopt microservice-dedicated releases without impacting the rest of the platform. 

Scan Management Challenges for Sub-Users: 

One key capability of the Qualys Cloud Platform is scanning all the infrastructure hosts within the customer network. The Scan Listing Tab in the Qualys VMDR takes longer to load for sub-users (non-manager users) based on the Asset Group/assets assigned to the respective users. For such operations, based on the scope of assets/asset group, the scans tab will perform a backend operation to filter and load the limited set of scans within their designated scope for the users.  

With the earlier monolithic approach, based on the user scope changes, the service used to retrieve the relevant scan results for the historical scans and the upcoming coming scans on the Scan List page every time and repetitively conducted this user scope determination process, which resulted in delays while fetching the appropriate list of scans based on the sub-user scope. 

Subscription Object Management Service 

As part of these ongoing improvements, the Subscription Object Management Service (SOAM) is another new microservice. The SOAM services focus on a forward-looking approach; with the dedicated microservice we have observed a significant improvement for sub-users accessing the Scan Listing Tab in the Qualys VMDR.  

What is changing in the SOAM Service? 

The SOAM service determines the scope of the sub-user based on the 

 newly launched or scheduled scans instead of the historical scans. Since the scope of the sub-user is defined based on the new scans, so now the sub-user can view the historical scans launched in the past but cannot view the scan results 

Let us take an example to understand this better 

Take a quick example of Before & After SOAM Service to understand the use cases better. 

Before SOAM Service:  

With the monolithic service, the sub-users with limited access to Asset/Asset Group – (10.10.10.1, 10.10.10.2), Manager/Unit-Manager modified the scope changes by extending additional assets/asset groups: 10.10.10.30, 10.10.10.35 

The sub-user will see all historical scans of assets -10.10.10.30, 10.10.10.35, considering all 4 assets are in the scope. 
This caused a delay in reviewing the scope for past historical scans and the future. 

After SOAM Service:  

Based on the scope changes for the sub-users with the SOAM Service, the historical scans for the IP addresses 10.10.10.1 and 10.10.10.2 will be listed as part of the earlier scope. The historical scans will not be available for the newly added scope of assets (10.10.10.30, 10.10.10.35). The user can see only the upcoming scans for these assets. 

Let us take another example to understand the impact on an asset for which the scope is removed for an IP address – 10.10.10.30. The historical scan will be available for 10.10.10.30, but the scan result will not be shown since the IP has been removed from the scope. 

Frequently Asked Questions 

Q1. When can we expect SOAM Service? 

 A. The SOAM Service will be activated for all VM/VMDR customers, with the prerequisite of AGMS – Asset Group Management Service enabled subscriptions. 

The SOAM Service will be deployed across all Shared Cloud Platforms by the 2^nd week of February. 

Q2. Does SOAM Service have any limitations? 

A. SOAM Service is not supported for the Native IPv6; this is planned for the future. 

Q3. Does this change impact sub-users and unit managers? 

A. This change is limited to sub-users and unit-manager. This doesn’t impact the Manager User. 

Q4. Are there any microservice dependencies to activate SOAM Service? 

A. SOAM Service will be activated for subscriptions enabled with  

1) Asset Group Management Service (AGMS)  

2) Only for subscriptions with VMDR Or VM. 

Q5. What are the upcoming Microservices to expect? 

A. VMRS (Vulnerability Management Reporting Service) is a new service for managing vulnerability reports. With growing customers, agents, and scanners across our platform, we are moving towards an independent service based on the latest technologies that can more easily scale with increased demand. This service significantly improves VM reporting performance for existing customers.