We want you to make the most out of every day you use Runecast Analyzer. To help with that, we’ve prepared this evaluation tutorial that covers how to best use Analyzer to protect your VMware environment against issues and security threats.
Here is what you will need to evaluate Runeacast Analyzer:
- Runecast Analyzer virtual image - OVA template. Don’t have Runecast Analyzer downloaded? Let’s take care of that now.
- VMware vSphere v5.5 - v6.x with vCenter and ESXi host. This can be used for both Runecast trial deployment and also test scan of the vCenter with ESXi host and Virtual Machines.
- HW Resources for 1 new virtual machine: 2 CPU cores, 4GB RAM, up to 80GB disk space.
- At least read-only credentials to vSphere for adding vCenter monitoring to the Runecast Analyzer.
1. How to install the Runecast Analyzer in 10 minutes.
You may have one of the common questions:
Q: What products does Runecast Analyzer cover?
A: Analyzer works on VMware, vSphere, and vSAN.
Q: What user credential privileges do I need in order to connect vCenters?
A: Read-only vCenter credentials are the minimum, you may use the Admin credentials to let Runecast configure your syslogs remotely.
Q: Is any vSphere, vCenter, ESXi host or VM configuration data from my environment sent out over the internet?
A: Never — all configuration data remains on your server
Now that you have Runecast Analyzer installed (if you don’t yet, click here), let’s look at using it to scan your VMware vCenter.
2. Initial configuration
3. How to configure (sys)log analysis
To enable (sys)log analysis, go to "Settings" -> "Log Analysis" and select vCenter from where you want to inspect log files. In the case you have Admin credentials, you may try to "tick" selected ESXi host or its virtual machine and Runecast Analyzer will try to do it on your own. If you use read-only credentials, or the vCenter's ESXi host has disabled remote CLI access, you need to do it manually:
- Set Syslog.global.logHost=udp://10.1.2.101:514 in host's advanced configuration settings and enable syslog in the host's firewall
- Login to vSphere client/webclient
- Click Configuration tab (C# client)/ Manage tab(web client)
- Click "Advanced Settings" in the Software panel
- Find Syslog.global.logHost
- Set it's value to udp://10.1.2.101:514 (if you already have another remote syslog configured, you can just append the value after a comma )
- Click "OK"
- Click "Security profile"
- Click "Firewall".
- Click "Properties"
- Make sure syslog is enabled
- Click "OK"
Note: Runecast Analyzer can also generate PowerCli script to enable Syslogs, this option is available in the context menu in the Log Analysis settings tab for each vCenter.
4. How to customize Runecast to fit your environment
We know that not every default setting in VMware’s Knowledge Base, Best Practices and Security Hardening guides are relevant to your processes. That’s why Runecast Analyzer contains a feature called "Filters" which help you to exclude specific test environments or hide issues that are not relevant to you.
Go to "Settings" -> "Filters" and try to exclude detected problems for one of your ESXi hosts or specific VM. Once you activate the filter, the Analyzer will exclude the information from the rest of results anywhere on UI or reports.
5. How to maximize security protection for you and clients
Runecast will continuously monitor your vSphere environment and detects any violation of VMware security hardening rules or US FED DISA-STIG 6 security profile. First off go to "Settings" -> "Security Compliance" and select security profiles you are interested in. Scan connected vCenters and see the compliance report and what to configure to increase your security level.
6. How to pick up vSphere best practices
A best practice is often not what everyone else is doing, but implementing them brings a lot of long-term benefits, mainly a better protection against issues.
The most typical reason why you have not implement VMware best practices is time.
Scan your vCenters and go to "Best Practices" tab to see the result of passed and failed best practice "rules".
In order to be continuously protected and ensure the vSphere configuration persistency, go to "Settings" -> "Automatic Scheduler" and select daily scans.
Together with daily scan configure SNMP server in "Settings" -> "Alerting" tab. This will trigger an email with the report to be sent to the specific email address(es) after each automated or manual scans.
This Evaluation Guide covers the very fundamental functionality of Runecast Analyzer. The complete documentation is available in User Guide.