After a while, I am back to the reviews of the Runecast Analyzer product. In this Runecast Analyzer v4.3.2 detailed review will check what is new and review all the new features and talk about a little bit about each feature and show how to use it.
As a partner of this blog, I have written about Runecast here in my blog and explain what is Runecast Analyzer and where administrators can use this product.
Runecast Analyzer brings issue-prevention solutions to your business. Runecast minimizes the impact complex systems can have by giving you the power to prevent issues others have experienced.
With Runecast, you can not only monitor but also scan your VMware vSphere, vSAN, Horizon, NSX + AWS IAM/EC2/VPC/S3 to detect and fix any problem in the environment (bugs, security or configuration).
Runecast Analyzer as grows a lot since my latest review. A lot of excellent improvements and added very useful features and support for different systems and environments.
One Runecast Analyzer slogan is; built by admins for admins. And this is entirely true an,d you prove that when you use the product.
In this blog post, I will not explain how to install Runecast Analyzer since I have already written about this for previous versions, and the process is the same, and install the OVA Appliance is very straightforward.
Some Runecast Analyzer options and where we can use.
First, let me show a new feature added in the latest versions, that was not in my previous analyzes on Runecast Analyzer.
Enterprise Console Dashboard
With this option, you can add several Runecast Analyzer that you may have in your environment and manage them all in one Dashboard.
First, enable EC Dashboard. Go to Settings and in the Enterprise Console tab, enable Enterprise Console.
Next, you have a new option in the main menu, called EC Dashboard.
Here you can see all the Runecast Analyzers and also add more if you want them to be scanned all at the same time.
Also, a good view now is the Inventory View with all objects, and you can see the issues per object.
When selecting the object you get the issues that are displayed for that object.
All Issues View
In the next image is just an example for all the products that you can analyze with Runecast Analyzer and scan all the issues (configuration and security) in your Environment.
Config KBs Discovered.
We have talked about this option and the KB list in previous articles. Runecast Analyzer will check all your issues and check them with any VMware Knowledgebase to provide the solution to the issue or a security issue.
Clicking in the issue (in this case was security) you can check the details and what VMware KB is referent to.
If you want to know which objects have this issue (in this case witch ESXi hosts).
Next, an example from a couple of Windows VMs that have old VMware Tools and are no Protected for VMware Tools Shared Folders out-of-bounds read vulnerability. This is a security issue reported in VMSA-2018-0017.
Best Practices for your vCenter / vSphere.
Runecast Analyzer will list all the best Practices that are in VMware guidelines and check if they are set in your environment. As we can see in the next image, some are green(implemented) and some are red (not implemented).
In the next example, we see one Best Practice that is not to mix different ESXi host with different Memory in the same Cluster. In this next example, there is one server that has less memory.
The next one was a surprise for me, I had an ESXi with NTP wrongly configured. When our Best Practices (and VMware) states all ESXi installations need to have NTP Start/Stop with the host and was one that was not.
So even for this blog post, I did some scans in my Homelab and also in a real-life Production environment, and we can discover issues and wrong configurations that we are not aware of.
One last example for vSAN.
This one is very useful to have a good vSAN environment. Not only secure but also with the Best Practices so that you have a more stable and secure vSAN.
As you can see in the next example, 3 Best Practices are not implemented (this is a production environment).
The most significant updates that Runecast added (or improved) to their product since my last review are:
Note: Available since version v4.0
How to enable AWS connection in Runecast Analyzer.
In the Settings and Connections tab, go to the AWS section.
Enter your AWS account credentials and save to connect.
Note: Since my AWS doesn’t have enough information to use as an example of how Runecast analyzer can analyze your AWS environment, I will post some images from the Runecast Online Demo.
After you connect to your AWS you can see the Runecast Analyzer AWS Dashboard. In the Dashboard like in VMware or other Runecast product Dashboard, you can see all the information after the analysis.
You can check the Best Practices and you set the list by AWS Product.
For the costumers that use AWS, this is a very good tool to check all the Best Practices on their AWS configurations. But also issues that can be found in the AWS configurations. and most import, security regulations, and configurations.
The Payment Card Industry Data Security Standard PCI-DSS and also CIS are security standards that need to be compliant by companies in certain areas. For payments and use of credit cards.
“Many security standards run concurrently, so organizations need to know they are fully compliant with CIS as well as, for example, PCI DSS or HIPAA. With Runecast, they can cover any gaps – compliance and security checks for the multiple standards out there – and it’s all automated, done by a single solution, on-prem for maximum security,” said Runecast CTO Aylin Sali.
Runecast Analyzer will check your environment and make sure is compliance with the PCI-DSS regulations and standards.
To enable Security Compliance Profile g to Settings and Knowledge Profiles and enable the profile that you need for your environment (VMware Guidelines is enabled by default).
This is an example:
In Security Compliance select PCI-DSS and you get all the configurations found that are not compliant with the PCI-DSS regulations.
This is one of the best features that Runecast Analyzer for its costumers. Particularly the ones that need their security standards to be always 100% set by the regulations.
Note: Available since version v4.2
Even SAP HANA is in the market for a while, after SAP and VMware added to their portfolio. with SAP supporting using SAP HANA in VMware and also AWS, was when companies, like backup companies, started to look at this product and adapt their products to support also SAP HANA. Runecast supporting mainly VMware environment (also AWS) could not dismiss this and Runecast added SAP HANA support to their product.
Unfortunately, I don’t have any SAP HANA environment to test this feature from the feature. So I cannot show how it works in a production environment and what type of information we can get.
But you can check that in the Runecast online demo.
Not only for SAP HANA but test for all products that Runecast Analyzer can support.
Hardware Compatibility (VMware HCL)
In this option, we can check in all our environments if the hardware is supported and compatibly with VMware Hardware Compatibility List (HCL).
Runecast Analyzer will inform and highlight all the hardware that is not compatible with that version we are using.
vSAN VMware HCL incompatibilities
In the next example, we see that all devices for the vSAN are green. So no problems with the devices (like ESXi version, RAID Controller, Disks, etc.).
But as we can check in the above image, I/O Devices have a Red Flag.
Since this an HPE Blade, all blade servers have the same issue since all share the same HPE FlexFabric.
The problem here is the Driver and firmware that is installed for this Interface is not supported for this ESXi /vSAN version.
So after we check that there is a device that is not supported we can check the VMware HCL page and we will have all the information about the device and versions that are supported for each ESXi/vSAN version.
Click in the upper right icon HCL online and the HCL page will open. And now you can check which version you need to install and what witch one driver is supported for witch version.
This is very nice and very useful information. Particularly if you have a huge environment and you cannot track all your ESXi or vSAN implementations. In this case I was not aware of this wrong firmware and the driver was installed. So it is now on the list for the next maintenance to be fixed.
Another example for vSAN in this case in a nested environment Runecast Analyzer knows that the virtual controller is something that is not supported in HCL.
This is a nested vSAN environment and more devices are supported, but this example is just to show how Runecast Analyzer is the best tool to find your incompatible devices.
Note: In another article, I show how to disable this warning about vSAN nested controller.
vSphere VMware HCL incompatibilities
In this case, we have a server HPE DL360-G8 installed with vSphere 6.7. and this server is not supported for 6.7. Here we can check that Runecast Analyzer discovers this server and flagged with warning Red Flag.
As we can see in the next image, the ESXi release list shows where this server is supported.
The server is already in the list for decommissioning, but until then it works with vSphere 6.7 😉
Here is another example on my homelab but with an HP DL360-G7. As we know that is not supported to work with vSphere 6.7, but in my homelab all my G7 have 6.7 installed, and Runecast Analyzer flag that.
Also, my Intel network interfaces are not supported for this version, but I was able to put them to work. But all were flagged that are not in the VMware HCL and you should not be used in production.
Honestly, for me, this feature is one of the best that Runecast Analyzer has. Because we can check all our environment and check if all ESXi/vSAN versions are compatible with the hardware we are using. Or if we have the right drivers installed.
Again, if you have a huge environment, this is very useful. You can scan all your environment and find any unsupported driver or hardware and fixed.
Important Note: All analysis is done locally on-prem, with no sensitive data sent beyond the organization’s walls.
I don’t want to finish this article Runecast Analyzer v4.3.2 detailed review without mention a nice attitude in these dark times that we all living in because of OVID-19 from Runecast by offering Free full Runecast Analyzer license for Hospitals and Universities.
This is a very nice attitude. Because all tools that every one that is fighting this pandemic, or tries to find a cure, are welcome. Even is a
If you are a Hospital or a University and need a tool like Runecast Analyzer to analyze your environment and have a more secure and reliable system to do better work, just check the above link, or contact Runecast by email at email@example.com or firstname.lastname@example.org to request a free license for your healthcare organization.
Runecast Analyser continues to improve the product and is getting better and better. By using Runecast Analyzer we are doing proactive analysis and proactive work. These tasks and steps provide a create a safer environment.
Using Runecast Analyzer will save a lot of time for your IT department by reducing troubleshooting time. To find and correct issues, optimizing, and build secure environments.
I have said this in my previous reviews of Runecast Analyzer, the tool should have read-write permission to apply the changes and fix that was discovered. This a better improvement of the tool and provide an extra feature that will help admins to fix quickly their issues(configuration or security).
Runecast Analyzer now provides (since March 2019) a vRO Plugin to install in your vRO you have a Plugin do some of these tasks. Since this blog post is already to long, I will not review that in this blog post. I will write soon an article on how to use vRO and vCenter Runecast Analyzer plugin.
Try Runecast Analyzer with Analyzer-online-demo.
Runecast is scheduling many VMUGs online meetings and Webinars HERE, check them out.
Download and register for a trial HERE.
Note: Share this article if you think it is worth sharing. If you have any questions or comments, comment here, or contact me on Twitter.