Runecast Analyzer is a product which helps VMware admins with their daily job it is a great pleasure to write a new review now in 2019 about this product. Runecast Analyzer has evolved over time and we'll go into the details about what's changed since 2017 where we first wrote about the different features and possibilities. The latest release of Runecast is 2.6.5.
If you're working with VMware infrastructures, you know that proactive analysis and proactive measures are necessary to keep your workflows as performant and as safe as possible. Whether you have your mission-critical workloads or not, today's enterprises must stay safe and competitive.
It's important to follow VMware best practices, hardening guidelines and also VMware hardware compatibility list (HCL) concerning compatible hardware, firmware or drivers. But how to apply all those KBs to your infrastructure without spending days of trying?
Runecast to the rescue. Runecast Analyzer addresses just that. It allows you to check your virtual infrastructure on a regular basis, and let you know whether you're safe, or have some critical failure which has been just discovered.
The product also analyzes the log issues detected based on the correlation of log entries with KB articles. Runecast Analyzer scans your infrastructure and compares the findings with those elements to let you know whether you have some critical, major or minor issues. Runecast Analyzer provides software-defined expertise to mitigate service outages, increase security and compliance and reduce time in troubleshooting.
Since we have last reviewed the product, there were many enhancements and additions made. You now have a possibility to add Multiple vCenters, analyze VMware vSAN, Horizon View or VMware NSX-V problems.
Runecast Analyzer deploys as a pre-configured OVA appliance which you can download from the vendor's website. It is an on-premises solution, so it can even work without an Internet connection if you need to. After all, not every environment needs to be exposed to the internet and it is great for secure environments.
If you're connected via proxy, there is a possibility of configuration to allow external connectivity via proxy. You have a choice of online and offline updates of the product or the knowledge database. The software runs as a server on a single VM instance, no agents needed.
The idea is that with using Runecast Analyzer, you can avoid outages, be more secure and compliant because you are constantly checked against the VMware KBs, best practices and HCL. You're already saving thousands of hours just searching KBs which might not be even relevant for your infrastructure.
Runecast offers a vRealize Orchestrator plug-in, which includes out-of-the-box remediation workflows. You can use these workflows to automatically remediate Security issues detected by Runecast Analyzer.
Runecast Analyzer features
- VMware NSX-V Support – The Analyzer now detects NSX issues on VMware NSX-V versions 6.2 – 6.4.x and higher. Automated scan and evaluation of the NSX-V Best Practices violations. Automatic NSX-V VMware Security Hardening profile analysis and reporting. NSX-V DISA-STIG profile analysis and reporting. Automatic discovery of the NSX Managers linked to VMware vCenters.
- Automated VMware HCL analysis – It helps you discover hardware incompatibilities of servers, I/O devices, drivers, firmware and BIOS versions.
- Configuration Analysis – the product prevents issues in your VMware vSphere environment. It checks for any configuration issue which can lead to problems due to misconfiguration. It can detect up to 100% of known issues.
- ESXi Upgradeability – this feature allows to simulate the future of potential issues which may cause downtime in SDDC.
- Compliance Check with Security Hardening – a security hardening checks and best practice check can be run automatically every week, day or an hour. Possible to switch to manual only, if needed. Runecast Analyzer also scans against popular Security Compliance Standards: PCI-DSS, DISA-STIG and HIPAA.
- Log Analysis – The system collects and maintains logs in a Database. (Size is configurable). The patterns in the logs are analyzed and misconfiguration is detected, Runecast gives you a solution. The config of ESXi hosts can be triggered automatically so the logs can be sent to Runecast. You can navigate through logs via responsive graphic charts and do searches.
- Fast and Easy to Understand UI – HTML 5 based UI does not need any additional plugins to be installed in your browser, however vCenter plugins allows the detection of problems directly from within vSphere HTML 5 client. The system is fast, responsive and easy to work with.
- Multiple vCenters – The 1.5 version has brought the ability to analyze and manage multiple VMware vSphere vCenters. The same appliance manages multiple vCenters. No need to deploy one OVA in each vCenter environment. This simplifies the management and upgrade process.
- Spectre and Meltdown vulnerabilities – Important check of recent worldwide chip/CPU vulnerabilities called Meltdown and Spectre.
- VMware vSAN Support – VMware vSAN is great software-defined storage solution. However, this technology must be configured and used by following VMware best practices. Runecast Analyzer takes care of this and gives you the best practice recommendations. It shows problems, issues and best practices for VMware vSAN clusters. Including VM running on the vSAN datastore. It can be problems from the hardware perspective (number of disks not equal, RAM not equal) or software perspective (firmware, drivers). Runecast scans vSAN clusters and tests their configurations against a large database of VMware Knowledge Base and Best Practice rules.
- VMware Horizon View Support – able to scan and analyze your Horizon infrastructure providing a complete analysis of the deployment status and health. It validates your VMware Horizon environment against the recommended best practice designs.
- Historical Analysis – This new function is able to analyze the environment on a timely basis and present a history of what’s new as issues or configuration changes. Like this, the admin can view if he (she) installed for example a security patch or an upgrade, what was the effect on the environment. The historical analysis is able to help when you drill down for the problems ia widgets ( Issues by Severity, KBs Applicable, Configuration Issues by Layer, Issues History).
In addition to configuration and hardware details, Runecast Analyzer performs real-time log analysis and identifies issues in the logs immediately and links them to Knowledge Base articles. You can configure the loc collection via the main dashboard. Click the tile Log Issues.
Then simply check the host(s) from which you'd like to collect logs. In my case, I have only a single host, but when you have larger environments, you can check many hosts in parallel.
And the confirmation screen will show you what is modified by Runecast so the product can successfully pull the logs. Note that Runecast adds an entry if you already have a log collection solution configured within your environment;
Then, on the main dashboard, you'll see the historical data. I installed the product in the lab, however, I did not have any historical data. So I borrowed a screen from a Runecast website where you can launch an Online DEMO remotely. Check it out. You can freely try the online demo yourself as this demo features the latest new release.
They have vSAN, Horizon View and NSX installed in their infrastructure so you can also test those….
Here is the screenshot showing the issue history. When hovering the mouse it shows the number of critical, major, medium and low issues. When click through, you'll get to the point-in-time when the scan was initiated. Usually, there is a daily scan.
In essence, Runecast Analyzer is a proactive analytics product for VMware that automates the publicly available knowledge to find risks in your VMware environment. The knowledge sources are:
- VMware Knowledge Base
- VMware Security Hardening Guides
- PCI-DSS, DISA-STIG6 and HIPAA security compliance standards
- VMware Hardware Compatibility List
- Different Best Practices documents
- Social Media (different blog articles, forums or tweets)
Runecast alerts you of the conditions that can cause an issue in your environment in advance, so you can mitigate them and avoid the problem from happening in the first place.
When you first deploy and start the appliance, the user login and password are:
You can also configure connection via Microsoft AD. If a domain group is not specified, the default domain group will be used: Runecast_admins
New Filters based on products support and more
As Runecast Analyzer now supports vSAN, NSX-V, Horizon and vSphere, each of those products can be filtered. Useful when you searching only for vSAN related issues for example. But there are many other filters compared to what we had when we first reviewed the product.
When you first click the All Issues View. You'll get access to filters which allows you to filter problems based on many criteria.
But for example, you're only interested in vSAN based problems, because you suspect a vSAN problem. You can then go Products > vSAN to activate the view for vSAN related problems only.
As you can see, many other filters allow you to isolate problems about different parts of your virtual infrastructure.
The choice of vCenter can be done either in the First tab called Systems or the “All Systems” drop-down menu, as on the screenshots below. Both give you the same option – a choice between vCenter. In the lab, I'm running 2 vCenter servers in linked mode.
The inventory view shows the hierarchical tree of your infrastructure where your vCenter server is a top element. It basically takes the same structure as you have when navigating your vSphere datacenter structure via vSphere HTML 5 client.
And when you click next to the problem which is situated at the vCenter server level, you're taken directly to problems related to your vCenter server.
and clicking the PLUS sign opens the problem detail and resolution. This is the basic troubleshooting that you should do when using Runecast. Always deep dive into the problem to find the solution.
Fix Critical issues First
If you want to fix critical issues first you can simply click the Critical issue red bar within the first widget and the UI will show you only critical issues that need to be fixed. You can proceed like that with all the widgets which are displayed on the main dashboard. It's an interactive dashboard.
In order to automate fixing the issues related to Security Hardening, PCI-DSS or HIPAA, you can use the Runecast vRO plug-in and automated workflows.
This is a brand new feature allowing you to check whether your hardware might be a risk from the Hardware Compatibility List (HCL) perspective. You might have aging hardware which falls out of VMware HCL or simply hardware which needs a bios/firmware update. The system gives quite a lot of details concerning drivers, firmware and device type.
You can also use it for greenfield deployment and see whether your hardware has some HCL issues before start running production VMs on it.
Runecast Hardware Compatibility feature shows you the compliance status of your hardware against the VMware HCL. This is a real time saver. It's taking off a quite painful part of VMware vSphere deployments and upgrades.
Without Runecast you basically have to go to the VMware HCL and check each server model, each controller and also each i/o card against your environment. This hardware compatibility feature can be a real time saver with Runecast.
When you click on a specific host it shows you the details concerned. It shows a summary of what's been reported by your host and compares that with what was found at VMware HCL. There’s also a button HCL online which will get you directly to VMware HCL page about more information related to your hardware.
Below you can see my lab host, which is obviously not on VMware HCL as it's lab hardware. When you click the Server TAB you'll get the details about the server model, supported models (from Supermicro in my case).
Note that you can click the other tab called I/O devices, you'll get the details about the I/O devices present on the motherboard and external I/O cards as well. In my case, I had some “green” and some “red” painted devices. Obviously, because my hardware isn't on HCL.
Still, you get some nice details about the driver, firmware versions, model, device type etc. Many details which some of them aren't always visible through vSphere client and where you would probably have to dig into those within a CLI session.
On the right-hand side next to the server hardware you can see a small megaphone icon allowing you to report an issue directly to Runecast. Basically, it allows you to report some hardware metadata with Runecast. As with VMware CEIP, Runecast does not collect IPs, hostnames, username or any other environment-specific details.
You might have a question about your hardware when for example you expect it to be “green” listed on HCL but appears “red” etc.
When clicked, you'll get a pop-up window asking for an email associated with your Runecast account so the Runecast team can get back to you if you have any questions.
Let's explore the whole menu which can be found on the left. As you can see, it is divided into three main sections:
- Main Menu
- Configuration Analysis
- Log Analysis
Each part has sub menus which show different views.
completely down there (not seen on the image above) you also have Definition Database menu which shows All entries. (currently 1,627 entries). Those are All KB articles used. You can browse through and sort them by severity etc.
Let's try the best practices and see how my lab is not following. A quick click at the Best Practices submenu > Critical > Findings > I can see that my Witness host for my 2-Node vSAN cluster does not have NTP server configured.. (I forgot). Hey, let's fix it.
Clicking back to Details the system shows me the VMware KB article and details about the problem. The problems are found, it's up to you apply a solution. If your infrastructure is rather large, it might take you some time to fix all critical problems.
But at the end of the day, you have already saved yourself tons of time because you did not have to go through all the configuration parameters one by one. Only those critical and major should really count.
Config KB Discovered
This menu checks whether you respect VMware best practices. My lab is changing often and even if I knew all the best practices which have to be applied to this or that version of ESXi and different builds, I would not be able to implement it manually.
Let's see what Runecast will find. Hmm, apparently ipv6 should be activated to prevent PSOD in some environments. A new issue that is only investigated by VMware engineers. To stay safe, we should enable ipv6. Good to know. If I'd be on a production system I'd have to find time to evacuate my VMs to other hosts to enable ipv6 and reboot (yes, a reboot is necessary for activating or deactivating ipv6).
This was just one issue listed here in this review and I have found 5 others in the small lab I'm running. Imagine larger environments.
Why is it helpful?
- Admins can check if their current HW will be compatible with the version of ESXi they are going to upgrade to. This removes the pain of manual checks and allows for the smooths upgrade process.
- Currently, admins have to check upgrades manually with a sample of critical components or by the most used HW type. Runecast Analyzer now allows to automatically check everything and prevent revealed issues = upgrade with no surprise + they can report that they made this check 100%.
How does it work?
1. Turn on ESXi Compatibility simulation, select the ESXi version you would like to check and click Simulate.
2. The result will show potential issues as well as configurations compliant with VMware HCL. (https://www.vmware.com/resources/compatibility/search.php)
This is a short video of how the feature works – https://youtu.be/AlQnX_3XvD8
vSphere Client HTML5 Integration
If you install a Runecast plugin (it's pretty easy by following the hints) you can troubleshoot your vSphere infrastructure without leaving your vSphere client. The Runecast Plug-in is compatible with both Flex and HTML5 versions of vSphere Web Client. The current version of the plug-in displays results triggered by Runecast Analyzer. Future releases of the plug-in will include even more integration, allowing you to perform additional actions directly from the plug-in's interface.
An easy to use solution, very useful to prevent potential issues on your virtual infrastructure. The dashboard is well-designed and has been improved since we last reviewed the product. It's looking more polished and clearer now. The product is being constantly under development and Runecast releases updates as soon as new issues or new KB are released by VMware saving the administrators from potential services disruption.
How long it would take you to fix problems in large environments to identify hosts affected is not known, and you're never sure that you have fixed everything and that you have thought about all scenarios. With Runecast you can have the details of your environment and what needs to be fixed in a matter of seconds.
It really takes the pain away from VMware troubleshooting and optimization…. it does what it says. Simply scan your environment, relax, and then spend some time fixing Configuration, applying Best practices and Security Hardening in your VMware vSphere infrastructure!
You can spend less time consulting VMware documentation. This product works also without the internet and offline database can be included when deploying.
It really helps IT admins and engineers to operate better data centers and the final goal, after all, is to mitigate potential outages or service slow-downs. One of the big advantages of Runecast product is log analysis. It collects syslogs from vCenters, ESXi hosts and VMs and uses smart analysis to discover Knowledge Base problems and also speeds up troubleshooting.
It does not only follows the VMware knowledge sources but also includes scanning against known issues in validated social media sources such as blog articles and forums. After all, it's not an unknown fact that many critical issues appear first in social media and blogs before being officially documented by VMware. That's why many vExperts are running home labs too.
A large majority of incidents could be avoided if you have had the right information about the problem within the right moment before the incident happens.
Download 14 Days trial of Runecast here.
Note: This review was sponsored by Runecast.
Stay tuned through RSS, and social media channels (Twitter, FB, YouTube)
Nice overview article.
What features does the trail version allow? Is it full feature set for 30 days?
Vladan SEGET says
Yes, it’s 30 days full product trial. Regards.
Michael Horn says
By chance can you schedule it to apply VM hotfixes and patches that it finds missing, or might be the cause of a critical finding?
Jason Mashak says
Runecast Analyzer is mostly using read-only permissions, for this reason changing configuration or applying patches is not possible within the application. But Runecast developed a vRO plug-in with workflows to auto-remediate security misconfigurations.