Runecast Platform In-Depth Review 2023

It's been a while since we have reviewed the Runecast Platform which is certainly evolving to the better with every release. With deployment options available on-prem or in the cloud, Runecast helps organizations secure and optimize their workloads by providing continuous compliance and risk-based vulnerability management through a single platform.

In today's rapidly evolving IT landscape, where ensuring security, maintaining compliance, and seamlessly managing hardware upgrades are essential for businesses, Runecast has emerged as a leading solution that addresses these critical challenges. The platform is specifically tailored for VMware vSphere environments, but can be deployed within public or private clouds and still provide security and compliance fixes for your on-prem users that are working within a desktop environment. In fact, Guest OS running Windows or Linux are monitored via agents but we have information that Runecast is working on a solution to go agentless, starting with AWS vulnerability scanning. 

In this comprehensive review, we will explore the key features, benefits, and functionalities of Runecast platform, with a particular focus on its security and compliance capabilities and its hardware upgrade simulator for VMware vSphere, that is saving time for vSphere admins willing to upgrade their infrastructure without hassle.

Runecast platform is a software solution that enables IT Operations and Security teams to reduce troubleshooting efforts, improve operational efficiency, and minimize attack surfaces in a proactive and cost-efficient manner. It offers a wide range of capabilities for areas from IT Operations, security & compliance to container security. Several VMware products are supported now including vSphere, VSAN, NSX-T, VMware Horizon, vCloud Director as well as cloud platforms (AWS, Azure or GCP) and Kubernetes (Tanzu, Amazon EKS, Google Kubernetes Engine, Azure Kubernetes Service (AKS), OpenShift and others.

The platform combines AI Knowledge Automation (RAIKA) and a patented rules engine to analyze the IT infrastructure for extensive knowledge base with over 15000 knowledge base articles (and rapidly growing) to provide real-time monitoring, security analysis, and compliance assessment for your IT environment. With a user-friendly interface and an easy setup process, Runecast Platform offers a comprehensive solution for IT professionals seeking to enhance the security, compliance, and performance of their VMware vSphere deployments.

Deployment and Configuration

The deployment is fairly simple. Runecast platform is distributed as a virtual appliance, so if you're on-prem, you download an OVA which you deploy to your virtualized environment (vSphere). If you're a cloud user, you can find it within an Amazon and Azure or GCP marketplace and deploy directly to your public cloud you're working with.

The platform has the possibility to configure several vCenter servers, Kubernetes, Horizon, VSAN, NSX-T, and all above cloud platforms. The connection settings are accessible via the Connected Systems menu.

Important note is that you can also run Runecast Platform Offline, on completely isolated systems not connected to the outside world. Their definitions (.bin file) and platform updates (.ISO file) can be done via an external drive or USB key.

After the deployment, which does not differ from traditional OVF deployment procedure within vSphere, you'll start an assistant that walks you through and gets you started.

Screenshot from Help guide shows the easy-to-follow setup.

When you continue with the first configuration, the assistant provides you with the selection of the initial security profiles you'll be using within your environment. The security profiles you'll select here typically depend on your specific industry regulations, internal policies and/or a country of residence. Typically you'd only select those that apply to your environment and needs. Not all of them.

Role Based Access Control

Before we'll get into the details of the functions of the product and all the features, I'd like to touch a few words on the architecture. Within your organization you might be working with several teams across multiple sites, so it's interesting to create and manage roles-based access control. You can add local users or users from Microsoft Active Directory (AD), and there are also other options, such as OpenID Connect or LDAP as well.

Then you can have a possibility to give access to certain parts of the user interface and not to others. Users or Group of users can then have read-only access to certain parts of the system. Example: your security teams accessing only the Security and Compliance part while your IT operations teams are only accessing the IT Operations part. Usually security folks aren't as interested in the operations part as infrastructure guys and vice versa. However, where needed, teams can have various levels of access to help bring more visibility to the cross-department collaboration. 

If you're working as an admin within an international organization with several big offices in different parts of the world, you will most likely leverage a possibility to setup an Enterprise Console allowing you to connect to local Runecast appliances from a single location. The architecture looks like this, and as you can see, to activate the Enterprise console, you just turn on the “Activate Enterprise Console” button, and the option appears through the menu.

Dashboard and Overview

Let's start with the main dashboard, which gives you a quick overview of what changes have happened between different scans over the last 10 analyses (for example: there is one analysis per day where all your connected systems are scanned and compared to the analysis done 24 hours earlier). The schedule when you want to run the analysis is fully customizable, so if you want to run this analysis every 12 or every 6 hours, you can.

When you work on a fix, or you patched a couple of hosts and want to see whether those issues reported earlier were fixed, simply click the Run analysis button and the scan will be triggered immediately.

You can switch between Objects and Issues buttons to get a different view of issues that have been detected between each scan.

The overview dashboard shows also the Knowledge profile results with vulnerabilities. It shows you in percentage, how your entire environment stands and also shows how many of those vulnerabilities have already been exploited! This should be your high-priority work to be done, because if there is already an exploit that has been published and documented, hackers could potentially use this to their advantage.

The main dashboard shows also the latest product news from Runecast, which has been lately updated. Also there is the widget called Selected System, so you know which information is displayed to you based on the connection to this or that remote system. This section also shows how many issues there are, when the environment has been scanned and how many inventory objects this system has.

Lastly, there is a Top Issues widget showing the most important (critical) issues and their trends during the last analysis.

The main page has also, if you scroll completely down, a widget called Configuration drift that shows what's changed in the configuration of your environment since the last analysis. You can hover your mouse over the cluster, datastore or other icons and see how many (if any) changes have been made.

Security and Compliance Features section

Let's start with the security and compliance section on the right-hand side. We can see that we have Vulnerabilities, Compliance Profiles and Container security options.

Runecast platform employs algorithms to analyze system logs (Note: that this setup is an additional step, but it's worth it as it can detect misconfiguration or problem that occurs and it is visible via ESXi logs), configuration files, and VMware Security Hardening Guides.

The system identifies security risks, misconfigurations, and vulnerabilities in the infrastructure, enabling administrators to take immediate action to mitigate potential threats. This proactive approach helps prevent security breaches and strengthens the overall security posture of the VMware vSphere environment.

Runecast platform shows you all checks. Those ones which failed and need to be remediated, and also those ones that passed. Remember that with regular patching of your infrastructure you're closing doors for many vulnerabilities that have been discovered in the past. The UI then has many powerful filters allowing you to focus and view only only on what you are focusing.

In the example below we're focusing on vulnerabilities with exploits only.

By clicking one of those vulnerabilities, you can get into more details. You have the links showing you the exploits in detail (on an external site) as well as VMware advisory ID with link to the VMware patch that addresses this vulnerability.

All you have to do is to go to the VMware site and seek for the update, and update your impacted host(s).

You can download a CSV file or PDF report. Those are two possible export options you might be looking for when looking for reporting capabilities of the view. Again, you can filter out things you do need or you don't need.

Good to know here that Runecast is pretty agile, and whether the new critical vulnerability is discovered, or even a vulnerability with an exploit is discovered, Runecast updates the product within 24 hours. Imagine checking the UI daily might take you max 5 minutes, then seeing new vulnerabilities with exploits (by applying the filters) gives you a quick opportunity to fix this straight away and be protected.

Compliance Profiles

Runecast Platform offers comprehensive security compliance checks based on industry best practices, such as VMware's Security Hardening Guides, CIS benchmarks, and many security compliance standards.

It automatically scans the environment against these benchmarks, providing administrators with detailed reports and recommendations to ensure adherence to security guidelines. By addressing security compliance issues, Runecast Platform helps organizations meet regulatory requirements and minimize the risk of security breaches.

Runecast Platform performs comprehensive compliance checks against a wide range of regulatory frameworks and industry standards, including NIST, HIPAA, PCI DSS, GDPR, ISO 27001, DISA STIG, TISAX, and more. By analyzing the infrastructure's configuration and settings, it identifies non-compliant elements and provides detailed remediation suggestions. This helps organizations ensure compliance with relevant regulations, avoid penalties, and maintain continuous compliance ensuring data integrity and privacy.

The compliance profiles are shown in this menu. The most known for VMware environments are the VMware Security Hardening guidelines (VMware SCG) so by selecting those you'll see how your environment performs against those guidelines.

Once again, the system displays a comprehensive report, including both passed and failed tests. To focus on the areas that need attention, you can easily filter the report to show only the failed tests. This allows you to address and fix those specific issues, thereby improving the overall performance and increasing the number of successful outcomes, symbolized by becoming ‘more green'.

To remediate the failed check, Runecast is not only helping by showing what's wrong, but also providing some cool features to address that. While to remediate those findings are only possible via manual steps, some of those remediations can be scripted and Runecast is a great help here. In fact, Runecast provides over 800 scripts that are ready waiting to help you with securing your infrastructure.

Those scripts are automatically adapted to your environment and all you have to do is a copy-paste or download the PowerCLI script and then execute it against your environment. (Note that PowerCLI and Ansible are the options here). Some of the scripts are customizable, and you can put in a value and then run the script.

Runecast platform simplifies compliance documentation by generating detailed reports that outline the compliance status of the VMware vSphere environment (and/or your Kubernetes and Cloud). These reports provide clear visibility into compliance gaps, suggested remediation actions, and historical data for auditing purposes. The automated documentation saves valuable time and resources, streamlining the compliance process and facilitating internal and external audits.

How Many New Issues do I have between dates – Compare Analysis

A useful analysis when you want to show the new issues that have occurred between specific dates. You can go to Detected Issues Menu > click the Compare Analysis button > Compare.

Then you can see the result of the objects affected in a concise table, categorized as critical, major, medium, and low. Additionally, there is a comparison of these issues, which reveals a total of 505 newly identified problems. This serves as an excellent method to demonstrate the progress made in securing your infrastructure to your boss. Simultaneously, it highlights the ongoing battle against hackers and the tangible efforts to protect your infrastructure.

Again, you can use filters to view specific compliance profiles, only let's say GDPR, or other.

IT Operations Section

In this section we have Configuration vault, Best practices, HW compatibility, KB articles, Log KB articles and Log Inspector. We won't have space here to go through all in detail, but let's take a look at it at least briefly. This section is mostly used by datacenter guys that are in charge of the infrastructure from the performance perspective, by applying best practices from VMware, as well as ensuring the evolution and upgrades.

Configuration Vault

Configuration Vault feature allows you to highlight inconsistencies and configuration drift in your environment. Runecast platform supports not only vSphere, vSAN, NSX, but also Horizon View, AWS Cloud, Azure, Google Cloud, Kubernetes clusters and VMware SDDC. When you change configuration from time to time, you tweak for performance or troubleshoot problems. Runecast is able to track those changes and report back to you what's changed.

This is quite useful when tracking performance problems on VMs, hosts, or clusters. Is it due to the config change someday? Did someone from your IT team have changed something during your vacations? Yes, possible. You imagine the scenarios. Runecast might be the right product to have for tracking those changes in detail.

You can select different views, such as clusters, datastores, hosts, I/O devices, port groups, vCenter or VMs.

Then you can select the object and see what changes have occurred in the past and compare this with a reference configuration host within your environment. So you basically can follow and detect what has changed in the past.

KB Articles

Your IT operations teams will be using the KB articles to see what Runecast has discovered as potential issues in the already documented knowledge base articles, so you can fix them before they cause any problem or even outage. Again, depending on the size of your environment, you might have people more focused on storage, or networking. Or if you want to focus only on the compute, by using the filters again you can filter out the view and see issues only for that particular object.

The KB articles might also contain issues that have not happened yet, such as purple screen of death (PSOD), but they likely happen in certain scenarios such as when your environment has devices, such as HBOs that have certain firmware and driver combination running a certain level of vSphere. VMware has identified those combinations and released KB articles on how to mitigate the risk by updating those drivers or which version of driver you need to be running in order not to trigger a PSOD.

Runecast, by scanning your environment will report that your particular HBA is using a particular firmware with driver release and informs you that you might be having issues if you don't fix that. The resolution is always posted on the top of the page when you click on the issue. You have a link for the patch download on that page. You don't have to go anywhere else. That is really powerful.

The Best practices have similar functions, and Runecast will help you to configure your infrastructure the way VMware would do it. By using the best practices for the configuration you'll make sure that you get the best performance and the best possible uptime. The system can detect misconfigurations at the network level, compute, datastore, vCenter level, or in any other object that is connected to the system. Again, the goal is to get as many green checks as possible.

Good to know that you can override some checks. Let's say you have a host that is in the pre-production stage and that you need to have SSH open on this host. If you don't want to have Runecast reporting on that after each scan, you can filter out that particular host for SSH…

Hardware Upgrade Simulator for VMware vSphere

Pre-Upgrade Analysis – Runecast platform includes a unique hardware upgrade simulator specifically designed for VMware vSphere environments. It helps administrators assess the compatibility of new hardware components or upgrades before implementation.

By simulating the impact of hardware changes, administrators can identify potential risks or compatibility issues, allowing for informed decision-making and minimizing downtime during the upgrade process and significantly saving time opposite to manually checking VMware Hardware Compatibility List. 

Impact Assessment – Runecast provides simulations of the upgrade process, allowing organizations to test the upgrade process before actually performing it. This helps organizations avoid potential issues and downtime during the upgrade process, reducing the risk of service interruptions and data loss.

The hardware upgrade simulator in Runecast platform provides a detailed assessment of the impact that hardware changes will have on the existing VMware vSphere environment. It evaluates factors such as compatibility, performance, resource allocation, and potential bottlenecks, enabling administrators to make informed decisions regarding the hardware upgrade strategy. This reduces the risk of compatibility issues and ensures a smooth transition during the upgrade process which is particularly useful for large environments.

Inventory View

This view is outside of the IT operations and Security and Compliance sections, and is useful when you quickly want to see the datacenter view with all the objects and allows you to show the hierarchy of the vCenter you're connected to and drill down deep to show all vulnerabilities at particular VM.

Final Words

Runecast platform offers a user-friendly interface, completely redesigned since we've last reviewed the product. The new UI is very intuitive, it simplifies the configuration, monitoring, and management of your IT environments. Its powerful dashboards, detailed reports, and contextual recommendations empower administrators to quickly identify and resolve security, compliance, and hardware upgrade-related issues. 

Furthermore, Runecast provides responsive customer support and regular product updates, ensuring that users have access to the latest features, bug fixes, and security enhancements.

Runecast Platform stands as a robust and comprehensive solution for enhancing the security, compliance, and hardware upgrade capabilities of not only VMware vSphere environments, but also container and public cloud workloads. With its real-time security analysis, compliance assessment, and hardware upgrade simulator, Runecast Platform enables organizations to proactively identify and address potential risks, maintain regulatory compliance, and optimize their infrastructure performance. By leveraging the power of automation, Runecast Platform empowers IT teams to build secure, compliant, and efficient virtualized infrastructures in an ever-evolving technological landscape.

It is robust in range of coverage, but versatile and agile in deployment and day-to-day usage to provide organizations with the tools they need to manage their hybrid cloud environments efficiently and proactively. 

The platform takes only 15 minutes to deploy and is even completely functional in air-gapped environments. With its advanced analytics, machine learning, and AI capabilities, Runecast enables organizations to identify and mitigate risks, optimize performance, and reduce costs in their IT infrastructure.

Get a 14-day free trial of the Runecast platform today. Register here.

Please note that this review was sponsored by Runecast.

• VMware vCenter Server 8.0 U1b resolves further upgrade issues and adds bunch of security patches
• VMware vCenter Server Appliance 8.0U1a Released
• VMware vSphere 8.0 U1 Announced
• VMware vSAN 8.0 U1 What's New?
• vSphere 8.0 Page
• Veeam Bare Metal Recovery Without using USB Stick (TIP)
• ESXi 7.x to 8.x upgrade scenarios
• A really FREE VPN that doesn’t suck
• Patch your ESXi 7.x again
• VMware vCenter Server 7.03 U3g – Download and patch
• Upgrade VMware ESXi to 7.0 U3 via command line
• VMware vCenter Server 7.0 U3e released – another maintenance release fixing vSphere with Tanzu
• What is The Difference between VMware vSphere, ESXi and vCenter
• How to Configure VMware High Availability (HA) Cluster
• Homelab v 8.0 
  • NXJ6412 Maxtang EHL30 TPM Alert in vCenter Server 8.0 BIOS Config
  • vSphere 8 Lab with Cohesity and VMware vExpert gift – Maxtang’s NX 6412 NUC
  • VMware Cohesity vExpert Gift VMware EXPLORE 2022 Barcelona