Skip to content

Settings Page

The Runecast Analyzer settings icon (cog icon) is located on the right-hand side of the top navigation bar. Use this page to configure connections to the virtual infrastructure, scheduled analysis, alerting, logs, filters, licensing and Runecast appliance users.

Connections

Within the Connections tab, you can specify the connection details for vCenter servers (and optionally, NSX-V Managers), Horizon Connection Servers, NSX-T, VMware Cloud Director, AWS, Azure and Kubernetes details for the environment that Runecast will analyze. Server address, port number, username and password are mandatory fields as well as access and secret keys (if using AWS), directory and application id (if using Azure) or SA token (if using Kubernetes). The account you specify should have the minimum required permissions specified in System Requirements chapter of the user guide. To connect to multiple Systems, add them one by one. For more details please check Connect to a System and Analyze.

Automatic Scheduler

You can configure automatic scheduling by clicking the Edit button. Once automatic scanning is selected, the scanning frequency can be chosen. The Analyze now button can be used even when Automated scans are scheduled.

Alerting

The Alerting page can be used to enable e-mail alerting. After each analysis, either manual or automatic, an e-mail containing a report of findings will be sent to the configured recipient(s). SMTP server and port, as well as sender and recipient e-mail addresses are mandatory fields. Multiple recipient e-mail addresses separated by a comma can be added (For example: email1@domain1.com, email2@domain2.com, email3@domain3.com).

Log Analysis

The Log Analysis page can be used to configure log retention and syslog settings for VMware Hosts and VMs. For more information – see Configure Log Collection.

Use the Reload button, located on right-hand side of Syslog settings on the Hosts and VMs of configured vCenters to re-fetch the current configuration from all vCenters. A timestamp will indicate when the last fetch was triggered. Also, a re-fetch can be performed individually for each vCenter by clicking the specific icon.

Knowledge Profiles

In this section you can choose which profiles to use for your environment's security compliance, you can enable additional best practices or even create your own custom profile.

  • Security compliance: By default, VMware Security Hardening Guide for vSphere is enabled and active. You can select additional profiles if you need to adhere to other security standards.

  • Best practices: Additional Best practices profiles can be enabled – SAP HANA BPs.

  • Custom Profiles: By enabling Custom Profiles you can create your own profiles for audits and organize all necessary checks in one place.

User Profile

The User Profile tab can be used to manage the Local users accounts or to connect Runecast Analyzer to Active Directory.

Local users

The default local user that has access to the Runecast Analyzer web interface is:

  • Username: rcuser
  • Password: Runecast!

By default, rcuser is granted with Admin role which cannot be changed. Click Edit user (cog icon) in the Actions column to change the default password.

Note

rcuser is the only account which cannot be deleted.

An unlimited number of Local users accounts can be added. For each user, one of two roles can be selected: Admin or Read-only.

The Admin role has no restrictions – it can manage the Runecast Analyzer without any limitations. It has also permission to create/remove other users apart from rcuser.

The Read-only role has restrictions - it is not able to change any settings or configuration and not able to scan or create/remove other users. This role can generate an API Access token with read-only privileges.

Active Directory

You can use Active Directory accounts to login to the Runecast Analyzer web interface. Click Edit within the Active Directory section and provide the information about your Active Directory setup:

  • Active Directory: Enabled or Disabled

  • Domain: name of the Active Directory domain, for example company.com

  • Domain Groups: name of the Active Directory group. Any user, that is a member of this group in the specified domain will get the assigned permissions (Admin or Read-only) to the Runecast Analyzer web interface.

Optionally, you can configure advanced options by clicking on the Advanced options link:

  • Use SSL: Enabled or Disabled

  • URL: the address of a domain controller, for example ldap://dc.company.com or ldaps://dc.company.com

  • PORT: the LDAP service port number (by default 389 for SSL disabled or 636 for SSL enabled)

  • Root DN: specify the LDAP search base DN, for example ou=test,dc=company,dc=com. It might be useful in large domains to limit the number of search results.

When an AD user is a member of both Admin and Read-Only groups, as configured in Runecast Analyzer, his privilege level will be set to Admin.

Warning

Make sure that DNS is configured. The Runecast Analyzer should be able to resolve the domain controller name. Make sure that the group you specify for the Domain Group exists in your Active Directory domain. The user logging in MUST be able to read members of the group.

Filters

Filters can be used to disable a combination of configuration items and issues from showing in the reports and statistics. Without filters, Runecast Analyzer will include all configuration items it has access to for all possible issues and best practices. Typically, these are all inventory objects within the analyzed System.

There are many use cases for using filters, for example:

  • Some of the Security Hardening checks are not part of your specific security policy and you need to exclude them from reports.

  • You have several test ESXi hosts that you want to exclude from all reports, or perhaps you want to see only Critical issues detected for those hosts.

Click Add Filter to create a new filter. A new filter called New Filter appears in the list. Expand New Filter and edit its name and description. The filter configuration includes two hierarchical trees:

  • The left-hand tree displays the analyzed Systems with all the inventory objects underneath. Select which object or group of objects will this filter apply to.

  • The right-hand tree displays all possible issues organized by type (Knowledge Base, Best Practices, Security Hardening) and severity (Low, Medium, Major, Critical). Select an issue or a group of issues the filter will apply to.

To quickly search for an object or an issue, you can use the Search box under the respective tree.

Click Update once finished. The filter is applied to all views.

Click Export/Import button on the top right corner of the Filters view to Export or Import all filters. Choose one of the following options:

  • Export Filters exports all filters in a downloadable .dat file. This function will not export the inventory objects specified in the filters. Once you import the filters, you would need to specify the objects this filter applies to.

  • Export Filters including objects exports all filters and objects they apply to in a downloadable .dat file. This function can be used in case you plan to import the filters to a Runecast Analyzer appliance that is connected to the exact same System.

  • Import Filters imports filters from a .dat file. Filters have an OFF status once imported.

    Note

    In the case where the .dat file contains inventory objects, they will be added to the filters only if the System object ID and other object IDs match.

Filtering issues for the whole vCenter Server (including all child objects)

In case certain issues are filtered out for the whole vCenter Server, those issues will not appear in the issue list for the context of this specific vCenter Server.

If issues are filtered out for all connected vCenter Servers (including all their child objects), then the issues will also disappear in the All Systems context.

Below is an example screenshot of filtering out one specific rule for the whole vCenter Server system:

In this case, this issue will not appear any more in the context of this particular vCenter Server but will still show up in the context of All System, as it’s not filtered for all vCenter Servers connected to Runecast Analyzer.

Below is an example screenshot of filtering out one specific rule for all vCenter Servers:

In this case, this issue will not appear any more in the context of any of the filtered out vCenter Server, neither in the All Systems context.

Filtering issues for subset of the vCenter Server objects

In case certain issues are filtered out for a subset of the vCenter Server objects, those issues will still appear in the issue list. However, the objects which are filtered out will not be taken into consideration and if the issue ends up with 0 affected objects it will be marked with status Pass (or Configured for some of the security profiles).

Below is an example screenshot of filtering out one specific rule for a subset of the vCenter Server objects:

Note that the vCenter Server is marked as Partially filtered. In this case, the issue still appears in the issue list, and only the selected object scope will be filtered out. If the issue ends up with 0 affected objects, it will be marked with status Pass (or Configured for some of the security profiles).

Licenses

In this tab you can add and assign a valid license to your hosts. For more information see Licensing Runecast Analyzer.

Update

Within this tab the update status of Runecast Analyzer is shown. It is divided into two parts, Application and Knowledge Definition.

Application is consisting of updates to the OS, components, application, and database definitions like KB, BP, SH, etc. The version of the Runecast appliance currently deployed is displayed. This view differs based on the online/offline update state of the appliance:

  • If the appliance has an internet connection (online) then the application will check if there are any updates available. It will display one of two states: Up to date or Update available. If the status is Update available, you can perform manually the update by accessing Runecast Console Interface (check Note) and navigate to the Update section. Otherwise Runecast Analyzer will automatically apply the updates during the night.

  • If the appliance doesn’t have an internet connection (offline) then the status You are offline is displayed together with a link to the Customer portal. When accessing the portal through an internet connected device, expanding the Offline updates provides access to an .ISO file. Download the file and attach it to you Runecast Analyzer VM. You can perform the update manually by accessing Runecast Console Interface and navigate to the Update section.

Note

To access the Runecast Console Interface open Runecast Analyzer VM console and press F1 key to login. Check section Runecast Console Interface for additional details.

Knowledge Definition contains only data definition updates for knowledge such as KBs, BPs, SH, etc. The last update release date is displayed. The view differs based on the online/offline state of the appliance:

  • If the appliance has an internet connection (online) then the application will check if there are any updates available. It will display one of the following two states: Up to date or Update now.

  • If the appliance doesn’t have internet connection (offline) then You are offline is displayed together with a link to the Customer portal. When accessing the portal through an internet connected device, expanding the Offline updates provides access to the .bin file. To perform an update, Download the file and then import it into the appliance using the Choose File button.

Online application and knowledge definition updates require access to https://updates.runecast.com. The default repository link is displayed below each one.

Note

AWS deployed Runecast Analyzer automatically checks and installs updates. In case you need to update it manually, please login using SSH, and execute the script:

/opt/runecast/scripts/rcupdate.sh

Note

K8s deployed Runecast Analyzer automatically checks and installs the knowledge definitions, the application needs to be updated using the helm upgrade command. Please see the Kubernetes section in the Deployment chapter.

A custom repository can be configured for both application and knowledge definition updates. Click the wrench icon located on the right-hand side and add the Custom URL of the packages repository from where you would like to automatically download the new version. Ensure that all required files are available.

Tip

To find out how to configure your own update repository please see the blog post How to set up Custom Repositories with Runecast Analyzer.

API Access tokens

Runecast Analyzer offers a full REST API for custom integration, configuration and reporting.

In order to use the API, an access token is required. The token can be generated in the graphical interface of the Runecast Analyzer or by sending a POST request to /api/v1/users/local/<username>/tokens.

Once generated, the access token needs to be included in the Authorization header of each request. For example, to retrieve data about the vCenters registered in your Runecast appliance, you can use a call like:

curl -H "Authorization: <your token here>" -X GET https://<appliance IP>/rc2/api/v1/vcenters
The API reference documentation can be accessed by clicking the Explore API Documentation link.

Enterprise Console

The Enterprise Console feature activates a global dashboard that integrates results of all connected Analyzer instances. Check section EC Dashboard for additional details.