Runecast – Software Defined Expertise – My take
This is blurb statement on Runecasts website over at https://www.runecast.biz/ but what does that actually mean, what’s the message? Runecast is a virtual appliance that hooks into your vSphere environment which then inspects it for issues pertaining to best practice compliance, security hardening and syslog analyses. Sounds simple right? Actually it is!
I will walk you through some of the information Runecast gleans for you and how it can help you in your environment.
I am not going to bore you with how to deploy an OVA file. There are plenty of blog posts already out there that cover this. It really is simple. More info can be found in the evaluators guide on this topic if required.
Once the appliance has been deployed there are a few simple steps to follow to get everything up and running
Step 1 – Add the vCenter servers
This is self explanatory. The evaluators guide lists the required permissions for Runecast to operate if you would like to use a locked down account for vCenter access
Note; you can add more than one vCenter server
Step 2 – Automatic Scheduler
You can schedule a time to allow Runecast to evaluate the environment or just leave it set to manual as I have done. Scheduling this will allow alerts to be triggered though automatically.
Step 3 – Alerting
Define the mail server and alert mail address here
Step 4 – Log Analysis
Now this part of the setup I really liked. You can give Runecast some credentials for vCenter server at it will go away and automatically configure selected hosts to point to its self as a Syslog server. This setting is normally buried in the advanced settings on a host and can take a while if you perform this step manually. Already have a Syslog host setup, no worries. Runecast will add its self as a secondary Syslog server.
Step 5 – User Profile
Its pretty easy to integrate Runecast into your AD infrastructure, just point to the domain and create a security group called runecast_admins. Any user account added to this group will be able to log into Runecast with their AD credentials.
Step 6 – Filters
If you wish you can define custom filters to search for specific items in your environment. My example below will search for VMs that have snapshots open against a particular cluster.
And that’s it for setup, assuming you also installed your license.
So what does that give us?
A whole heap of issues is what it would seem to give me at least. This is good though as it means I can show you some of the issues it has identified and where the value in the product lies.
As you can see I have few issues! All items below can be clicked on to provide further context. The view can be changed to a single vCenter if that is preferred.
This is a master list of issues. Each item can be expanded to provide further information and to show what elements in your environment are affected. The cool thing about this is that its linked to all the VMware KB articles for bugs or issues.
The vSphere environment is cross checked against a bunch of VMware best practices and details where improvements can be made.
Runecast appears to reference the details in the VMware Security Hardening Guides to quickly assess if the environment is locked as secure as it can be. In my testing some of the fail items need a bit of common sense applied. Things like promiscuous mode on a vSwitch may be required. Alerts can be set to be ignored though.
I mentioned it before, this is one of the features I really like. Feed the ESXi hosts and VM syslog’s into Runecast and it will identify repeat incidents and also pull up VMware KB docs that maybe pertinent to the issue.
spot increased occurrences in the logs and what the issue is
filter the results to easily identify what the syslog message is. This example was filtered on the keywords “Failed To”
I have not tried this and I doubt it is supported but the thought did crosss my mind that you maybe able to use Runecast as a syslog server for other devices. The instructions for pointing an ESXi host to itself are standard affair.
I was suitably impressed with the ease of deployment and the wealth of information provided about my environment and more importantly, how to resolve issues in my environment to help mitigate issues with security and potential show stoppers like a purple screen of death