Using VMware VCenter Lab Manager in ...

Using VMware VCenter Lab Manager in Undergraduate Education for System Administration and Network Security Xinli Wang

Guy C. Hembroff

Rick Yedica

School of Technology Michigan Technological University 1400 Townsend Dr. Houghton, MI 49931, USA

School of Technology Michigan Technological University 1400 Townsend Dr. Houghton, MI 49931, USA

Camera Corner Connecting Point 529 N. Monroe Ave. Green Bay, WI 54305-0248, USA

[email protected]

[email protected]

[email protected]

ABSTRACT

Keywords

We have developed and managed a virtual laboratory environment by deploying the VMware vCenter Lab Manager and the VMware vSphere vCenter on a load-balanced cluster of eight ESX 3.5 servers and a storage area network of 10.8 Tera bytes. This system has been in use to conduct handson laboratory experiments in undergraduate education for computer security and system administration. Lab Manager provides remote access through the Internet using a common Web browser, such as Internet Explorer and Mozilla Firefox. The way in which the Lab Manager manages and controls virtual machines and networking components provides additional convenience for instructors to implement laboratory exercises and for students to finish their experiments. In this article, we present the design of the system, introduce some of the features of the virtual environment, and discuss the experiences we have gained from developing and using this system. Compared with other existing virtualization platforms, Lab Manager provides more useful features and additional flexibility for the use in the education for information technology (IT), although there is still room to improve.

virtualization, Lab Manager, hands-on, laboratory experiments, education, system administration

1.

INTRODUCTION

Virtualization technologies have been widely used in IT education to conduct laboratory experiments. These handson activities are desirable for students to gain a better, indepth understanding of fundamental principles and basic concepts presented in class lectures for the courses of operating systems, network engineering, system administration, computer security and others [24, 9, 19, 20, 25]. Software products for virtualization include Virtual PC and HyperV from Microsoft, Xen [5, 54], VMware Workstation, and VMware Server [50]. Benchmark testing and comparisons between different virtualization techniques have shown their performance and limitations [24, 2, 26]. With the advancement of technology in virtualization, new developments will be released and ready to be deployed. VMware vCenter Lab Manager (LM) is a relatively new product from VMware Inc. [51]. It provides a portal from where end users can access VMware virtual machines and manage related resources through a regular Web browser, such as Internet Explorer and Mozilla Firefox, with proper plug-ins and add-ons. At the Computer and Network System Administration program (CNSA) of the School of Technology at Michigan Technological University [12], we have developed a virtual laboratory environment using LM as the access and management interface. It is used to conduct hands-on exercises for the courses of system administration (Unix/Linux and Microsoft Windows), network security engineering, database management, directory service and senior project design for three academic semesters. In the past, VMware Workstation and VMware Server were employed for virtualization platforms. Since our enrollment had increased significantly in recent years, the old facility was too slow for us to conduct the hands-on experiments. In addition, the school’s security policy does not allow students to access laboratory computers remotely. Problems of mobility and manageability [46, 42, 41] were difficult to tolerate in our teaching practices. We purchased a cluster of eight servers in 2008. Lab Manager version 3.0.1 and VMware ESX version 3.5 were installed to establish a virtualization laboratory. VMware ESX and Lab Manager were chosen because of the performance gained when many virtual machines were consolidated onto a single host (the LM)

Categories and Subject Descriptors K.3.2 [Computers and Education]: Computer and Information Science Education—Computer science education, Information systems education; K.6.4 [Management of Computing and Information Systems]: System Management

General Terms Experimentation, Performance, Management, Reliability

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. SIGITE’10, October 7–9, 2010, Midland, Michigan, USA. Copyright 2010 ACM 978-1-4503-0343-9/10/10 ...$10.00.

43

versus a VMware Workstation environment. The consolidation makes the entire environment accessible at any time from anywhere with an Internet connection. Currently, Lab Manager has been upgraded to version 4. This system has been maintained and supported by our program with student assistants. Although a number of studies have been reported in the literature on the use of virtualization technologies in computing education, few publications have been seen on the utilization of LM. Since Lab Manager provides Web access to virtual machines on a remote server or servers, it provides benefit to users with 24/7 remote access. Other features provided by LM, such as the way it manages and organizes virtual machines and relevant resources, make the laboratory design and implementation less complex. In this article, we discuss our experiences and lessons with the use of LM in undergraduate education for computer security and system administration. In the rest of this paper, we briefly summarize the related work first. System design is described in Section 3. The virtual environment provided by the system is introduced in Section 4. Then we discuss the experiences with this laboratory environment and the lessons we learned in developing and using it in Section 5. Finally we conclude this presentation in Section 6.

2.

venience for the students and instructors with such problems as low availability, degraded performance and hindrance in community outreach [30, 19, 41]. Shortly after the release of several virtualization products, researchers and educators exploited different techniques to create a virtual computing environment for system administration education. Begnum et al. [7] described the use of User-Mode Linux as a virtualization platform and My Linux Network as a virtualization administration tool to conduct hands-on experiments for the classes of computer networking and system administration in several universities. Vollrath and Jenkins [52] as well as Stockman et al. [46] developed a laboratory environment with centralized delivery of virtual machines using Virtual PC and VMware Workstation for virtualization platforms. Remote desktop protocol and SSH were employed for remote access to the virtual machines [45]. Yang [55] explained their findings of using Virtual PC technology to gain cost savings and flexibility of access to the laboratory in system administration education and described the project design in their teaching practice. To develop and deploy the Remote Laboratory Emulation System, Border [8] assembled four industry standard technologies. In that system, the VMware Workstation was used for running virtual machines. Remote Desktop, Microsoft Terminal Services and Remote Assistance were integrated to provide remote access for multiple users. Stackpole [41] discussed the successes and failures in the evolution of using virtualized laboratory environments for distance education. In order to leverage storage and computing resource utilization between local machines and a shared storage, Stackpole et al. [42] developed a decentralized virtualization environment. In this laboratory environment, VMware Workstation was used for the virtualization platform since it provided the linked-clone feature and offered the most guest operating system support. Virtual machines that were physically created were stored on local machines, while the virtual machines of linked-clones were stored in a shared storage. This design not only alleviates the work burden of the network significantly, but also improves the usability of and accessibility to the computer systems since the states of the virtual machines are stored in the shared storage and users can access their virtual machines remotely. Li [25] discussed the advantages and limitations of a decentralized design over a centralized system. More recently, Anderson et al. [5] presented the Xen Worlds project, which was designed to provide a virtualized laboratory environment for the Information Assurance program. The use of this virtualization environment in distance education was also discussed. Stewart et al. [44] studied different ways to leverage operating system virtualization and other similar techniques to create a virtual network environment consisting of dozens of nodes on moderately equipped hardware. A comprehensive evaluation study shows that the use of virtualization technology in computer networking, computer security and system administration education is positive [16]. Application of virtualization in education will most likely continue in the future. Service, usability, flexibility and accessibility will be improved with the release of new product and technology.

RELATED WORK

Virtualization technology was developed in the early 1960s at IBM [13], but its use in computing education started only in the early 2000s [29, 45, 33, 46, 9]. Recently, this technology has been widely deployed at colleges and universities for teaching IT courses with laboratory experiments in which students need administrative access to the computer systems. Gaspar et al. [19, 17, 20, 18] performed a comprehensive study on the application of virtualization technology in computing education and constructed a set of laboratory experiments for the courses of operating systems and computer security that were conducted on virtual machines. Du and Wang [15] present an elegant suite of instructional laboratory exercises for a computer security course using virtual machines. Li et al. [27, 28, 25, 26] compared different virtualization techniques and products that were in use and have built a set of interesting hands-on laboratories that are used for the course of intrusion detection techniques. Virtualization technology is widely employed to teach operating systems [14], computer architecture [16], computer security [36, 37], and computer networking [43]. Evaluation studies show a highly positive response to the use of this technology in computing education [15, 16, 41, 25]. Most likely, applications of virtualization techniques will be found in more fields in the near future when it is integrated in cloud computing systems [22, 10, 38, 6] and other computing infrastructures. Most of the courses in the areas of computer networking, computer and networking security, and system administration have a strong hands-on laboratory component which is designed to help students to practice with imitated production systems and anchor basic concepts and fundamental principles presented in class lectures. Prior to virtualization technology, an isolated environment of physical laboratory must be created for the purpose of laboratory experiments [31, 23, 53]. Insulating the laboratory environment from the outside world not only significantly increases the costs to build and maintain that environment, but also creates incon-

3.

SYSTEM DESIGN

The computing infrastructure of our system consists of three components: the Lab Manager Web Console, the Lab Manager server and the VMware vSphere (Fig 1). The

44

VMware vSphere is actually a load-balanced cluster with a storage area network (SAN) as the shared storage. The vCenter Server is the access point of the vSphere. This server functions as a load-balancer to manage and balance workload on VMware ESX servers. Virtual machines are held centrally on the SAN disks and run on the ESX servers.

cal University, these two types of networks are not separated in our system. Upon the installation of the system in 2008, the latest release was version 3.5 for VMware ESX and version 3.0.1 for Lab Manager. After one year, we upgraded LM to version 4 and updated Virtual Center 2.0 to vCenter 4.0. The planned upgrades in the summer of 2010 include vSphere (from version 4.0 to version 4.1) and Lab Manager (from version 4 to version 4.0.2). These upgrades will allow the use of distributed switches, which will provide more flexibility to the virtual machines running a static firewall application in the cluster. We are also anticipating a better performance due to upgraded kernel and updated VMware tools.

4.

LABORATORY ENVIRONMENT WITH VIRTUALIZATION

While creation of virtual machines is not very complicated in the virtualization environment, effective management of these virtual machines and relevant resources (including software applications and virtualized hardware components) is critical to build a virtualized laboratory. This is especially important in the use for education since the same environment is typically shared by multiple classes and a number of students are enrolled in each class. Lab Manager is designed to facilitate the implementation of laboratory experiments for multiple classes at the same time. The main features of this computing environment are discussed in this section.

4.1

Organization and configuration

In the system of LM, organizations and workspaces define the resources and users [49]. In our practice, an organization is created for each class in order to effectively and efficiently manage users and resources allocated to the class. The layout of an organization is schematically depicted in Figure 2. An organization can have one or more system administrators to administer application users and resources within this organization. Typically, the instructor who teaches this class is assigned the administrative role for this organization. The instructor can also assign a lab assistant the role of administrator. Each of the students in a class is granted an account in the corresponding organization with the role of application owner so that the students can create and configure virtual machines. Each organization can have one or more physical network templates. A physical network is constructed by defining its IP address range, subnet mask, gateway server and DNS server. This physical network is mapped to a virtual network interface card (NIC) on one or multiple servers in the cluster. A physical network functions as an Ethernet of a local area network (LAN) [51]. Within an organization, a user can create one or multiple configurations, which are actually containers of virtual machines. One or multiple virtual machines can be included in one configuration. A virtual link or virtual router connects a configuration to the physical network. A virtual machine running a SmoothWall firewall [39] is set up on each physical network that functions as both the gateway server and the firewall of the LAN. Organizations, SmoothWall firewalls associated with them and physical networks for each organization are created by the system administrator of LM at the beginning of each semester. When needed, the instructor can deploy multi-

Figure 1: The diagram of the system design with VMware vCenter and Lab Manager. The cluster consists of eight servers. Each has four processors of 2.83 GHz and an RAM of 32 GB. The SAN consists of 16 disks with a total capacity of 10.8 Tera bytes (TBs). Users access and manage virtual machines through the LM server using a Web browser over the Internet with HTTPs protocol. The Lab Manager server runs on Windows Server 2003 [47]. The ESX hosts, which provide memory and CPU resources to run virtual machines, are managed by LM through a vCenter Server and the LM agent installed on the hosts [48, 49]. The ESX servers run a VMware kernel with a Linux RHEL-based management shell to administer the hosts. For laboratory experiments, we run both Linux and Windows (servers and workstations) operating systems as guest operating systems. Volume licensing is applied to the guest operating systems. It is generally recommended to separate the networks associated with the LM and vSphere from operational networks to avoid interferences and unpredictable problems. If the networks associated with the LM and vSphere are set up separately for educational purposes, students can do whatever they want on those networks without interfering with the traffic on the operational networks. However, if these two types of networks are not separated, students may generate unexpected problems such as relaying spams and injecting worms (whether intentional or accidental). Due to limited network ports on the servers at Michigan Technologi-

45

a template with a guest OS loaded is much faster than from an empty template. This will save students the installation time at higher level classes. When a machine is created from a VM template, users have the options of full clone and linked-clone. A full clone operation is a physical copy of a VM template. It copies all of the virtual machine’s delta disks and its base disk and consolidates them into a new base disk, while the original base disk remains unchanged [49]. A linked-clone operation creates a delta disk, but the entire virtual hard disk is not created. This operation administers virtual machine proliferation by using referential provisioning, which stores new changes but refers back to a chain of delta disks. For each clone, the original delta disk is “frozen” and a new one is created by LM. Compared with a linked-clone, a full clone operation takes much longer. Typically, a full clone is not needed until a user really wants to consolidate the resource configuration of a virtual machine for a special purpose. For example, a full clone operation will be helpful when a user wants to dismantle the storage and move the configuration to a different server, or maximize the performance of a specific virtual machine. Linked-clones are typically employed in our teaching practice. In order to save network bandwidth and balance the use of shared and local storage, linked-clone operation can be employed to implement a decentralized virtualization environment [42, 25]. With linked-clones, we can easily create hundreds of virtual machines and let them run on the cluster at the same time. Virtual machines can also be created and added to a configuration by using other methods [49]. For example, a virtual machine can be created by cloning or copying an existing virtual machine. This will generate a virtual machine with exactly the same configuration as the original machine, including user accounts and IP settings. However, we typically require students to create new virtual machines from VM templates since students can start their machines with a clear configuration and status. When a virtual machine is created, either from an empty VM template or one with an OS installed, it functions like a physical computer. Installation of the guest operating system and other software products into a virtual machine is the same as into a physical computer, except that a user needs to identify and insert the CD containing the software from the media center instead of a physical CD.

Figure 2: The layout of an organization for a class.

ple physical networks to construct different subnet networks within an organization. IP address ranges are assigned to each class according to the number of students and the number of IP addresses needed by each student in order to conduct their laboratory experiments for this class.

4.2

Shared storage and media center

Storage in this infrastructure is centrally managed and load-balanced by LM though a vCenter Server as shown in Figure 1. The physical storage is divided into partitions for different purposes. One of the partitions is designated for media center, which is shared by all of the organizations. Images of operating systems (OSs), software applications and other software tools are stored in this location in the format of International Organization for Standardization (ISO). In order to save network bandwidth, instructors can download software products and store them in the media center. Students can install the software from there. Since the VMware virtual machines support ISO files only, data stored in the media center must be converted to ISO images before they can be accessed by the virtual machines. We consider it good practice to maintain a globally shared media center to save storage space and avoid redundancy of shared images. Compared with downloading software applications from the Internet directly, allowing students to install them from the media center also saves Internet bandwidth and improves performance significantly.

4.3

4.4

Isolation of virtual machines

It is necessary to isolate virtual machines run by a student from the computers on outside operational networks to conduct certain laboratory experiments. For example, an instructor wants to isolate the laboratory environment for the experiments of a network security engineering class since students are typically given administrative access to the machines. With the privileged access, students may cause damages to the computer systems on operational networks either intentionally or by accident [31, 23, 53, 1]. Isolation of virtual machines can be done at different levels in the management system of LM. As shown in Figure 2, a physical network in an organization is connected to the Internet through a software firewall, such as a SmoothWall firewall. To prevent virtual machines connected to this physical network from accessing the outside operational networks, the firewall can be configured to block certain types of packages. Furthermore, the virtual machine functioning as the firewall and gateway can be

Creation of virtual machines

Virtual machines are created by the students from a pool of VM templates (templates of virtual machines). A VM template defines the configuration of a virtual machine, including its hardware specification, guest operating system and network connection. Instructors can create an empty template for a guest operating system, which does not have an OS loaded. When a virtual machine is created from an empty template, the student needs to install the corresponding guest OS manually. This is desired for lower level system administration classes. A VM template can also have a guest operating system loaded. Creation of virtual machines from

46

turned off to completely cut off the Internet connectivity. In this case, virtual machines on the same physical network can communicate with each other through the LAN although they do not have Internet connections. If some software products are necessary to conduct laboratory experiments, the instructor can download and store them in the media center. Occasionally, we want each user to be isolated from others as well as the outside operational networks. For example, when we conduct a laboratory experiment to deploy, configure and test a Dynamic Host Configuration Protocol (DHCP) server, we want a student to have the access to his/her own DHCP server only. Technically, we can assign each student a physical network and then the student can work on his/her own LAN. In a large class, this will impose a significant workload on the instructor since each physical network must be associated with a configuration as well as virtual machines. Alternatively, the instructor can configure a fenced physical network and require students to deploy their virtual machines with the “Block In and Out” fencing mode to isolate the virtual machines of one student from those of others as shown in Figure 3. In this case, virtual machines within a configuration can communicate with each other through the fenced network. However, communications between machines associated with different configurations are blocked by the fenced network.

one configuration from those in other configurations on the same physical network. However, in order to take advantages of a fencing network, a user must include all of his/her virtual machines in one configuration, since fencing network blocks communications between configurations.

4.5

Assistance and demonstration

As a system administrator, the instructor can view students’ virtual machines at any time. When a student experiences a problem, the instructor can view the virtual machines and provide assistance both in class and remotely. This privileged access also provides an opportunity for the instructor to monitor the systems in the organization at anytime from anywhere. Upon receiving a request from a student, the instructor needs to know what is happening in the organization in order to solve the problem. The feature of remote access to the virtual machines can be employed for demonstration in the class. While teaching system administration classes, demonstration is helpful for students to learn how to conduct configuration tasks and see the consequent effects. Instructors can create a testbed within an organization. Virtual machines and network connections can be created in the testbed for the purpose of class demonstration.

5.

EXPERIENCE AND LESSON

The system was not very stable at the beginning due to a variety of issues, including implementation bugs in LM version 3.0.1 and the lack of user experience. At the end of the first semester we realized that it involved a learning curve for both faculty members and students to fully use and understand the features of the system. During the summer of 2009, we invited an engineer from VMware, Inc. to give faculty members a training tutorial. Faculty members were encouraged to learn how to use and maintain this system as well as different approaches to implement and manage laboratory experiments for a class. Currently, the system of LM version 4 is quite stable and reliable. Faculty members have gained the experience of using LM and learned the techniques to design and implement laboratory experiments based on this virtualization platform. Most of the students using LM for their laboratory exercises are generally appreciable of this system due to its remote accessibility, 24/7 availability, and satisfactory performance.

5.1

Maintenance

During the summer semester when no class is using the system, student assistants are hired to clean up the SAN disks and prepare the system for the next academic year. At the same time, upgrades and patches for LM and vSphere are also installed. The SAN disks are maintained to improve performance. Then organizations and physical networks are created for each class that will be taught in the following academic year. Images of OSs and software applications are loaded to the media center upon the request of faculty members. As a result, a relatively new environment is well prepared for the upcoming academic year. The maintenance is performed by student assistants under the direction of a faculty member. Due to the limitation of time, minimum maintenance is conducted during the winter break. The same environment with minimum changes is used for the spring semester.

Figure 3: Block In and Out fencing network A fencing physical network performs communications between virtual machines in different configurations by using a virtual router and bidirectional network address translation. When a configuration is deployed, a virtual router is added automatically connecting the configuration with the physical network. There are three fencing modes to choose from: 1) Allow In and Out, which is the same as a non-fencing network; 2) Allow Out, which allows outbound communications, but not the inbound; and 3) Block In and Out, which blocks both inbound and outbound communications. This feature is useful when we want to isolate virtual machines in

47

5.2

Creation of a virtual network

points and load-balancers, heavy workloads are imposed on them. Running them on the same machine will degrade performance of the system. In a new design, separate computers are recommended for both of the servers. For performance continuity, redundancy of both servers is needed. A backup for the whole system is highly recommended to maintain a continuous performance.

Beyond the physical network and fencing network, Lab Manager does not provide additional approaches to construct networks with different topologies. However, virtual networks of different topologies can always be created by a user for conducting a laboratory experiment.

6.

Figure 4: A virtual network layout Since multiple network interface cards can be added to a virtual machine, this machine can be connected to multiple subnet networks. In a network security engineering laboratory experiment we used OpenBSD [34] as a router to create a virtual network with the topology shown in Figure 4. This network design was used to perform a laboratory experiment on the configuration and test of Snort (an intrusion detection system) [40]. According to the requirement of an experiment, virtual networks of different topologies can be created within one configuration by a student or among multiple configurations by the cooperation of several students. The latter is typically seen in course project implementations. Building virtual networks of different topologies is especially useful in teaching network security engineering classes, since it is flexible and cost-free. With the background of network administration, virtual networks are created by the students themselves with minimum help from the instructor.

5.3

CONCLUSION AND DISCUSSION

We have developed a remotely accessible virtualization laboratory which has been used to conduct hands-on experiments in undergraduate education for computer security and system administration, with resort to the VMware vCenter Lab Manager. Virtual machines are held centrally on the SAN disks of 10.8 TB. They run on a load-balanced cluster of eight ESX servers. Guest operating systems run on VMware ESX hosts. The remote access feature and 24/7 availability offer more flexibility for the students to complete their experiments. The use of organizations and configurations in the LM management system provides a convenient approach for instructors to design and implement laboratory experiments for the classes they teach. Different levels of isolation mechanisms implemented in LM make it less complex to build local area networks and subnet networks of different sizes. With these built-in techniques, it is not complicated to isolate virtual machines in one configuration from those in others. It is also not very difficult to isolate virtual machines on one LAN from the outside operational networks. Although methods to explicitly build a wide area network (WAN) are not provided by LM, virtual networks of different topologies can be created with the help of operating systems that function as routers, such as OpenBSD operating systems [34] and SmoothWall firewalls [39]. Lab Manager provides a laboratory environment that can be easily isolated from the operational networks while providing 24/7 remote access from anywhere with Internet connections. This feature significantly simplifies the process to design and conduct hands-on experiments for teaching system administration and computer security courses. In general, this system is satisfactory in terms of performance, ease of maintenance and friendliness of the user interface. However, as a new product, it still requires a learning curve for both faculty members and students to be used to it. When there are too many machines running concurrently in the system, the performance may be remarkably degraded due to the heavy workload on the cluster. It is generally advised that the students should avoid using all of their machines at the same time. In addition, when the virtual machines are not in use, users should suspend them or turn them off to save the limited computation resource. The actual adoption of a system depends on many factors, such as funds, space, support and purpose of use [24, 3, 26]. By our experiences, the VMware vCenter Lab Manager is suitable for the use in education for system administration and network security engineering, especially when remote access is required such as in distance education [5, 11]. However, the established virtual environment will not be able to show students the features of real world products, such as wires, routers and switches, when it is used for teaching lower level network administration classes. Our future work will be to study on the educational effects of using LM. Survey questions will be made to collect data from students and faculty members for their comments on

Performance

The speed of the virtual machines is generally satisfactory, especially at the beginning of and during a semester. Since students can work on their laboratory experiments at any time, there are typically not many students using their virtual machines concurrently. However, at the end of a semester or near a project deadline, there may be many students working on their projects at the same time. Typically, students need to create more virtual machines and run them at the same time when they work on their term projects. At this time, the speed of the virtual machines can be noticeably slower than usual. Even worse, network communication and network connectivity could be lost while there are hundreds or thousands of virtual machines running concurrently. In this condition, the virtual machines may “freeze” periodically due to the heavy workload on the cluster. Therefore, we remind students of this situation and encourage them to finish their laboratory experiments and term projects at their earliest convenience to avoid the jam of the computation power requests. Technically, the Lab Manager server and vCenter Server can be run on both separate physical computers and virtual machines. Due to the budget limit, both servers run on regular virtual machines hosted on the cluster in the setup of our system. Since these servers function as both access

48

using LM in education. Although we have asked a number of students regarding the effectiveness and easiness of using LM in their education and the responses are positive, a formal survey has not been conducted due to the limitation of time. Qualitative and quantitative comparisons with other existing virtualization platforms, such as VMware Workstation, VMware Server [50], Xen [5, 54] and cloud computing systems [4, 21, 32, 35], will provide a good reference for others who will build a similar system for the use in education.

[10]

[11]

7.

ACKNOWLEDGMENTS

The authors would like to thank the two peer-reviewers. Their comments and suggestions improved the organization and technical soundness of this work. Jessica L. Bos at School of Technology at Michigan Technological University edited the language. Her edits polished the writing of this article remarkably.

8.

[12]

REFERENCES

[13]

[1] R. Abler, D. Contis, J. Grizzard, and H. Owen. Georgia Tech information security center hands-on network security laboratory. IEEE Transactions on Education, 49(1):82–87, 2006. [2] K. Adams and O. Agesen. A comparison of software and hardware techniques for x86 virtualization. In ASPLOS-XII: Proceedings of the 12th international conference on Architectural support for programming languages and operating systems, pages 2–13, New York, NY, USA, 2006. ACM. [3] P. B. Albee, L. A. Campbell, M. A. Murray, C. M. Tongen, and J. L. Wolfe. A student-managed networking laboratory. In SIGITE ’07: Proceedings of the 8th ACM SIGITE conference on Information technology education, pages 67–74, New York, NY, USA, 2007. ACM. [4] Amazon. Amazon Elastic Compute Cloud (Amazon EC2). Online, May 2010. http://aws.amazon.com/ec2/. Retrieved May 28, 2010. [5] B. R. Anderson, A. K. Joines, and T. E. Daniels. Xen worlds: leveraging virtualization in distance education. In ITiCSE ’09: Proceedings of the 14th annual ACM SIGCSE conference on Innovation and technology in computer science education, pages 293–297, New York, NY, USA, 2009. ACM. [6] P. Bala. Intensification of educational cloud computing and crisis of data security in public clouds. International Journal on Computer Science and Engineering, 2(3):741–745, 2010. [7] K. Begnum, K. Koymans, A. Krap, and J. Sechrest. Using virtual machines in system administration education. In Proceedings of 4th International System Administration and Network Engineering Conference (SANE’04), 2004. http://www.iu.hio.no/~kyrre/vmined.pdf. Retrieved February 5, 2010. [8] C. Border. The development and deployment of a multi-user, remote access virtualization system for networking, security, and system administration classes. ACM SIGCSE Bulletin, 39(1):576–580, 2007. [9] W. I. Bullers, Jr., S. Burd, and A. F. Seazzu. Virtual machines - an idea whose time has returned:

[14]

[15]

[16]

[17]

[18]

[19]

[20]

[21]

49

application to network, security, and database courses. In SIGCSE ’06: Proceedings of the 37th SIGCSE technical symposium on Computer science education, pages 102–106, New York, NY, USA, 2006. ACM. R. Buyya, C. S. Yeo, S. Venugopal, J. Broberg, and I. Brandic. Cloud computing and emerging it platforms: Vision, hype, and reality for delivering computing as the 5th utility. Future Generation Computer Systems, 25(6):599–616, 2009. T. Chen, W. Hu, and Q. Shi. Teaching reform of information security curriculum of distance learning. In Proceedings of the First International Workshop on Education Technology and Computer Science, volume 1, pages 185–189, Los Alamitos, CA, USA, 2009. IEEE Computer Society. CNSA. Computer Network and System Administration. Online, February 2010. https://cnsa-web.tech.mtu.edu/cnsa/. Retrieved February 28, 2010. R. J. Creasy. The origin of the vm/370 time-sharing system. IBM Journal of Research and Development, 25(5):483–490, 1981. D. Dobrilovic and Z. Stojanov. Using virtualization software in operating systems course. In Proceedings of International Conference on Information Technology: Research and Education, 2006. ITRE ’06, pages 222–226. IEEE, 2006. W. Du and R. Wang. SEED: A suite of instructional laboratories for computer security education. Journal on Educational Resources in Computing (JERIC), 8(1):1–24, 2008. S. Duignan and T. Hall. Using platform virtualization to teach system architectures in undergraduate computer science –An evaluation of student learning experiences. In M. Iskander, editor, Innovative Techniques in Instruction Technology, E-learning, E-assessment, and Education, pages 479–484. Springer, Netherlands, 2008. A. Gaspar, S. Langevin, W. Armitage, and M. Rideout. Enabling new pedagogies in operating systems and networking courses with state of the art open source kernel and virtualization technologies. Journal of Computing Sciences in Colleges, 23(5):189–198, 2008. A. Gaspar, S. Langevin, W. Armitage, R. Sekar, and T. Daniels. The role of virtualization in computing education. In SIGCSE ’08: Proceedings of the 39th SIGCSE technical symposium on Computer science education, pages 131–132, New York, NY, USA, 2008. ACM. A. Gaspar, S. Langevin, and W. D. Armitage. Virtualization technologies in the undergraduate it curriculum. IT Professional, 9(4):10–17, 2007. A. Gaspar, S. Langevin, W. D. Armitage, and M. Rideout. March of the (virtual) machines: past, present, and future milestones in the adoption of virtualization in computing education. Journal of Computing Sciences in Colleges, 23(5):123–132, 2008. Google. Google App Engine. Online, May 2010. http://code.google.com/appengine/. Retrieved May 28, 2010.

[22] B. Hayes. Cloud computing. Communications of the ACM, 51(7):9–11, 2008. [23] J. M. D. Hill, C. A. Carver, Jr., J. W. Humphries, and U. W. Pooch. Using an isolated network laboratory to teach advanced networks and security. ACM SIGCSE Bulletin, 33(1):36–40, 2001. [24] K. Lei and P. T. Rawles. Strategic decisions on technology selections for facilitating a network/systems laboratory using real options & total cost of ownership theories. In CITC4 ’03: Proceedings of the 4th conference on Information technology curriculum, pages 76–92, New York, NY, USA, 2003. ACM. [25] P. Li. Exploring virtual environments in a decentralized lab. ACM SIGITE Newsletter, 6(1):4–10, 2009. [26] P. Li. Selecting and using virtualization solutions: our experiences with VMware and VirtualBox. Journal of Computing Sciences in Colleges, 25(3):11–17, 2010. [27] P. Li and T. Mohammed. Integration of virtualization technology into network security laboratory. In Proceedings of the 38th Annual Frontiers in Education Conference (FIE 2008), pages 55–59, New York, NY, USA, 2008. IEEE. [28] P. Li, L. W. Toderick, and P. J. Lunsford. Experiencing virtual computing lab in information technology education. In SIGITE ’09: Proceedings of the 10th ACM conference on SIG-information technology education, pages 55–59, New York, NY, USA, 2009. ACM. [29] S. Liu, W. Marti, and W. Zhao. Virtual networking lab (VNL): its concepts and implementation. In Proceedings of the 2001 American Society for Engineering Education Annual Conference & Exposition. American Society for Engineering Education, 2001. http://citeseerx.ist.psu.edu/viewdoc/download? doi=10.1.1.64.5923&rep=rep1&type=pdf. Retrieved May 28, 2010. [30] P. Mateti. A laboratory-based course on Internet security. ACM SIGCSE Bulletin, 35(1):252–256, 2003. [31] J. Mayo and P. Kearns. A secure unrestricted advanced systems laboratory. In SIGCSE ’99: The proceedings of the thirtieth SIGCSE technical symposium on Computer science education, pages 165–169, New York, NY, USA, 1999. ACM. [32] Microsoft. Windows Azure Platform. Online, May 2010. http://www.microsoft.com/windowsazure/. Retrieved May 28, 2010. [33] Y. Nakagawa, H. Suda, M. Ukigai, and Y. Miida. An innovative hands-on laboratory for teaching a networking course. In Proceedings of the 33rd Annual ASEE/IEEE Frontiers in Education (FIE 2003), pages T2C–14–20. IEEE, November 2003. [34] OpenBSD. Openbsd home page. Online, March 2010. http://www.openbsd.org/, Retrieved March 28, 2010. [35] Oracle. Sun Utility Computing. Online, May 2010. http://www.sun.com/service/sungrid/. Retrieved May 28, 2010. [36] D. Schweitzer and J. Boleng. Designing web labs for teaching security concepts. Journal of Computing Sciences in Colleges, 25(2):39–45, 2009.

[37] D. Schweitzer and W. Brown. Using visualization to teach security. Journal of Computing Sciences in Colleges, 24(5):143–150, 2009. [38] J. K. Smith, J. P. Buerck, L. L. McDurmont, Jr., and P. G. Bagsby. Multidisciplinary informatics: a primer for course development. Journal of Computing Sciences in Colleges, 24(5):198–203, 2009. [39] SmoothWall. Smoothwall home page. Online, March 2010. http://www.smoothwall.org/, Retrieved March 28, 2010. [40] SNORT. Snort home page. Online, March 2010. http://www.snort.org/, Retrieved March 28, 2010. [41] B. Stackpole. The evolution of a virtualized laboratory environment. In SIGITE ’08: Proceedings of the 9th ACM SIGITE conference on Information technology education, pages 243–248, New York, NY, USA, 2008. ACM. [42] B. Stackpole, J. Koppe, T. Haskell, L. Guay, and Y. Pan. Decentralized virtualization in systems administration education. In SIGITE ’08: Proceedings of the 9th ACM SIGITE conference on Information technology education, pages 249–254, New York, NY, USA, 2008. ACM. [43] G. D. Steffen and H. I. Abu-Mulweh. Teaching local area networking in a secure virtual environment. Computer Applications in Engineering Education, pages 1–10, March 2009. http://www3.interscience. wiley.com/journal/122296084/abstract. Retrieved June 2, 2010. [44] K. E. Stewart, J. W. Humphries, and T. R. Andel. Developing a virtualization platform for courses in networking, systems administration and cyber security education. In SpringSim ’09: Proceedings of the 2009 Spring Simulation Multiconference, pages 1–7, San Diego, CA, USA, 2009. Society for Computer Simulation International. [45] M. Stockman. Creating remotely accessible ”virtual networks” on a single pc to teach computer networking and operating systems. In CITC4 ’03: Proceedings of the 4th conference on Information technology curriculum, pages 67–71, New York, NY, USA, 2003. ACM. [46] M. Stockman, J. Nyland, and W. Weed. Centrally-stored and delivered virtual machines in the networking/system administration lab. ACM SIGITE Newsletter, 2(2):4–6, 2005. [47] VMware. Lab Manager Installation and Upgrade Guide: vCenter Lab Manager 4.0. Online, January 2010. http://www.vmware.com/support/pubs/ labmanager_pubs.html. Retrieved May 28, 2010. [48] VMware. Lab Manager SOAP API Reference: vCenter Lab Manager 4.0. Online, January 2010. http://www.vmware.com/support/pubs/labmanager_ pubs.html. Retrieved May 28, 2010. [49] VMware. Lab Manager User’s Guide: vCenter Lab Manager 4.0. Online, January 2010. http://www. vmware.com/support/pubs/labmanager_pubs.html. Retrieved May 28, 2010. [50] VMware. VMware home page. Online, March 2010. http://www.vmware.com/. Retrieved March 2, 2010. [51] VMware. VMware vCenter Lab Manager. Online, January 2010.

50

of the 35th SIGCSE technical symposium on Computer science education, pages 402–406, New York, NY, USA, 2004. ACM. [54] Xen. What is Xen? Online, March 2010. http://www.xen.org/. Retrieved March 2, 2010. [55] L. Yang. Teaching system and network administration using virtual pc. Journal of Computing Sciences in Colleges, 23(2):137–142, 2007.

http://www.vmware.com/products/labmanager/. Retrieved May 28, 2010. [52] A. Vollrath and S. Jenkins. Using virtual machines for teaching system administration. Journal of Computing Sciences in Colleges, 20(2):287–292, 2004. [53] P. J. Wagner and J. M. Wudi. Designing and implementing a cyberwar laboratory exercise for a computer security course. In SIGCSE ’04: Proceedings

51