As I mentioned in my recent newsletter, I am going to get Runecast working in my lab. I heard from others how cool it is, and while I knew that, I did not put the priority on it. Now I am. So join me while I deploy, and configure Runecast. We will make it work, and make sure it can scan successfully and that will be the end of this article. We will explore things in another article.
Things to have ready
You should have a few things ready:
- Bits – you can download the trial, or the real bits (an OVA file) at this link. Which are the same but the license makes them work different (a little).
- The release notes and docs are available in the same portal as the bits.
- Service account that Runecast can use to talk to vCenter. It can be read only, but if you want more info it should have more rights and they list them in the User Guide – in fact they tell you what else you need and why, which is quite nice. I am going to use a domain user account with admin vCenter rights to make it easy.
- License – you also get this file in the same portal as docs and bits.
- You should have ready the FQDN, and IP info. It is a good habit to have it defined in DNS already.
- During the deploy you will get to choose Small, Medium, or Large. Be aware that the resources will be large if you select large.
Be aware that if you are doing a trial that you do not get access to all the info that you would as a licensed user (for example, none of the device specific info from ESXi hosts – like driver and firmware).
While you deploy – it is an OVA file so pretty easy, I notice that they have the wonderful extra config that includes:
keyboard.typematicMinDelay = 2000000
In case you wonder, if you are working at distance, with latency, and you are working in a VM console you can have some issues typing, and that command above fixes it.
You will need the IP and FQDN info as part of deploy.
The deploy process is like all the other OVA deploys you did. In my case it did not power up so I manually took care of that.
Configuration – basic
After the OVA is deployed, and booted you can check the VM Summary screen to make sure you see the right IP and DNS info. Then check the console to see the URL to the app, as well as the admin UI. We need to do a few thing in the admin UI.
So we access the VAMI (admin UI) which is at:
And we see something similar to us.
We can log in using the account rcadmin and password of admin.
We want to change the timezone to our local one.
So we make the change and use the Save Settings button to make it last.
We are done now, and can log out, but I had hoped, expected, to be able to change the password of the rcadmin, and define some NTP servers. We will see if that works elsewhere.
Configuration – inside the UI
We now want to work inside the app so we access the application UI:
And we see the main login screen.
We can log in using the default credentials of rcuser with passworrd of Runecast! As this is our first time logging in, and we have no vCenter connection we are prompted to make one.
We use the Settings button we see in the screenshot above to continue.
Now we see an Add vCenter button and use it.
If it works for you, you will see something like below. I found that if it doesn’t work, it gives good error messages!
Now we wish to schedule the scan of vC, so use the Automatic Scheduler button – which you can see above in the screenshot.
You can see below how I have selected automatic, and daily at 23:45.
Some of you may not want to scan that often, but I want to know of issues sooner, particularly security related issues.
Now lets add our license. Use the License button – again you can see it above. You use the Add License button and select the license file.
After you load the license file you will see a screen like below.
You will move your vCenter and hosts to the Licensed hosts box. You may be able to move all or only some depending on your license. You can use the double >> to all of your hosts at once.
Once you select the orange Assign License button you will see something like below – and be licensed!
If you leave settings, you can get back to it by selecting the gear icon in the top right corner.
Now we are going to change the password to the rcuser account. Lets select the User Profile button on the Settings bar.
You can see the gear icon above we will use to edit the password.
Changing the password was a bit harder than I expected. It always said my passwords did not match. Of course, what makes me smile is I copy and pasted the password. Turns out the issue was I had a special character in the password. So use only numbers, letters, upper case letters, and punctuation.
Now, I want to add Runecast to my vSphere Web Client. Lets do that before we do an analyze.
So back into Settings if you left, and on the vCenter Connection screen you can see an Edit button. Select it.
Once you select the Install Plugin button you see a different and bigger screen.
We will be using the big orange button. But I do like how they have a PowerCLI script too. A few moments after we hit the Install button we should see success.
We have some extra steps to do now to make it work. Now select API Access tokens in the orange bar.
Now use the orange Generate button. Provide a description.
Once you hit the Generate button you will see a new access token in a green bar, make sure to copy it to Notepad or somewhere safe. We will need to use it. Once you have done that select I understand. After you select it you will see something like below.
Now, log into the vSphere Web Client. If it is open, log out, and then log back in. Once back in, navigate to Administration > Runecast > Settings.
Now add your RuneCast FQDN, and paste the API access token. Once filled in you will see a green bar.
Use the Save Settings button, and then use the Go To Main View link.
You cannot see much, since no scan has been done, but we know the config is good. Or at least it seems good.
One more thing to do before our first scan. We need to configure log collection. If we are already forwarding logs to our Log Insight server – like I am, that is no problem as ESXi can handle several log destinations.
Back into Settings, then change to the Log Analysis tab.
I like the default config of only saving 30 days of logs. If we had to, we could use the Edit button to tweak the settings. Now expand the vC, seen above as Lefroy.
Note the little wrench seen above and with the red arrows? We use that to enable the log forwarding to Runecast. We are not going to have the VM logs forwarded to Runecast yet as I am not sure if I need that.
Lets hit the wrench for the hosts.
Now we should ignore the hint at the bottom of the screen. It confused me. Checkbox each of the hosts and hit Configure.
After you hit OK, and a few moments later it looks green.
Now, since I am careful, and maybe a tiny little bit paranoid, I will go visit Log Insight and make sure my host are still sending to it. And they do appear to be so that is good.
Our First Scan
We do not have to wait for the scheduled scan, but lets do a manual scan to make sure things work! From the Dashboard, and in the top right hit that big orange Analyze now button.
It will take a bit of time. Maybe 2 minutes.
So it doesn’t look too good for me. 5 critical issues, and 24 major. Wow. But things are working.
This is now the end of the this deploy and configure article and I will do one soon looking at what was found.
=== END ===