Skip to content

Agentless analysis

Runecast supports agentless vulnerability scanning. It provides multiple benefits to make it preferable way in many scenarios:

  1. Simplified Deployment: Agentless scanning eliminates the need to deploy and manage software agents across multiple devices and systems. This simplifies the scanning process and reduces the administrative overhead associated with agent installation, updates, and maintenance.
  2. Improved Scalability: With agentless scanning, organizations can easily scale their scanning efforts without worrying about agent deployment limitations. It allows scanning of a large number of devices and systems simultaneously, ensuring comprehensive coverage and faster assessment of vulnerabilities across the network.
  3. Reduced Performance Impact: Installing software agents on target devices can sometimes impact their performance and consume system resources. Agentless scanning avoids this issue by leveraging existing network protocols and connections, minimizing any potential impact on the target systems and devices.

vSphere

Agentless scanning of vSphere Virtual Machines is an industry first functionality released in Runecast Analyzer 6.8. It can be enabled on clusters managed by vCenters that are connected to Runecast Analyzer.

How it works:

This functionality leverages the VMware snapshot mechanism. Runecast Analyzer will orchestrate taking snapshot of the target VM, mounting it to a separately deployed scanner virtual appliance which will analyze the Operating system and applications, and finally deleting the snapshot. The whole operation is expected to take between 1 to 10 minutes per virtual machine. The agentless scan is designed to scan only VMs that are tagged with a specific tag ( RunecastAgentlessScan ) so you can have full control over which VMs are included in the scan.

Agentless scanning is an Early Access functionality

Since it relies on snapshotting mechanism and it is still being refined by our team, we do not recommend configuring it on production virtual machines yet.

Please also follow these guidelines in selecting which VMs to include in the scanning:

  • Even with minimal impact, it’s generally a good idea to schedule snapshot operations during off-peak hours when possible, so please adjust the Analysis Schedule on the settings page accordingly.
  • Ensure that there is sufficient free space in the datastore to accommodate the snapshot. Even though the expected delta disk growth is small in this scenario, it’s always good to have a buffer to prevent the datastore from filling up.
  • High I/O Workloads: VMs running high I/O workloads such as databases (e.g., Microsoft SQL Server, Oracle), mail servers (e.g., Microsoft Exchange), or high-traffic web servers may experience degraded performance during snapshot operations.
  • Large Virtual Disks: VMs with very large virtual disks (>1TB) may take a long time to create or delete snapshots, which could impact the performance of the VM and the underlying storage.
  • Virtual Machines with RDMs: It's not possible to snapshot VMs that use Raw Device Mappings (RDMs) in physical compatibility mode.
  • VMs Running Specific Applications: Some applications have their own mechanisms for data consistency and may not play well with snapshots. For example, some clustered applications or distributed systems might not support being snapshotted or might require additional configuration to handle snapshots correctly.
  • VMs with Independent Disks: VMs with independent disks cannot have their disk state captured in a snapshot.
  • Performance-Sensitive Applications: Applications that are sensitive to disk latency or require consistent performance might be negatively impacted by the overhead of snapshots.

In order to use this functionality the following steps must be performed to configure the agentless scanning:

  • Deploy a scanner VM for the cluster to be analyzed

  • Enable Agentless Scanning for the respective cluster in Runecast Analyzer UI

  • Tag the Virtual Machines that you want to scan

  • Trigger Scan (or check results after scheduled scan)

Detailed, step by step instructions can be found on the connect to a vCenter page.