Runecast for Azure

In my last post I took a look at Runecast Analyzer and what it can help us with when it comes to AWS as well as Kubernetes environments. Today Runecast announced that in their new version 5.0 of Runecast Analyzer we can also connect to, and analyze, Azure environments!

Before we check out the Azure integration let's have a quick look at some of the improvements added to Runecast Analyzer since the last major release in December 2019. With version 4.0 the AWS integration came, before that Runecast analyzed vSphere and vSAN (added in 3.0) only.

  • In 4.1 there was a new hardening profile added for vSphere based on CIS (Jan 2020)
  • In 4.2 Best practices for SAP HANA on vSphere was added in addition to NIST compliance checks for VMware (Apr 2020)
  • Version 4.3 added the Enterprise Console and CIS compliance checks for AWS (Apr 2020)
  • 4.4 added some HCL customization capabilities (Jul 2020)
  • In version 4.5 we got the Kubernetes integration which I wrote about in this post (Sep 2020)
  • 4.6 added ISO27001 compliance checks (Nov 2020)
  • 4.7 added NSX-T integration (Nov 2020)
  • Although not a minor version, 4.7.5, added a ServiceNow integration (Feb 2021)

A lot of exciting stuff added to the product in just over one year! The full list of release notes can be found here

Now, let's check out today's shiny new feature

Azure connection

First, to set up the connection to Azure we need to create an App in our Azure Active Directory (AAD) that Runecast will connect to. We also need a client secret for that App and the App needs to get permissions for the subscription(s) we want to analyze, Read permissions is enough for Runecast.

The Runecast documentation describes the process of creating a App in AAD and assigning permissions.

Azure connection

With the connection in place we can go ahead and run an Analysis of our Azure environment. Note that in my beta version of 5.0 the objects analyzed are

  • Key Vaults
  • MySQL servers
  • Subscriptions
  • Postgres servers
  • Roles
  • SQL servers
  • SQL server databases
  • Storage accounts

Since the beta release I got my hands on they have added functionality for Virtual Machines, AKS, Disks, Azure AD and more so most of your environment in Azure should be covered.

Analysis checks

Note that the screenshots below are all from the beta release I've tested and may have changed in the initial 5.0 release.

In the initial version the available checks are the Best practices analysis and a Security Compliance check built from the Center for Internet Security (CIS) recommendations. The CIS benchmark can be fetched here

The All Issues view gives an overview over all our issues and best practice recommendations

Issues view

We can also get the issues by the different objects in the Inventory view

Inventory view

From the left menu we can also browse the different checks and get details on the different analysis that are enabled

Analysis view

All views have different filtering and sorting options which makes it easy to get the information you are looking for

Summary

I'm excited to see Azure added as an integration to Runecast Analyzer, and the way we now can analyze across vSphere, AWS, Azure and Kubernetes.

As of now, there's only the Runecast Best practice analysis and the CIS checks available, but I suspect that more compliance profiles will be added in the near future.

Thanks for reading and please reach out if you have any questions or comments.

This page was modified on March 31, 2021: Runecast Azure post