Information security and technology professionals always seem to need two things: more hard drive space to store their data, and more systems on which they can install their operating systems and applications. Ask the typical geeky technology professional how many computers he has, and he'll probably give you a number between 5 and 10. Why so many? Because testing operating systems, configurations, and applications takes hardware, at least until the birth of the virtual machine (VM).
Currently, the VM field has only three main players: Microsoft, Sun, and VMware. Of these three, VMware has been at it the longest and appears to have the most mature product line. While some might debate this statement, the fact is that VMware has the largest user base, as well as one feature that no one else has—browser-based VM consoles. Yes, you really can view and control a virtual machine through Firefox. However, we are getting ahead of ourselves.
The purpose of this two-part series is to provide a guide to creating your own virtual lab for only the cost of the hardware (the software has been released without a price tag). For about $500 and a few hours of your time, you can have the "ultimate virtual lab."
Why Virtual, and Why ESXi?
Home computer labs are hardly new. Since the personal computer was released, people have been building small test environments. The physical lab had its time, but the requirements of the lab have evolved along with technology. Let's look at a few reasons why virtualization makes sense now.
In the 20th century, a lab needed to include only a handful of mainstream operating systems. As a result, it was relatively easy to slap together a few spare systems from extra parts lying around and create a half-decent network. Fast-forward to the end of this decade, when we not only have roughly 10 different Microsoft operating systems, but each of those also has service packs. Add to that the huge number of Linux-based operating systems and special "appliances," and consider the number of PCs/hard drives you'd need to keep up to date with current trends.
If the physical magnitude of such a lab wouldn't be enough to drive your spousal unit over the edge, think about the electric bill associated with running such a large number of systems. While this bill would fluctuate depending on how many systems are left running (or plugged in—even if it isn't turned on, a system still draws power), the costs will range from $100–500 per year per computer. The amount depends on what kind of hardware is in the computer and what it's doing, but the simple fact is this: The more computers you have, the more juice they'll use.
Virtual machines help eliminate both the physical and electrical overhead of a lab. Instead of a bunch of systems sitting on a table/shelf, you can have just one. One monitor, one keyboard, one hard drive, one mouse, one network card. That's all you need. The benefits are obvious from a tangible point of view, but what about the overhead resources? Well, depending on the virtual software, your power resources relating to processor and RAM are highly managed to ensure that the active virtual machines are getting the most resources. If the lab isn't in use, you only have to power one computer, instead of five. In addition, with the majority of virtualization solutions, "hardware" can be added with a few clicks of a mouse. If your OS needs more RAM or an extra network connection, simply adjust the settings and reboot the virtual machine.
One other big advantage of virtualization is that the "machine" simply consists of data. As a result, it's easy to create an image of each Windows operating system, at each major service pack level, and store it until needed. While this setup might take a bit of space, the costs of data storage are constantly dropping. At the time of writing this article, an external one-terabyte (1TB) drive cost as little as $179. Another added benefit of virtual machine data files is that they can be backed up easily—try managing a backup solution that effectively handles numerous machines that may or may not be powered on, and the beauty of the "computer in a file" concept becomes quite clear!
So, virtualization should seem like a good idea for anyone who's looking to build a lab at this point. The next question is, what solution should you use as the foundation? We recommend the VMware ESXi solution—and here's why.
VMware has evolved a lot over the years. The flagship product was the VMware Workstation, which provided a local environment into which a wide number of operating systems could be loaded. While this is a great "for sale" product, it sits on top of an existing operating system, which means that its potential is limited because the host system has to support both the installed operating system/applications and the virtual machines.
Building on the success of the Workstation, VMware has released a collection of products that meet a wide range of needs. VMware Player is a freely available application that will only load a virtual machine, with little in the way of added features. VMware Server, also free, is actually a legacy server-based product that provides a more powerful environment than the VMware Player, but still runs inside a host operating system.
This brings us to the ESX family of products. There are two options, ESX and ESXi, with the latter being free. Both of these products are installed into a barebones machine, which means that more resources can be allocated to the virtual machines that are managed by the ESX server through a central management console. In addition, ESX provides the user with the ability to create resource pools that can be used to help manage RAM and processor usage collectively, instead of per physical machine. Compound this with the ability to connect to remote Network File System (NFS) storage locations, and you can see that ESX makes for a great scalable solution that can be used for small office virtualization needs or a virtual lab.
For most people, there's little difference between the ESX and ESXi software solutions. Items like a remote console to the server, client application capabilities, backups, a few low-level networking features, and patch management are only supported in ESX Server; however, as we'll illustrate shortly, several of these limitations are easy to supplement or add back in.
Finally, one of the biggest benefits of using VMware ESXi, as compared to any of VMware's other freely available products, is the power of the Snapshot, a tool included with ESXi that allows the user to create a restore point to which the system can return if something goes wrong. This capability is great for a number of purposes, include malware testing, exploit development, and application and configuration testing. Thanks to the ability to reset the clock, anything that was changed from the point when the snapshot was taken will be erased.
The following sites outline the differences between ESX and ESXi: