In part 1 of our Runecast review we took a look at just how quickly we can get Runecast installed and configured within our environment. We had a brief look at the Runecast dashboard which highlights any misconfigurations, un-applied Knowledge base articles, or non-compliant security settings. We saw that within just a few minutes we were reporting on all this information from within our environment, and comparing that to up-to-date lists of best practices and hardening guidelines. With KB’s, Best Practices, and Hardening Guidelines being at the heart of Runecast it’s best we take a more in-depth look at how we report on, manage, and resolve them within our environment. That is exactly what this final part of the review will focus on.
So with all that said let’s start diving deeper into our test environment to see if we can solve any problems! As we can see above, I currently have 38 issues that were already detected within my small little lab setup here, broken down into 5 critical, 19 major, and 14 medium. Clicking on either severity item within the dashboard display will take us directly to a filtered view of our issues list, or we can view all issues by selecting Issues List along the left hand navigational menu.
By default, our issues appear rolled up – to get more information in regards the Knowledge Base Article, Best Practice or Security setting we can click the ‘+’ icon next to our issue as shown above. As we can see here Runecast is reporting that we don’t have NTP configured on our ESXi host, falling under the Best Practice category. Certainly time is an important thing in the world of computing so I can see why they would flag this as a critical issue. We can also see after expanding the issue that we have a lot of other information available to us – a more descriptive issue of the problem, as well as ratings, impact, and a link to any reference material/knowledge base article, or security hardening guide to further explain or describe the issue and how to fix it. This is very handy to have. Right from within Runecast we can discover our issues and immediately jump into a document, user guide, or KB article outlining the problems and resolutions.
The ‘Findings’ tab within the expanded issue allows us to view the inventory objects within our environment that the issue applies to – in this case, both of our ESXi hosts. I should note here that we do not need to first click on an issue to view it’s associated objects – we can do this in the reverse direction as well by using the Inventory item on the left hand navigation – Inventory essentially gets us to the same place, but allows us to browse through our vCenter inventory, selecting a host, cluster, datastore, vm, etc and displaying just its’ associated issues. Either way we get to the same information though, just a couple of routes to get there.
Another useful tab on this screen is the ‘Note’ tab. As shown below we are able to input any notes or information that applies to this issue (or KB/Security setting for that matter) that we want. This can be extremely useful if we have multiple people working within the Runecast environment, or even just for documentation for yourself as to why you are making or not making a certain configuration change.
In order to clear issues within Runecast we have a couple of options – firstly, and probably the most preferred method is to simply fix your issue – I’ve since setup NTP on my hosts and no longer see this issue being reported. That said, as mentioned above their may be times when we have an issue present for a certain reason, especially dealing with the best practices category like the forged transmits setting above. For this, we can simply click the ‘Ignore’ link next to an issue, create an object filter as shown below, by giving it a name and selecting the objects it applies to.
After applying the filter the issue in question will no longer be reported in Runecast. We can edit or remove this filter at any time by selecting the ‘Filter’ tab from within Runecast’s settings in order to reset anything we may want to.
From within the ‘Configuration Analysis’ section we are able to to view our issues in a different fashion.
First up KBs discovered will show us all of the KBs that have been discovered that apply to our environment. It does this by parsing the VMware Knowledge Base and pulling down only those KBs which apply to the hardware and software versions we have running within our virtual infrastructure. As we can see below we still have the same options as we did within the Issue List screen – we have our link out to the actual VMware KB article, the article is also embedded into Runecast, and we can add notes and choose to ‘Ignore’ certain KBs that may not apply.
The ‘Best Practices’ and ‘Security Hardening’ take somewhat of a different approach as to how they are displayed. Since best practices and security settings are actual configurations that we can choose to make in our environment they are displayed in a simple Pass/Fail fashion – passing if we meet the criteria of the practice or security setting, and fail if we do not. This gives us the ability to quickly see thing such as “How many major items from the security guideline have we implemented” or “Have we applied all of the ‘critical’ best practices to our environment.
As we can see above we are getting a pass on our NTP settings, as we have already tackled them from the Issues screen. We are however receiving a fail in terms of Remote TSM, which is essentially having SSH enabled on our hosts. In my environments this is a known configuration setting, so I would most likely chose to create a filter to ignore this security setting.
The last section of Runecast I want to go over is the Log Analysis section. Within here we can see that we have another couple of screens we can access – KBs Discovered and Verbose dashboards. The KBs discovered section here deals solely with those KBs that specify certain patterns which are visible in the logs, such as with KB 2144934, where you can see below the “you see entries similar too…”
Nobody likes searching through log files – it’s a long and tedious task. In this situation, since we are already shipping our logs to Runecast why not let the analyzer go ahead and comb them for you. If it finds a pattern that applies to any specific KB article, it will be flagged here. This allows us to be quite pro-active in nature – alerting us of a KB issue that we may not even know we have.
As far as ‘Verbose Dashboards’ goes this allows us quickly get a grasp on all of the events occurring within our log files. Again, the task of combing through log files and greping out certain items such as SCSI Aborts on the command line can be daunting, not to mention very time consuming. Here, as shown below, we can do this directly from within the Runecast UI.
As you can see we have a lot of options to filter out the events within logs to get just the data we are looking for. For instance we can define we only want to see those logs entries flagged as an error and applying only to a certain ESX host. We can also define a time period of logs to parse – from predefined settings of the last 1/3/7/30 days to a custom period set up by us if we needed to audit a certain event at a certain time. This is a very useful feature to have within the UI. Since Runecast already has the log data in order to determine issues, why not give us a screen in order to analyze the raw data. I can see this being super useful in terms of things such as searching for certain logins during a specific time period – something that isn’t easy to do sitting within the cli of an ESXi hosts.
Runecast really has a very nice product here and brings a lot of information out of our environment and puts it front and center in a very easy, simple, UI. It’s so easy to setup as well – Simply deploy the ova, point it to our vCenter and right away we know how our environment stacks up in terms of best practices and security guidelines – as well as we have discovered any potential issues we may have, with all of the information on how to fix them. All of this, in about 5 minutes. Think about the flip-side of this, downloading best practices and the hardening guide and going through each line item one by one, looking up build numbers and then searching through mountains of VMware KB’s – not something I want to do. While other products providing some similar functionality such as vROPs and Log Insight may bring us more metrics, Runecast instead displays only what we need to see to properly troubleshoot our environment, keeping the UI clean and crisp and easy to use – aside from that, when compared to vROPs, Runecast doesn’t come with the install footprint, nor the price tag, and as far as I know is the only product on the market which parses and filters out VMware KBs for us. As far as development goes Runecast isn’t holding back, with a beta version set to be released soon we can see features such as multitenancy being added to the product – as well as a few more undisclosed features set to be released in Q1/Q2 of this year. Runecast comes with a fully featured, free 30 day trial but honestly the product gives you valuable information in the first 15 minutes – so 30 days is more than long enough to get your environment up to snuff. That said, in order to keep your environment running at it’s peak performance you will want to consult Runecast often as we all know how fast Best Practices and Security guidelines can change in our industry. Runecast automatically adjusts to these changes – ensuring your environment is ALWAYS compliant. The amount of time Runecast saves you is instantly recognized, and the fact that they are constantly connected to the VMware knowledge base and hardening guides means you are always “in the know” about how your environment is configured according the “preferred” way – even if your environment changes, or the “preferred” way changes! If you want to try out Runecast and what it has to offer for yourself you can do so by signing up for their 30 day trial! I guarantee you will find something in need of some attention in your environment!
