Skip to content

Settings Page

The Runecast Analyzer settings icon (cog icon) is located on the right-hand side of the top navigation bar. Use this page to configure connections to the virtual infrastructure, scheduled analysis, alerting, logs, filters, licensing and Runecast appliance users.

Connections

Within the Connections tab, you can specify the connection details for vCenter servers (and optionally, NSX-V Managers), Horizon Connection Servers, AWS account, NSX-T , vCD and Kubernetes details for the environment that Runecast will analyze. Server address, port number, username and password are mandatory fields as well as (if using AWS) access and secret keys or SA token (if using Kubernetes). The account you specify should have the minimum required permissions specified in System Requirements. To connect to multiple Systems, add them one by one. For more details please check Connect to a System and Analyze.

Automatic Scheduler

You can configure automatic scheduling by clicking the Edit button. Once automatic scanning is selected, the scanning frequency can be chosen. The Analyze now button can be used even when Automated scans are scheduled.

Alerting

The Alerting page can be used to enable email alerting. After each analysis, either manual or automatic, an email containing a report of findings will be sent to the configured recipient(s). SMTP server and port, as well as sender and recipient email addresses are mandatory fields. Multiple recipient email addresses separated by a comma can be added (For example: email1@domain1.com, email2@domain2.com, email3@domain3.com).

Log Analysis

The Log Analysis page can be used to configure log retention and syslog settings for Hosts and VMs. For more information – see Configure Log Collection.

Use the Reload button, located on right-hand side of Syslog settings on the Hosts and VMs of configured vCenters to re-fetch the current configuration from all vCenters. A timestamp will indicate when the last fetch was triggered. Also, a re-fetch can be performed individually for each vCenter by clicking the specific icon.

Knowledge Profiles

In this section you can choose which profiles to use for your environment's security compliance, you can enable additional best practices or even create your own custom profile.

  • Security compliance - By default, VMware Security Hardening Guide for vSphere is enabled and active. You can select additional profiles if you need to adhere to other security standards.

  • Best practices - Additional Best practices profiles can be enabled – SAP HANA BPs.

  • Custom Profiles - Create your own profiles for audits, organize all necessary checks in one place, and more.

User Profile

The User Profile tab can be used to manage the Local user accounts or to connect Runecast Analyzer to Active Directory.

Local user

The default local user that has access to the Runecast Analyzer web interface is:

  • username: rcuser

  • password: Runecast!

By default, rcuser is granted with Admin role which cannot be changed. Click Edit user in the Actions column to change the default password.

Note

rcuser is the only account which cannot be deleted.

An unlimited number of Local User accounts can be added. For each user, one of two roles can be selected: Admin or Read-only.

The Admin role has no restrictions – it can manage the Runecast Analyzer without any limitations. It has also permission to create/remove other users apart from rcuser.

The Read-only role has restrictions - it is not able to change any settings or configuration and not able to scan or create/remove other users. This role can Generate an API Access token with read-only privileges.

Active Directory

You can use Active Directory accounts to login to the Runecast Analyzer web interface. Click Edit within the Active Directory section and provide information about your Active Directory setup:

  • Active Directory (Enable/Disable)

  • Domain (for example company.com)

  • Domain Groups – any user/group in the specified domain group will get the specified access (Admin or Read-only) to the Runecast Analyzer web interface.

Optionally, you can configure advanced options by clicking on the Advanced options link:

  • Use SSL (Enable/Disable)

  • URL (the address and port of a domain controller, for example ldap://dc.company.com)

  • PORT number

  • Root DN (for example ou=test,dc=company,dc=local)

When an AD user is member of both Admin and Read-Only groups, as configured in Runecast Analyzer, his privilege level will be set to Admin.

Warning

Make sure that DNS is configured. The Runecast Analyzer should be able to resolve the domain controller name. Make sure that the group you specify for the Domain Group exists in your Active Directory domain. The user MUST be able to read members of the group.

Filters

Filters can be used to disable a combination of configuration items and issues from showing in the reports and statistics. Without filters, Runecast will include all configuration items it has access to for all possible issues and best practices. Typically, these are all inventory objects within vCenter and (optionally) NSX-V Manager, NSX-T Manager, Kubernetes, vCD, or Horizon Connection Server.

There are many use cases for using filters, for example:

  • Some of the Security Hardening checks are not part of your specific security policy and you need to exclude them from reports.

  • You have several test ESXi hosts that you want to exclude from all reports, or perhaps you want to see only Critical issues detected for those hosts.

Click Add Filter to create a new filter. A new filter called New Filter appears in the list. Expand New Filter and edit its name and description. The filter configuration includes two hierarchical trees:

  • The left-hand tree displays the vCenter (and optionally NSX-V), Horizon Connection Servers, AWS account, NSX-T, vCD and Kubernetes inventory with all inventory objects underneath. Select which object this filter will apply to.

  • The right-hand tree displays all possible issues organized by type (Knowledge Base, Best Practices, Security Hardening) and severity (Low, Medium, Major, Critical). Select a group of issues the filter will apply to.

Difference in issue results can be observed depending on the selected filter object scope and current system context.

Clarification:

  • Filter object scope - selected objects to be filtered out in the filter inventory tree:

  • System context - application context selection (i.e. All Systems or specific vCenter Server)

Filtering issues for the whole vCenter Server (including all child objects)

In case certain issues are filtered out for the whole vCenter Server, those issues will not appear in the issue list for the context of this specific vCenter Server.

If issues are filtered out for all connected vCenter Servers (including all their child objects), then the issues will also disappear in the All Systems context.

Example:

Below is an example screenshot of filtering out one specific rule for whole vCenter Server system:

In this case, this issue will not appear any more in the context of this particular vCenter Server but will still show up in the context of All System, as it’s not filtered for all vCenter Servers connected to Runecast Analyzer.

Below is an example screenshot of filtering out one specific rule for all vCenter Servers:

In this case, this issue will not appear any more in the context of any of the filtered out vCenter Server, neither in the All Systems context.

Filtering issues for subset of the vCenter Server objects

In case certain issues are filtered out for a subset of the vCenter Server objects, those issues will still appear in the issue list. However, the objects which are filtered out will not be taken into consideration and if the issue ends up with 0 affected objects it will be marked with status Pass (or Configured for some of the security profiles).

Example:

Below is an example screenshot of filtering out one specific rule for a subset of the vCenter Server objects:

Note that the vCenter Server is marked as Partially filtered. In this case, the issue still appears in the issue list, and only the selected object scope will be filtered out. If the issue ends up with 0 affected objects, it will be marked with status Pass (or Configured for some of the security profiles).

Click Update once finished. The filter is applied to all views.

Click Export/Import button on the top right corner of the Filters view to Export and Import all filters. Choose one of the following options:

  • Export Filters exports all filters in a downloadable .dat file. This function will not export the inventory objects specified in the filters. Once you import the filters, you would need to specify the objects this filter applies to.

  • Export Filters including objects exports all filters and objects they apply to in a downloadable .dat file. This function can be used in case you plan to import the filters to a Runecast Analyzer appliance that is connected to the exact same System.

  • Import Filters imports filters from a .dat file. Filters have an OFF status once imported.

    Note

    In the case where the .dat file contains inventory objects, they will be added to the filters only if the System object ID and other object IDs match.

Licenses

In this tab you can add and assign a valid license to your hosts. For more information – see Licensing Runecast Analyzer.

Update

Within this tab the update status of Runecast Analyzer is shown. It is divided into two parts, Application and Knowledge Definition.

  • Application (full appliance consisting of updates to the OS, component, application, and database definitions like KB, BP, SH, etc): The version of the Runecast appliance currently deployed is displayed. This view differs based on the online/offline update state of the appliance:

  • If the appliance has an internet connection (online) then the application will check if there are any updates available. It will display one of two states: Up to date or Update available. If the status is Update available, you can perform manually the update by accessing Runecast Console Interface (check Note) and navigate to the Update section. Otherwise Runecast Analyzer will automatically apply the updates during the night.

  • If the appliance doesn’t have an internet connection (offline) then the status You are offline is displayed together with a link to the Customer portal. When accessing the portal through an internet connected device, expanding the Offline updates provides access to an .ISO file. Download the file and attach it to you Runecast Analyzer vm. You can perform manually the update by accessing Runecast Console Interface and navigate to the Update section.

Note

To access the Runecast Console Interface open Runecast Analyzer VM console and press F1 key to login. Check section Runecast Console Interface for additional details.

  • Knowledge Definition (contains only data definition updates for knowledge such as KBs, BPs, SH, etc.): The last update release date is displayed. The view differs based on the online/offline state of the appliance:

  • If the appliance has an internet connection (online) then the application will check if there are any updates available. It will display one of the following two states: Up to date or Update now.

  • If the appliance doesn’t have internet connection (offline) then You are offline is displayed together with a link to the Customer portal. When accessing the portal through an internet connected device, expanding the Offline updates provides access to the .bin file. To perform an update, Download the file and then import it into the appliance using the Choose File button.

Note

AWS deployed Runecast Analyzer automatically checks and installs updates.

In case you need to update it manually, please login using SSH, and execute script:

/opt/runecast/scripts/rcupdate.sh

Online application and knowledge definition updates require access to https://updates.runecast.com. The default repository link is displayed below each one.

A custom repository can be configured for both application and knowledge definition updates. Click the wrench icon located on the right-hand side and add the Custom URL of the packages repository from where you would like to automatically download the new version. Ensure that all required files are available.

API Access tokens

Runecast Analyzer offers a full REST API for custom integration, configuration and reporting.

In order to use the API, an access token is required. The token can be generated in the graphical interface of the Runecast Analyzer or by sending a POST request to /api/v1/users/local/{username}/tokens

Once generated, the access token needs to be included in the Authorization header of each request. For example, to retrieve data about the vCenters registered in your Runecast appliance, you can use a call like:

curl -H "Authorization: your_token_here" -X GET <https://appliance_IP/rc2/api/v1/vcenters>

The API reference documentation can be accessed by clicking the Runecast API link.

Enterprise Console

The Enterprise Console feature activates a global dashboard that integrates results of all connected Analyzer instances. Check section EC Dashboard for additional details.