Runecast product review


Runecast – Software Defined Expertise – My take

This is blurb statement on Runecasts website over at https://www.runecast.biz/ but what does that actually mean, what’s the message? Runecast is a virtual appliance that hooks into your vSphere environment which then inspects it for issues pertaining to best practice compliance, security hardening and syslog analyses. Sounds simple right? Actually it is!

I will walk you through some of the information Runecast gleans for you and how it can help you in your environment.

Setup

I am not going to bore you with how to deploy an OVA file. There are plenty of blog posts already out there that cover this. It really is simple. More info can be found in the evaluators guide on this topic if required.

Once the appliance has been deployed there are a few simple steps to follow to get everything up and running

Step 1 – Add the vCenter servers

This is self explanatory. The evaluators guide lists the required permissions for Runecast to operate if you would like to use a locked down account for vCenter access

Note; you can add more than one vCenter server

runecast02

Step 2 – Automatic Scheduler

You can schedule a time to allow Runecast to evaluate the environment or just leave it set  to manual as I have done. Scheduling this will allow alerts to be triggered though automatically.

runecast03

Step 3 – Alerting

Define the mail server and alert mail address here

runecast04

Step 4 – Log Analysis

Now this part of the setup I really liked. You can give Runecast some credentials for vCenter server at it will go away and automatically configure selected hosts to point to its self as a Syslog server. This setting is normally buried in the advanced settings on a host and can take a while if you perform this step manually. Already have a Syslog host setup, no worries. Runecast will add its self as a secondary Syslog server.

runecast05

Step 5 – User Profile

Its pretty easy to integrate Runecast into your AD infrastructure, just point to the domain and create a security group called runecast_admins. Any user account added to this group will be able to log into Runecast with their AD credentials.

runecast07

Step 6 – Filters

If you wish you can define custom filters to search for specific items in your environment. My example below will search for VMs that have snapshots open against a particular cluster.

runecast08

And that’s it for setup, assuming you also installed your license.

So what does that give us?

Runecast

A whole heap of issues is what it would seem to give me at least. This is good though as it means I can show you some of the issues it has identified and where the value in the product lies.

Dashboard

As you can see I have few issues! All items below can be clicked on to provide further context. The view can be changed to a single vCenter if that is preferred.

Issue List

This is a master list of issues. Each item can be expanded to provide further information and to show what elements in your environment are affected. The cool thing about this is that its linked to all the VMware KB articles for bugs or issues.

runecast09

runecast16

Best practices

The vSphere environment is cross checked against a bunch of VMware best practices and details where improvements can be made.

runecast10

Security Hardening

Runecast appears to reference the details in the VMware Security Hardening Guides to quickly assess if the environment is locked as secure as it can be. In my testing some of the fail items need a bit of common sense applied. Things like promiscuous mode on a vSwitch may be required. Alerts can be set to be ignored though.

runecast11

Log Analysis

I mentioned it before, this is one of the features I really like. Feed the ESXi hosts and VM syslog’s into Runecast and it will identify repeat incidents and also pull up VMware KB docs that maybe pertinent to the issue.

runecast12

spot increased occurrences in the logs and what the issue is

runecast13

filter the results to easily identify what the syslog message is. This example was filtered on the keywords “Failed To”

runecast14

I have not tried this and I doubt it is supported but the thought did crosss my mind that you maybe able to use Runecast as a syslog server for other devices. The instructions for pointing an ESXi host to itself are standard affair.

runecast15

Conclusion

I was suitably impressed with the ease of deployment and the wealth of information provided about my environment and more importantly, how to resolve issues in my environment to help mitigate issues with security and potential show stoppers like a purple screen of death

Ian

Leave a comment

Your email address will not be published. Required fields are marked *