So, VMware have a proactive support product called Skyline. You install an appliance, the Skyline Collector, in to your environment then point it at your vCenter server(s). From there, the collector monitors your environment and uploads the details to the VMware Cloud for analysis. The results are then presented to you in a portal.
Skyline is currently on release 220.127.116.11. The portal, sadly, is not a version 2 release. Whilst it does give a reasonable overview, it doesn’t quite function as I’d expect. If you apply any filters (for example, ‘Critical’ findings for ‘Compute’), click on a finding, then click the back button on the web page, the filters are removed. A minor thing, for sure, but frustrating anyway.
The ‘Date Found’ field seems to simply show the date that it was last found rather than first found. So, if you have a lot of findings (as above) and the number increases there appears to be no real way of working out what is new.
The overview page doesn’t scroll past the first 15 findings, so you have to apply filters to see all the data. This may be OK in an environment with less than 15 findings, but after that you have to remember when each finding was made – there’s no obvious way to see this – so you can tell what is a new finding.
If you click on a risk, you’re presented with the details of that risk and the assets which are affected.
This provides a summary of the risk, advises which product version remove that risk, and knowledgebase links for further details. This is very useful indeed, so you can assess the impact of the risk, and scope the work required to resolve it.
However, if you have many assets affected by the risk, it doesn’t seem possible to find out what all of those assets are. The “Affected Objects” table only lists the first 10 or so assets. You can search the list, but that’s not very helpful in environments which many similarly named assets.
The Skyline homepage states:
Proactive Support with VMware Skyline is aligned with Global Services offerings and is available at no additional cost to customers who have an active Production Support or Premier Services contract.
For some reason, it appears that many customers are not aware of what this means as there are repeated postings on the Skyline forum asking how much it costs to use Skyline.
Support appears to be provided by way of posting to the forum in the main part, and the result being told something has been fixed and you need to wait 48 hours for the update to filter through.
The 48 hour thing is a frustration. If you resolve any finding, it takes 48 hours for this to be reflected in the portal. If you add hosts this takes 48 hours to be reflected in the portal. Remove hosts, 48 hours. And so on. When you check the collector it always appears to be doing something. It would be interesting to understand the reason that everything takes 48 hours. Even changes that VMware staff make to your account take 48 hours to filter through to the portal.
You can upload logs from your environment directly from Skyline and associate those logs with an open incident you’ve raised with VMware. I’ve tried this once, and it didn’t work. I haven’t yet had chance to investigate the cause of this, but suspect it’s a missing firewall rule on my side. The error message was just along the line of “Log upload failed” with no further information, or any mention of when to look for additional detail. This is something which requires further investigation when I have time.
There was one thread on the forum which caught my eye – Someone used to have findings in their portal, but they have disappeared without them doing anything to their environment. The response wasn’t really what I’d expect to read.
Different levels of rules or run on customer environments based on their Support contract. […] A few of the finding which needs additional validation like Guest OS patch level are displayed only to VMware Technical Support so that they can be validated before sharing recommendations.
Surely the fact you have a support contract with VMware should be good enough for them to let you know your environment is at risk?
Overall, Skyline 18.104.22.168 is a nice idea for a product but is not quite a version 2 release. It will be interesting to see what version 2.x/3.x bring.