No items found.

Runecast 4.0 provides new AWS insights & capabilities

December 2, 2019

Runecast made its name by providing the most benefits and enhanced ROI for VMware-based environments. Now, to support companies on their path to hybrid cloud migration, we’re adding Amazon Web Services (AWS) analysis for helping IT teams to address issues that can arise. In terms of security, Runecast operates fully on-premises, with no data shared outside the environment.

Situation: Complexity

AWS has taken the customer focus seriously – adding new features, services, and pricing models as demanded – which has led to a situation of both overlap and volume that can be quite confusing to IT architects, which is not an ideal situation for ensuring security.

Comprising over 165 services, AWS addresses nearly every area of IT, including computing, storage, networking, databases, analytics, application services, deployment, management, mobile, developer tools, and tools for the Internet of Things (IoT). It is likely that the top 12-15 Amazon Web Services are used by nearly all of the AWS community. As these primary services and others come with so many different pricing parameters, it can also be rather difficult to see the total cost of ownership (TCO) and plan ahead financially.

With AWS adoption comes a complex new level of configurations, storage expansion, and other chances where AWS-related issues can devolve into downtime. AWS users often don’t have control of the way that the provider is managing the environment and have no way to know how this is happening. In some cases, downtime is not the only detriment, as misconfigurations can lead to low performance and higher costs even in an uptime scenario.

Whereas complying with common security guidelines is important for almost every VMware environment, securing your AWS infrastructure becomes essential with AWS being an ever-growing target for cyber-criminality. Despite Amazon doing a lot for security from the AWS side, admins can be overwhelmed at trying to secure the AWS infrastructure on their own end.

Some AWS-related security breaches have become well known, such as the Magecart attacks that compromised over 17,000 domains due to unprotected AWS S3 buckets. However, some of the following were caused simply by configuration errors:

Regarding the Imperva breach, here is a summary of the series of events that led to it (via ZDnet):

Imperva said it experienced a period of business growth in 2017.
As a result, the company began adopting cloud technologies to scale its business and infrastructure.
Imperva decided to evaluate AWS' Relational Database Service (RDS) to scale its user database.
The company uploaded a snapshot of its customer database to a test AWS RDS instance.
But in an unrelated incident, the company left an internal system accessible from the internet.
This internal system stored a copy of the company's AWS API key.
A hacker found this server, described as a "compute instance," and stole the API key.
The hacker used the AWS API key to access Imperva's cloud infrastructure, where he found the AWS RDS service the company used for testing.

Note: Additionally, AWS itself can be the source of mission-critical issues. In 2017, an AWS engineer mistyped a command that caused many websites to go down for several hours, prompting a loss of over $150 million (via DataCenterKnowledge). (Perhaps Amazon should be using Runecast internally as well.)

Solution: Runecast Analyzer 4.0

Your Navigator on the Journey to AWS

For admins migrating into known complexity, facing unknown complications, Runecast Analyzer is a friend on that journey, bringing attention to the issues that matter most to mission-critical IT operations. To help teams with a simpler transition to hybrid cloud services, specifically AWS, Runecast has wrapped the complexity of the AWS environment into its VMware-proven analysis methodology. That is, Runecast Analyzer enables admins to fully understand their environments. As a hybrid cloud solution, Runecast not only shows you what is happening in the cloud but as well provides deep insights into what is happening on-premises.

Secure, Strictly On-Premises Hybrid-Cloud Analysis

To help teams secure their AWS infrastructure, Runecast has built upon its industry-leading on-premises VMware solution. Runecast Analyzer not only checks for misconfigurations but as well aligns AWS operations with checks against Best Practices and security PCI-DSS. Runecast runs completely on-prem, so sensitive data remains in your secure environment.

Immediate Value for Your Team

Connect Runecast Analyzer via AWS API and it’s ready to go. As Runecast Analyzer helps teams to stabilize performance and security compliance, its ROI extends beyond itself to ensure greater ROI also for VMware and AWS investments. Runecast helps IT admins leverage – and secure – existing or future investments into VMware and AWS. Runecast Analyzer automatically evaluates issues within these platforms so that admins can address them proactively before they can lead to costly outcomes. This results in reduced costs, simplified operations, greater availability... and more time to innovate.

Runecast Analyzer seamlessly integrates within your familiar VMware management tools to identify when combinations of components in your data center stack are vulnerable.

The Runecast solution for hybrid cloud covers on-premises VMware + public cloud AWS, as well as VMware Cloud on AWS. Here are applicable AWS areas where Runecast Analyzer brings greater value and stability (definitions provided by AWS):

AWS Identity and Access Management (IAM) enables you to manage access to Amazon Web Services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.
Amazon Elastic Compute Cloud (EC2) provides scalable computing capacity in the Amazon Web Services (AWS) cloud. ... You can use Amazon EC2 to launch as many or as few virtual servers as you need, configure security and networking, and manage storage.
Amazon Virtual Private Cloud (VPC) enables you to launch AWS resources into a virtual network that you've defined. This virtual network closely resembles a traditional network that you'd operate in your own data center, with the benefits of using the scalable infrastructure of AWS.
Amazon Simple Storage Service (S3) is storage for the Internet. It is designed to make web-scale computing easier for developers. Amazon S3 has a simple web services interface that you can use to store and retrieve any amount of data, at any time, from anywhere on the web.