Ensured Security and Stability with Runecast Analyzer
Aberystwyth University (Welsh: Prifysgol Aberystwyth) is a public research university in Aberystwyth, Wales, with more than 6,000 students studying across 3 academic faculties and 17 departments. Founded in 1872 (as University College Wales, Aberystwyth), it was a founding member of the University of Wales in 1894. In 2007, the University returned to independent status.
The University was rated amongst the best Universities in the UK for Student Satisfaction and Teaching Quality (The Times and Sunday Times, Good University Guide 2021) and, in 2019, it became the first university to be awarded University of the Year for Teaching Quality by The Times/Sunday Times Good University Guide for a second year running. It was also the first university in the world to be awarded the status of Plastic-Free University (for abolishing single-use plastic items).
With several awards and international recognition for research, the University is proud to be the only institution in Wales to offer a Veterinary Science degree in collaboration with the Royal Veterinary College London. The University is also proud of its Welsh heritage and the re-opening of Pantycelyn Halls of Residence, a home for Welsh speakers and learners on campus.
The school uses an annual survey of students and staff to gauge the quality of services that it provides. This also provides insight as to the quality of its IT infrastructure, which is critical for student learning. The IT department is thus heavily focused on customer satisfaction, with audits and rewards. The VMware infrastructure supports primarily the administrative and financial backend (student-facing tools are mainly SaaS now).
For this case study, we spoke with Dan Monaghan, Cyber Security Officer for Aberystwyth University.
The university was running 8 physical hosts, 2 vCenters, spread over two sites on the campus. It was a basic vSphere and ESXi setup, so not yet so complex, but they were also looking at the possibility of running Horizon and knew that it would be beneficial to take a more proactive approach to planning and knowing where potential problems might occur.
The university saw potential challenges around staffing, with only 3-4 managing the infrastructure for the entire university and Mr. Monaghan handling VMware issues on his own. There was lots of collective knowledge on the team, but also room for normal information silos to develop. Their systems comprised “too many moving parts” for a small team to keep up with proactively, which made it difficult for them to establish any official SLAs. Keeping firmware up to date meant waiting for Dell to recommend it, as it was too time consuming without a proper tool to support a more proactive approach.
Mr. Monaghan stated, “Due to the size of the team, we were very reactive as a necessity, with requests coming from all sides; it was difficult to keep on top of everything the way that we needed to. Whenever we had issues, it wasn’t clear who to even contact for support.”
At some point, they had a host that had buggy network card firmware, and it was a challenge to identify this issue as well as the correct firmware to resolve it.
Additionally, they were having issues understanding log entries – SSHing into hosts and grep-ing individual log files when an issue occurred.
Another challenge was that the infrastructure was historically based on Microsoft Hyper-V, which is where the team’s experience lay. Moving to vSphere was a substantial change, and having something to bridge that gap was necessary.
“The biggest issue was the NIC firmware,” said Mr. Monaghan. The team knew they needed more visibility of their environment in order to have a proactive approach.
“We deployed the trial appliance of Runecast Analyzer with a view to troubleshoot the network card firmware issues in the first instance, and from there I investigated the other issues that were reported,” said Mr. Monaghan. “We took up the offer of the free COVID licensing [provided to universities and hospitals until September 2020] and worked through some of the higher-severity issues. This time gave visibility into configuration issues – even though the environment had only been recently installed – that I previously wouldn’t have had time to even check, let alone remediate.”
It took the university IT team less than an hour to deploy Runecast Analyzer, from download to looking at actionable insights for how to stabilize their environment.
“Things were much improved as soon as we deployed Runecast,” Mr. Monaghan reported, “as logs were parsed in real-time automatically, and issues highlighted. Automatic emails when log KBs are discovered are also a nice touch, as nobody wants to spend their day parsing logs. Also, the cost was low enough that we didn’t need to jump through too many hoops, which was nice. The biggest selling point would likely be the cyber security compliance capabilities.”
After deploying Runecast Analyzer, they immediately discovered the root of their problem and initiated the firmware upgrades proactively. This was the first time they were ahead of the curve, rather than waiting for DellEMC to flag the potential issue. Prior to this, it was simply too time-consuming to check regularly.
Asked why they chose Runecast Analyzer over another solution, Mr. Monaghan replied, “There was no tool on the market that did what Runecast Analyzer does. And from a cost perspective, it made more sense than to investigate VMware vRealize Operations. Given the cost and value that Runecast Analyzer offered, it made no sense to even spend time trialling alternatives.”
As for the NIC firmware issues that led to deploying Runecast Analyzer in the first place, the biggest issues that the analyzer resolved were “the security recommendations, which made perfect sense when you see them written down.” Mr. Monaghan added, without a deep background in the technology it’s difficult to know what you don’t know. We’d probably have spent more money in staff time than the cost of the license just to find these things out.”
Now the team runs a weekly analysis with Runecast, with reports sent by email. Most of their findings are low severity now, so when they come in they can be quickly rectified. “Once we dealt with the initial set of findings, the ongoing time investment is minimal.”
As to how Aberystwyth University is using Runecast Analyzer for ongoing security compliance, Mr. Monaghan stated that, “As with any organisation, we have internal policies that detail how we should configure the infrastructure in a secure manner. With Runecast Analyzer we can see where we drift from our desired state as soon as a scan happens, rather than waiting for a biannual audit. This enables us to close gaps much quicker.”
- Less than an hour to deploy, from download to actionable insights
- Logs parsed in real-time automatically, with issues highlighted
- Automatic emails received when log KBs are discovered
- Clearly displayed security recommendations
- Reasonable cost made ROI clear and justifiable to stakeholders
- Visibility of configuration issues that they previously wouldn’t have had time to even check, let alone remediate
- Shows drift from desired state as soon as a scan occurs, for faster gap closure
- Enables easy trend analysis of improvements in best-practice adherence and security posture
- Main benefits come in the form of security and stability
- Proactive rather than reactive approach
According to the team, the constant analysis of security data with Runecast Analyzer is a major win, as is the hardware compatibility scan. It also helped them to close the knowledge gap while the team got up to speed with vSphere.
After dealing with the most critical issues first, Runecast Analyzer now helps the IT team continue to identify and prevent mostly low-severity issues like VMs being created with CDROMs attached, long-running snapshots, etc. – that is, “nipping the smaller things in the bud before they become more urgent.”
As the majority of the team’s IT help desk ‘incidents’ have had a tendency to be for issues such as ‘Please help me reinstall Word’, Mr. Monaghan noted that “The main benefits of Runecast Analyzer come in the form of security and stability.”
It is difficult for the team to quantify how much time they have saved with Runecast Analyzer, but Mr. Monaghan reported, “We definitely saved a lot of time with the HCL analysis. Runecast frees up time to look proactively for configuration and security issues. And we have baseline support for VMware through DellEMC, but this doesn’t really provide the degree of peace-of-mind that we get from Runecast. It’s difficult to put an exact value figure on this – it’s all about being proactive rather than reactive.”
When asked what advice they would give to peers about running Runecast Analyzer in their own environments, Mr. Monaghan advised that, “The historical scan data is helpful. This allows us to provide evidence of improvements in terms of best practices and security. The vSphere upgrade check capability is super neat, too.”
- Frees up time to look proactively for configuration and security issues
- Incalculable cost of man hours previously spent on reactive troubleshooting
- Potential incalculable cost to reputational damage in case of service interruption