Runecast Reporting Helps to Mitigate Security Concerns
Pacific Seafood has been a family owned and operated Oregon business since its founding in 1941. Pacific Seafood has grown from what started as a company with only 18 people to employing more than 2500 people at 37 facilities, with processing plants stretching along the Pacific Coast and distribution facilities in seven states. Although the company has grown in size, it is still family-owned and family-focused, while always being dedicated to delivering the best seafood products and the best customer service anywhere. Brent Glasgow is Senior Systems Engineer for Pacific Seafood's VMware support team looking after their VMware vSphere 6 environment with 7 hosts located in their primary site and 2 hosts in the DR site, hosting around 150 guest VMs.
“Although we use scripts (VM Health Check), which is a helpful tool for technicians, it is not useful for management reporting or classifying criticality,” explained Mr. Glasgow. “Our management required specific Key Performance Indicator (KPI) reports and I needed an automated tool that would provide a comprehensive enough amount of data without being overwhelming or too technical in nature to be useful.” Therefore, Pacific Seafood required a product that provides reporting to give management meaningful metrics to verify the IT department is doing the necessary work to secure the VMware environment, plus follows accepted industry accepted best
“I conducted a two week proof of concept (PoC) using a limited-use host to verify stability and resource usage of Runecast Analyzer. Once I was confident the product provided the information required and would be stable in production, I quickly rolled it into the remainder of our environment,” said Mr. Glasgow. “The basic OVA install was simple and adding in vCenter and hosts (along with log reporting) was automated and easy.”
Runecast Analyzer is a patent pending proactive VMware vSphere management solution that installs as an OVA format virtual appliance. It combines the current VMware Knowledge Base articles and internal Runecast expertise to analyze the virtual infrastructure and expose potential issues and best practice violations before they cause major outages.
Pacific Seafood's specific use case for Runecast Analyzer is review and tracking so that security events do not remain unknown or, worse, ignored. Plus, being able to compare against best practices is an added benefit.
“Risk mitigation and reporting are the most important areas Runecast Analyzer provides for us. For risk mitigation there are just too many security concerns for a single administrator to track along with all the other tasks. A tool that scans the VMware environment against all known security issues saves a significant amount of manual work that simply would not be achievable otherwise. In addition to the scanning, classifying the security issues by severity helps me to use small slices of time most effectively,” stated Mr. Glasgow.
The major benefits delivered by Runecast Analyzer for Pacific Seafood are the security and best practices analysis as well as KPI reporting for management. Runecast Analyzer has identified a number of issues, of which the top 5 are:
- Networking for ESX host set to accept forged transmits
- Networking for ESC host set to accept MAC address changes
- Ensure that the Forged Transmits policy is set to reject: reject-forged-transmit
- Set a timeout to limit how long the ESXI Shell and SSH services are allowed to run: set-shell-timeout
- Control access to VM console via VNC protocol: minimize-console-VNC-use
“Runecast Analyzer enables me to be more efficient by allowing me to mitigate the most critical issues first. Having all the issues on a dashboard, in order of severity, is fast and saves time in the whole 'what I should work on first in the hour that I have' quandary,” explained Mr. Glasgow. “Instead of wondering what issue to tackle first in the 1-2hours per week available to VMware security, I can jump right onto the next most critical issue.” Mr. Glasgow concluded by sharing one of his best practices, “Save your first analysis so you can eventually submit the corrective actions/improvements you have taken. This will help management to understand that security concerns are being properly handled.