With the release of Enterprise Console in Runecast Analyzer 184.108.40.206, we also introduced a new capability that will be areal help for customers in larger environments. In these environments, you typically want to limit access to the internet where possible, and the capability to run your own internal Runecast repository, then have your Runecast Analyzer appliances all point to this repo allows you to do this.
The idea is actually quite simple, and if you’ve been using WSUS for Windows or UMDS for VMware already you probably already have a solid understanding of what we’re doing.
Hopefully, this gives you a clear understanding of why you might want to run a local repository: By maintaining a single repository internal to the network you can save on bandwidth and also minimize the attack surface of your Runecast Analyzer appliances.
Building the repository
So how would you go about configuring this? Thankfully it’s super easy! This blog post will walk you through the steps required to set up a local mirror of the Runecast online repository, and then repoint your Runecast Analyzer appliances to utilize this local mirror.
First things first, we need to deploy a virtual machine to host the repository. The OS should be one that uses Aptitude as it’s update engine - in this example, I’m going to use an Ubuntu 18.04 LTSVM. I won’t walk you through the basic installation process as there are many blogs out there that do this already, just know that you should install an SSH server for remote administration, and allow around 10Gb for the mirrored data. My VM will have 2vCPU and 4Gb of RAM, and this should be plenty for most use-cases.
Once you’ve deployed your VM, connect over SSHand install the required software by running
Next, we need to make some changes to the mirror.list file, which tells apt-mirror which sources to download a copy of. Before doing this, we make a backup copy of the file in case we need to restore it.
This file should read as follows. You can either delete the extra lines or comment them out.
Run a manual sync
Hopefully, you should see a bunch of files downloaded. If so, the next step is to do a little configuration work to enable the Apache web server to serve this content up, so that your internal Runecast Analyzers can pull their updates from it. First things first, we need to configure the Apache DocumentRoot to point to the local mirror directory.
In the file that opens in your text editor enter the following
Save the file, and then restart Apache.
Then, configure Apache to start automatically on bootup.
Our final step to configure this VM is to enable a scheduled task to automatically download the updates from the online Runecast repository.
In the file that opens, uncomment the following line
At this point, you can configure your Runecast Analyzer appliances to use this server in order to pull updates.
As you can see, it’s super simple to run your own local repository to update your Runecast Analyzer appliance. In conjunction with the new Enterprise Console feature, this allows you even more control over how your environment is managed, and completely cut off your Analyzers from the internet while retaining the ease of automatic updates. There’s a handy video just below which shows you how quickly you can have this up and running!