nmap – Fundamental pieces to remotely scan a network

What are the fundamental technological pieces to remotely scan a network, such as with Nessus.

Goal: Do risk assessments as a service for small businesses. Thus I’d run tools like Nessus and Nmap and deliver a report with recommendations. I would like to set up a POC first, possibly on my own cloud network, then do a friend’s business, and work my way through it. But I’m missing the important aspect of network access.

Does the business have to open their firewall for my IP? Is it a VPN by which I access the network? Do they have to make me an admin?