Select Page

During the Hackathon at VMworld I had the pleasure to work with Runecast´s Ivaylo Ivanov on the same Team, who got me all fired up about the Runecast Analyzer.

Back home with some spare time on my hands, I thought I´ll give It a shot.

One thing I liked (and also a lot of German companies will like) straight away was, you can operate the Analyzer without any connection to the internet.

0. Requirements

OVA + Updates (or Internet Connection to the Appliance)

Required ports:

443, 5988, 5989 from Runecast appliance to vCenter and ESXi hosts
514 UDP port from ESXi hosts to Runecast Analyzer for log collection
443, 31415 to the Runecast Analyzer web interface
443 from Runecast appliance to NSX Manager
443 to the Runecast appliance from vCenter for the web client / vRealize Orchestrator plugin
443 to the Runecast appliance from any client using the Runecast API
443 from Runecast appliance to Connection Server

Supported Browser:

  • Chrome v68.0.3440.106 or newer
  • Firefox v50.0.2
  • MS Edge v38.14393.0.0 or newer

 

1.Deployment

The OVA is roughly 1GB, so pretty small and very straightforward to import. I´ll spare you with stating the obvious for every screenshot.

If you just use the configuration analysis, it will scale far beyond the maximums stated above. I’ve been told that 2000 Hosts per vCenter Instance per single Analyzer Appliance are no problem. And also keep in mind that you can add multiple vCenter instances per single Analyzer Appliance, so for example if you have 3 vCenters with each 1500 Hosts, you’ll end up with 4500 Hosts per Appliance.

 

2. Setup

Once deployed you’re able to log in via Browser with the default user rcuser and password Runecast! as documented in the User Guide, which is pretty neat by the way, not too much text and all the info you need.

So for all you folks out there clicking first and troubleshooting later, it’s a 15 Min read/invest 😉

For the sake of testing I went with the “Administrator@vsphere.local”, It was late and I was lazy and I´m going to hell for this one day.

What you want to do is create a new user just for your Analyzer with the following permissions at vCenter level:

Host > CIM > CIM interaction
Global > Settings
Host > Configuration > Firmware
Host > Configuration > Change settings
Host > Configuration > Advanced settings
Host > Configuration > Change settings
Host > Configuration > Security profile and firewall
Virtual Machine > Configuration > Advanced
Extension > Register extension
Extension > Update extension

You could get away with “read only” which is the minimum requirement, but you would miss out on device specific things as driver and firmware related issues.

select the scan schedule of choice and hit the start button and wait for the magic to happen.

 

3. Analyzer

3.1 Dashboard

The Dashboard is well structured and not overloaded, but not customizable (maybe a trail licence thing, I´ll follow up on that one). The “generate Report” button is a nice addition, it creates a very basic report. It’s basically a snapshot of the Dashboard with a top 50 issues list, which is nice, but not awesome.

 

3.2 Views

 

What I did like is the approach of the Inventory view, you can drill down from your vCenter structure…

 

…onto the issues onto the KB.

The “All Issues View” is an aggregate view of all the issues in one place.The remaining three views are listing the issues by their classification, so I´m not going to bore you with more screenshots.

 

4. Settings

The “Settings” sections lets you configure all the stuff you have previously configured + the “usual” stuff like AD integration, licences (@other Vendors, this is where licences belong), update, etc.

Now for the non standard stuff, you are able to select the compliance baseline against which the Analyser will check (i.e HIPAA, DISA STIG, …)

And last but not least the API Access Token that you have to create if you want the vCenter plugin to work. This can either be created as a “read only” or “full access” Token.

 

Add the FQDN of your Appliance and the previously generated access token to your vCenter and you’re good to go.

 

5. Conclusion

Love the Product and the simplicity of the integration. The Documentation is good, the Dashboards loaded fast (keep in mind, this is a Lab environment, there is not much going on).

I think it makes a great addition to any vSphere environment, and frees up valuable time checking changes on the Security Hardening Guide and Best Practices papers.

The per CPU socket Licensing Model looks reasonably priced, especially for smaller customers. I think this is great as you don’t have to buy one of these 6 CPU SMB (3×2) packs.

And last but not least I heard there will be like a centralised console/Appliance from where you can control/view multiple Analyzer Appliances.