Intro to VirtualizationIntro to Virtualization

Phil GrimesPhil Grimes

Coach / MentorCoach / Mentor

Security ConsultantSecurity Consultant

What is a Virtual Machine?What is a Virtual Machine?● Computer within a computerComputer within a computer

● It's there, but it's notIt's there, but it's not

● Logically Logically lookslooks like physical machine like physical machine

Memory (RAM)Memory (RAM)

Ethernet ConnectionEthernet Connection

Storage (Hard disks)Storage (Hard disks)

Other components?Other components?

Level the Playing FieldLevel the Playing Field● Host operating system (host OS)Host operating system (host OS)

The operating system of the physical computer on The operating system of the physical computer on which the virtual machine was installed.which the virtual machine was installed.

● Guest operating system (guest OS)Guest operating system (guest OS)

The operating system running inside the virtual The operating system running inside the virtual machine.machine.

● SnapshotSnapshot

A snapshot is a copy of the virtual machine’s current A snapshot is a copy of the virtual machine’s current state.state.

Multiple snapshots can be saved to go back to at any Multiple snapshots can be saved to go back to at any given time.given time.

● ImageImage

The actual virtual machineThe actual virtual machine

VM AdvantagesVM Advantages

FlexibilityFlexibility● Travel back and forward in Travel back and forward in

virtual machine timevirtual machine time

● Run multiple operating Run multiple operating systems (OS) and applications systems (OS) and applications on one physical machine at on one physical machine at the same timethe same time

● Independent of hardware or Independent of hardware or software underneath the VMsoftware underneath the VM

● Run legacy applications Run legacy applications without having to changes without having to changes current OS settingscurrent OS settings

Scalability & PortabilityScalability & Portability

● Multiple VMs can reside Multiple VMs can reside on one physical on one physical machinemachine

● Easily transported from Easily transported from one machine to anotherone machine to another

CostCost● Less expensive than Less expensive than

buying multiple buying multiple machines (less machines (less hardware to purchase)hardware to purchase)

● Less power/electricity Less power/electricity than having more than having more physical machinesphysical machines

● Save time testing new Save time testing new software without it software without it affecting your current affecting your current configurationsconfigurations

VM DisadvantagesVM Disadvantages

Requirements are a mustRequirements are a must● Purpose of the Purpose of the

machinemachine

● How many users How many users will need to be will need to be accommodated accommodated (now and in the (now and in the future)future)

● Types of demands Types of demands users will be users will be placing on the placing on the machine (now and machine (now and in the future)in the future)

Performance, Resources, & Performance, Resources, & Failure (oh my!)Failure (oh my!)

● Performance might be Performance might be degraded if necessary degraded if necessary hardware has not been hardware has not been allocatedallocated

● Running VMs simultaneously Running VMs simultaneously requires more hardware requires more hardware resourcesresources

● Single point of failureSingle point of failure

If host machine fails, all VMs residing on If host machine fails, all VMs residing on that machine failthat machine fail

Tools of the GameTools of the Game

● Many tools exist to create Many tools exist to create and run virtual machines, and run virtual machines, however, CyberPatriot VI will however, CyberPatriot VI will use Vmwareuse Vmware

● VMware playerVMware player

A free product that will allow you to run A free product that will allow you to run virtual images on your computervirtual images on your computer

http://www.vmware.com/products/player/http://www.vmware.com/products/player/

How to Get VMWareHow to Get VMWare

To obtain a copy of the VMware player software, To obtain a copy of the VMware player software, follow these steps:follow these steps:

1. Open a web browser and type www.vmware.com/products/player/ into 1. Open a web browser and type www.vmware.com/products/player/ into the location bar.the location bar.

2. Click on the “Download” button on the VMware Player home page.2. Click on the “Download” button on the VMware Player home page.

3. Scroll down and under ‘Product Downloads’ you will see “VMPlayer 3. Scroll down and under ‘Product Downloads’ you will see “VMPlayer x.x.x”.x.x.x”.

Click on the “Download” button. This will take you to a registration page.Click on the “Download” button. This will take you to a registration page.

How to Get VMWare (con't)How to Get VMWare (con't)Register for an account (if you have an existing Register for an account (if you have an existing

account, please login and go to step 11)account, please login and go to step 11)

4. You must register for a free VMware account with a valid email address 4. You must register for a free VMware account with a valid email address in order to download the VMware player software.in order to download the VMware player software.

5. After you register for a free VMware account, check your email for the 5. After you register for a free VMware account, check your email for the registration confirmation from VMware.registration confirmation from VMware.

6. Inside your registration confirmation from VMware there is a link to 6. Inside your registration confirmation from VMware there is a link to download VMware productsdownload VMware products

7. Click on the link or copy and paste the URL into a web browser.7. Click on the link or copy and paste the URL into a web browser.

How to Get VMWare (con't)How to Get VMWare (con't)

8. Enter your password for the account you created. A new 8. Enter your password for the account you created. A new account much be activated before downloading products.account much be activated before downloading products.

9. Once you have logged in you will be taken to another web page 9. Once you have logged in you will be taken to another web page asking you to “Access Your Email to Activate and Access Your asking you to “Access Your Email to Activate and Access Your Free Download.”Free Download.”

10. Go back to the email account you used to register for your 10. Go back to the email account you used to register for your VMware account and check for a message from “The VMware VMware account and check for a message from “The VMware Team”. Inside that message will be a link “Download VMware Team”. Inside that message will be a link “Download VMware Player”. Click on that link to go to the VMware Player Free Player”. Click on that link to go to the VMware Player Free Product Download page.Product Download page.

How to Get VMWare (con't)How to Get VMWare (con't)

Continue following these stepsContinue following these steps

11. Under the “Binaries” section look for “VMware Player for 32-bit and 64-bit 11. Under the “Binaries” section look for “VMware Player for 32-bit and 64-bit Windows” – this should be the first entry. Click on the “Start Download Windows” – this should be the first entry. Click on the “Start Download Manager” button to the right of the description.Manager” button to the right of the description.

How to Get VMWare (con't)How to Get VMWare (con't)Continue following these stepsContinue following these steps

12. You will be prompted to save the file and your VMware Player installer should 12. You will be prompted to save the file and your VMware Player installer should begin to download.begin to download.

13. Once the installer has finished downloading, double-click it to begin the 13. Once the installer has finished downloading, double-click it to begin the installation. installation.

14. Follow the instruction prompts to install VMware Player and be sure to reboot 14. Follow the instruction prompts to install VMware Player and be sure to reboot your system when prompted at the end of the installation.your system when prompted at the end of the installation.

NOTE: These instructions apply only to computers running a Windows operating NOTE: These instructions apply only to computers running a Windows operating system such as Vista, Windows 7, Windows XP, etc. If you are using a Linux-system such as Vista, Windows 7, Windows XP, etc. If you are using a Linux-based system you will need a different version of the VMware software. If you based system you will need a different version of the VMware software. If you are using a Macintosh you will need additional software, such as Fusion, as are using a Macintosh you will need additional software, such as Fusion, as there is no VMware Player software available for Macintosh systems. These there is no VMware Player software available for Macintosh systems. These instructions also assume there are no VMware products already installed on instructions also assume there are no VMware products already installed on the system you are using.the system you are using.

VMWare ImageVMWare ImageWhen you create or download a VMware image you may notice there are When you create or download a VMware image you may notice there are

several files associated with that image. DO NOT make any changes to several files associated with that image. DO NOT make any changes to these files unless specifically instructed to do so. Modifying these files these files unless specifically instructed to do so. Modifying these files can severely impact the performance of your virtual image and may can severely impact the performance of your virtual image and may render it inoperable.render it inoperable.

Some of the file types you will see associated with a VMware image areSome of the file types you will see associated with a VMware image are

● *.vmdk:*.vmdk:

Simulated hard drive for your virtual system. There may be one or more of these Simulated hard drive for your virtual system. There may be one or more of these files associated with your virtual image as VMware allows you to split a single files associated with your virtual image as VMware allows you to split a single virtual disk into multiple 2GB files.virtual disk into multiple 2GB files.

● *.vmx:*.vmx:

These files contain details such as the type of hardware to simulate for the virtual These files contain details such as the type of hardware to simulate for the virtual system, the amount of memory to allow the virtual machine to use, and so on.system, the amount of memory to allow the virtual machine to use, and so on.

● *.nvram:*.nvram:

This file stores the state of the virtual machine's BIOS.This file stores the state of the virtual machine's BIOS.

VMWare Image (con't)VMWare Image (con't)● CyberPatriot training and competitions require downloading of CyberPatriot training and competitions require downloading of

VMware images.VMware images.

It is extremely important that you verify you have a “clean” download. It is extremely important that you verify you have a “clean” download.

You may do this by matching the checksum of the file you downloaded with the checksum You may do this by matching the checksum of the file you downloaded with the checksum displayed on the web page where you downloaded the CyberPatriot image. displayed on the web page where you downloaded the CyberPatriot image.

A checksum is a mathematical calculation based on the data contained in a file – matching A checksum is a mathematical calculation based on the data contained in a file – matching checksums allows you to determine if a file has been corrupted or modified from its checksums allows you to determine if a file has been corrupted or modified from its original state. If the checksum of the file you downloaded does not match the checksum original state. If the checksum of the file you downloaded does not match the checksum displayed on the web page where you downloaded the file you must download the image displayed on the web page where you downloaded the file you must download the image again.again.

● VMware also hosts a Virtual Appliance Marketplace at VMware also hosts a Virtual Appliance Marketplace at http://www.vmware.com/appliances/.http://www.vmware.com/appliances/.

Over 1,000 pre-built VMware images containing everything from different operating systems Over 1,000 pre-built VMware images containing everything from different operating systems to demonstrations of security and network management products are available to to demonstrations of security and network management products are available to download.download.

CyberPatriot is in no way affiliated with the Virtual Application Marketplace or any of the CyberPatriot is in no way affiliated with the Virtual Application Marketplace or any of the content made available through the marketplace. Users download and use the virtual content made available through the marketplace. Users download and use the virtual appliances at their own risk.appliances at their own risk.

Using VMWare PlayerUsing VMWare Player

Open VMWare ImageOpen VMWare Image

Start the Player Start the Player Start->VMware->VMware PlayerStart->VMware->VMware Player from your Windows Start menufrom your Windows Start menu

The dialog box will appear. Click The dialog box will appear. Click on “Open a Virtual Machine”.on “Open a Virtual Machine”.

To launch VMware Player and browse for a virtual To launch VMware Player and browse for a virtual image, follow these steps:image, follow these steps:

Open VMWare Image (con't)Open VMWare Image (con't)This will take you back to the main VMware Player This will take you back to the main VMware Player screen. Select the image name on the left, then click screen. Select the image name on the left, then click ‘Play virtual machine’‘Play virtual machine’

Open VMWare Image (con't)Open VMWare Image (con't)Browse to the directory where you’ve downloaded Browse to the directory where you’ve downloaded or unzipped a virtual image. Click to select the .vmx or unzipped a virtual image. Click to select the .vmx file associated with the virtual image you wish to file associated with the virtual image you wish to start and click the “Open” buttonstart and click the “Open” button

Open VMWare Image (con't)Open VMWare Image (con't)If this is the first time you’ve started the VMware image If this is the first time you’ve started the VMware image a dialog box (see below) will Appear. Select ‘I copied it’, a dialog box (see below) will Appear. Select ‘I copied it’, then Click ‘OK’ to continue.then Click ‘OK’ to continue.

Open VMWare Image (con't)Open VMWare Image (con't)The next screen you may see will a list removable devices The next screen you may see will a list removable devices that can be associated with and accessed by the virtual that can be associated with and accessed by the virtual image. Click “OK” to continue.image. Click “OK” to continue.

Open VMWare Image (con't)Open VMWare Image (con't)When the virtual image has finished booting, you will see a When the virtual image has finished booting, you will see a login screen or welcome screen just as you would on a login screen or welcome screen just as you would on a physical computer loaded with the same operating system physical computer loaded with the same operating system that is running inside your virtual image. For example, a that is running inside your virtual image. For example, a virtual image running Windows XP.virtual image running Windows XP.

HomeworkHomework

● Download VMware images Download VMware images from the CyberPatriot websitefrom the CyberPatriot website

Windows XP workstationWindows XP workstation

Windows 2003 serverWindows 2003 server

Independent StudyIndependent Study● Suggested components to researchSuggested components to research

Windows RegistryWindows Registry XP based Windows Recovery ConsoleXP based Windows Recovery Console

XP based System RestoreXP based System Restore Vista and 7 based Restore GuideVista and 7 based Restore Guide

Windows XP workstationWindows XP workstation Windows 2003 serverbased Restore GuideWindows 2003 serverbased Restore Guide

SVCHOST.EXESVCHOST.EXE Hiding filesHiding files

Windows ForensicsWindows Forensics XP FirewallXP Firewall

Vista/7 God ModeVista/7 God Mode Safe ModeSafe Mode

Automatic UpdatesAutomatic Updates Program Startup LocationsProgram Startup Locations

SysinternalsSysinternals

Q & A // DiscussionsQ & A // Discussions