June 29, 2021
Back in the mists of time, the founders of Runecast were managing many different vSphere environments. Because this is the real world, periodically bad stuff would happen, and they’d need to fix things. As they resolved things (and had to check many other environments for exposure to the same risks), they noticed that in 90% of cases, VMware had already documented the cause and solution. Wouldn’t it be great to have some kind of tool that could automatically check against the documentation and proactively notify you of these risks before they took your environment down, caused poor performance, or created a security risk? This spark of an idea was the genesis of Runecast Analyzer, and the rest is history.
Fast forward to the present day: Runecast Analyzer has grown in leaps and bounds, adding support for the likes of AWS, Azure, Kubernetes, and a whole raft of new VMware technologies like NSX, Horizon, and VMware Cloud Director. However, the product never stops evolving, so we wanted to discuss some possible future improvements.
Runecast is a super customer-focused organization, and our conversations with our customers have directly contributed to many of our features. Enterprise Console, for example, came from a request from a single customer. When we started to build this, we discussed it with others and discovered that this was a massive win. Custom Profiles is another. Today, we’d like to talk to you specifically about the challenges of getting from where you are right now to where you want to be.
With that in mind, then: we’d be interested to hear your thoughts on this matter. But, first, a few questions to start the ball rolling.
The feedback we receive regularly is that Runecast Analyzer does a great job of surfacing latent risks, highlighting the where and why, and what you need to do to rectify the situation. It would be nice if there were some way to shortcut those fixes. This kind of capability is not without its challenges.
Typically, Runecast Analyzer authenticates to the systems it monitors with an account with restricted access in line with (and quite rightly so!) the principles of least privilege. Because of this, Runecast Analyzer would execute these actions with limited rights. These actions would fail. One option here (and one used by some other tools) would be to specify a privileged service account that could perform actions. This service account could have elevated privileges in the managed systems so that any remediation actions were successful. Still, then all actions taken would be logged as performed by this specific service account. Depending on your policies, this may or may not be acceptable or desirable.
Another option might be for Runecast Analyzer to generate output that an administrator of the target system could execute. In this way, the onus is on the administrator validating the script before execution. It would also mean that the remediation activity was also easily traceable to the administrator who triggered it.
With all of the above in mind: we’d be super interested to hear how you would prefer to see this kind of capability presented. So let us know your thoughts! Runecast Analyzer is built by sysadmins for sysadmins, and we’re keen to hear your thoughts!