Runecast Analyzer: Automate security configuration on-premises and in the cloud

• Author
• Recent Posts

Brandon Lee

Brandon Lee has been in the IT industry 15+ years and focuses on networking and virtualization. He contributes to the community through various blog posts and technical documentation primarily at Virtualizationhowto.com.

Latest posts by Brandon Lee (see all)

• What’s your ENow AppGov Score? Free Microsoft Entra ID app security assessment - Thu, Nov 30 2023
• Docker logs tail: Troubleshoot Docker containers with real-time logging - Wed, Sep 13 2023
• dsregcmd: Troubleshoot and manage Azure Active Directory (Microsoft Entra ID) joined devices - Thu, Aug 31 2023

The appliance takes the data, processes it, and scans your environments for problems based on the data contained in the best practices information. Using Runecast, you can perform quick scans of your environment and easily see any issues related to best practices or security compliance frameworks. After completing a scan, Runecast provides an easy, intuitive graphical interface to consume the scan results.

Supported environments

Runecast supports a wide variety of environments and solutions that can be scanned for best practices and security compliance. These environments cover most of what is used in the enterprise:

• AWS Cloud
• Microsoft Azure
• Kubernetes
• Pure Storage (on vSphere)
• SAP HANA (on vSphere)
• VMware Cloud on AWS
• VMware vSphere, vSAN, NSX-T, NSX-V, Horizon, Cloud Director

Key features

Key features of Runecast include the following:

• Issue prevention—Provides an automated, continuous check for configuration problems related to known issues, best practices, and security & compliance standards. When you align your environments with best practices and security recommendations, it helps stabilize the environment and ensure proper security for your business-critical data.
• Log Analytics—Runecast enables monitoring your ESXi host and VM log files. It does this continuously, which helps to narrow in on and rapidly solve issues. It also provides visibility into configuration drift.
• On-premises or cloud installation—Runecast provides flexible installation options, including on-premises in VMware vSphere environments, or the Azure public cloud.
• Security compliance—Continually monitor your security compliance as it aligns with BSI IT-Grundschutz, CIS CSC, Cyber Essentials, DISA STIG, Essential 8, GDPR, HIPAA, ISO 27001, NIST, PCI-DSS, VMware Security Configuration Guide, and others. You can also carry out customized checks for internally auditing your environment.

To view the complete list of new features and recent additions to the Runecast Analyzer solution, look at the official release notes here.

Installing Runecast Appliance

The Runecast Analyzer is an OVA appliance file that you can deploy in your VMware vSphere environment. ***Note*** You can now deploy Runecast in Microsoft Azure as well.

Once you have signed up for a free account with Runecast, you will be able to download the Runecast OVA appliance file for immediate deployment in your vSphere environment. The appliance has a modestly sized OVA of around 1.4 GB.

Downloading the OVA appliance file from the Runecast portal

The OVA deployment process is one of the great features of Runecast. It is self-contained, easy to stand up, and there is no "artisanal CLI kung fu" needed to set up the networking and other configuration of the appliance. Once deployed, you are ready to connect to the web interface and start adding your environments to Runecast for scanning.

Deploying the Runecast OVA appliance in VMware vSphere

Once you have the appliance deployed and powered on, it is simply a matter of browsing to the address you assigned during deployment in a web browser. Runecast will launch a Getting Started wizard that allows you to quickly connect the appliance to solutions in your environment and select which types of checks you want to enable. You can also make changes to this configuration at a later time under the Runecast settings.

Running the Getting Started wizard when first connecting to the Runecast appliance

Interface and dashboard

The Runecast interface and dashboard are intuitive and modern. Even if you have never used Runecast before, you will feel at home with the left-positioned menus and intuitive readouts. The interface, by default, contains several prebuilt views of your infrastructure that help you drill into the information you want to see quickly.

Runecast displays pertinent information in the Main Dashboard view, which shows the configuration issues by severity, relevant KB articles, best practice adoption, security compliance, vulnerabilities, and others. Here we are viewing a VMware vSphere environment after scanning with Runecast.

Viewing the Runecast dashboard

You can quickly drill into the issues on the Main Dashboard, as most of the items are clickable. Below, I have clicked into the Critical issues found in the environment. Another great feature is that it allows you to compare the results with previous results. This feature helps track configuration drift and any changes in best practices.

Clicking in on the critical issues found in the environment

Runecast does more than just display a listing of the findings in the environment. Each of these is expandable, and you can quickly view the details. When considering the details, you will see the relevant KB article hyperlinked for reference, the CVEs if applicable, synopsis of the issues, etc.

image6

Viewing the details of a critical finding

The issue may not affect all objects in the environment. Under the Findings tab, you can see which objects are affected. In this case, the affected object is a vSphere ESXi host.

Viewing which objects the issue applies to

Drilling into security compliance in your environments is easily achieved with Runecast. Each of the security compliance checks you have configured under your settings is displayed under the Security Compliance section on the left menu. These are clickable and display the relevant findings based on the specific security compliance standard you are following.

Viewing security compliance using Runecast

Hardware scans and upgrade simulations

For VMware vSphere environments, Runecast provides a valuable tool that allows organizations to consider a vSphere upgrade prior to running the upgrade. You can check hardware and the HCL list to determine if any known compatibility issues affect the hosts in the environment for a specific vSphere release. You can run what Runecast calls an upgrade simulation to flush out problems you may encounter during an upgrade.

Running the upgrade simulation in Runecast Analyzer

In addition to providing an upgrade simulation for vSphere, Runecast can collect logs from ESXi hosts and provide log analysis for additional troubleshooting.

AWS, Azure, and Kubernetes

Even though I have keyed in on VMware vSphere above, Runecast has strong hybrid cloud features. It supports scans for Amazon AWS and Microsoft Azure environments, the two most popular cloud environments used today. As you can see below, you can simply add these environments under the appliance settings. Businesses engineering modern applications with Kubernetes will also greatly benefit from Runecast Kubernetes scans.

Runecast supports AWS and Azure scans

Wrapping up

Runecast Analyzer saves IT admins countless hours of time and effort to implement best security practices across their hybrid cloud landscapes. In addition, it provides tangible benefits to organizations looking to meet compliance objectives across many different environments and solutions. Having the visibility that Runecast provides in a single-pane-of-glass interface is powerful, and quite frankly, is functionality you won't find in another product on the market today.