July 8, 2021
We’re now halfway through 2021, and a whole quarter since we unleashed Runecast Analyzer 5.0, introducing support for Microsoft Azure and the Essential Eight security standard. Life at Team Runecast doesn’t stand still, though. While it feels like we’ve been quiet on the release front, we’ve been beavering away behind the scenes working on even more cool stuff for you!
Where do we begin?
How about Best Practices analysis for vSphere on Nutanix? Yes, for all of you Nutants out there, you can now automate your checks for the Nutanix best practices for running vSphere on their platform. While you might think that the regular vSphere best practices would apply equally when running vSphere on Nutanix, there are some differences due to how the Nutanix platform plugs together. Now, you can be confident that those clusters are fully in line with the Nutanix requirements.
We’ve also got some updates to our CIS coverage, with an update to the latest CIS Benchmark for VMware ESXi 6.7 (1.1.0), and the addition of the CIS Benchmark for ESXi 7. To our knowledge, Runecast Analyzer is the first product to offer this coverage.
The eagle-eyed among you might have noticed these features already in the product for a week or so, as of update 5.0.3. Read on for details of the just-launched 5.1 release!
Fresh from the oven, these 2 new features in Runecast Analyzer made us seriously consider our naming convention (we were in two minds whether this should actually be 6.0). Let’s take a look at what the new hotness is in version 5.1...
One of the less addressed challenges when managing environments is visibility into exactly how your environment is configured at any given time. Ensuring consistency within a vSphere cluster is super important, but consistency is also important when you look at other ecosystems too: you want to make sure that all of your pods and containers have the relevant security context, for example. Configuration Vault takes this idea and runs with it, giving you all of that point-in-time data that Runecast Analyzer gathers, giving you all of the rich filtering capabilities that you know and love, and allowing you to select desired configurations so you can quickly see where you may have inconsistencies. Here’s a quick clip to show you some of the capabilities.
Here is more detailed overview of Configuration Vault feature.
The other big idea that the engineering team has been working hard at is the concept of remediation. For some time now, we’ve had our plugin for vRealize Orchestrator which has been a big help for our customers as they move from their current state to a more compliant state. For some time now, we’ve been investigating the best approach to help our customers to deal with the findings that Runecast Analyzer surfaces. Customer feedback has been vital for this, and one of the pieces of feedback was that while vRO might well not cost them anything (as it’s licensed by vCenter), it was an extra piece of infrastructure that they needed to stand up and manage. With this in mind, our approach has been twofold: the first option to deliver remediation capabilities utilizes the existing default toolsets for the ecosystems. That’s PowerCLI and Ansible for VMware (available in the 5.1.0 release), with these coming soon: AWS CLI for AWS, Azure CLI for Azure, and Kubectl for Kubernetes. Our second approach stems from organizations where they already have some degree of automation in place, and Ansible was the clear winner when we were researching the preferred platform for remediation. As such, we also have an option to generate Ansible playbooks to use for remediation.
So what does this look like? Let’s take a look…
As you can see, not all findings have remediation actions associated with them at this point in time. We’ll be rolling out more and more remediation actions over time, and the great news is that as the backend to generate these scripts is all built into the product right now, we’re able to roll out more actions as a part of our weekly knowledge release updates.
Here is more detailed overview of Remediation feature.
If you want to provide us with any feedback on what you see so far, here is how to do that.
Our customers and partners tell us that, once they tried Runecast Analyzer, they couldn't afford NOT to use it in their tech stack.