Rene's DEV/Test Lab Log

[ReneQT]

As promised! I'll keep updating this thread while I build up this new environment on my newly acquired work laptop. :)

Before you start any of this your going to need a PC that has the capacity to run a few VMs. The main limitation in a DEV environment that isn't under a lot of load is RAM and Storage space, my laptop has the below specs.

Hardware - MacBook Pro 15 Retina

CPU - 2.3 GHz i7 Quad Core (3.5 Turbo Boost)

RAM - 16GB

Storage - 512GB SSD

Screen - 2880x1800 15" Monitor (This is really only applicable to laptops, but a 1080P and up screen helps a lot on a laptop with running VMs, it's very annoying when the VM runs at a higher res than your screen!)

Now you can get away with less, my old laptop was a HP with 8gb of RAM and a Core i5 dual core, the only real limitation I had was storage and RAM. The more RAM/Storage you have the more VMs you can run!

For your reference I also have a dedicated virtual server running ESXi, this machine cost me $400~ to build.

CPU - Xeon 1230 v2 3.3GHz Quad Core

RAM - 4x 8gb RAM modules, these are ULTRA cheap now.

Mobo - Cheapest mobo I could find that would accept my CPU and RAM! (Gigabyte because they're my favourite :D)

Storage - 128GB SSD, and two other HP Microservers that act as iSCSI targets in a Storage Unified Network, 8TB worth of sandbox!

Virtualisation Software

VMWare Fusion (OSX equivalent of VMWare Workstation) - Doesn't look like much without any virtual machines!

One thing for MAC users to take into account when using VMWare Fusion is the internal DHCP and virtual interface need to be disabled and configured. The configuration file can be found under \Libraries\Preferences\VMware Fusion\networking

You'll notice VNET_1_DHCP is set to "no", VNET_1 represents my internal network on my laptop. This network has no access to the internet, the reason for this is to ensure that I don't accidentally connect my virtual machines to a clients network, especially my DHCP server. No client is going to be happy if you start handing out IP addresses to their client machines!

Now I'm good to go to start building up my machines inside the private internal network on my laptop!

Alternative Virtualization Solutions

Now the advantage of having this virtual environment on my laptop is that I can take this anywhere with me, but what if you don't have OSX and VMWare Fusion..? Luckily there are PLENTY of other solutions out there that will do the same thing! I'll list off my favourites below.

Software Virtualisation (Similar to VMWare Fusion)

-Windows 8 With Hyper-V Installed - If you happen to own a windows 8 machine you can install the Hyper-V role and build machines using Microsofts Virtualisation platform. I've used this before and it works very well, one thing that trips a lot of people up is the virtual switch feature. It is necessary to configure the virtual switch for internal and external switches similar to what I've done with VMWare Fusion above.

-Oracle Virtualbox (Virtualbox.org) - This is a free offering from Oracle, it's super easy to use and best of all it's free!

-VMWare Workstaion - This is very solid product that VMWare produce, it's the Windows version of VMWare Fusion but it's not free. A key advantage for vmware is that it's so common now to find vendors creating virtual appliances and machines as downloadable .vmdk files. This allows you to create a new VM, point it to the pre-made virtual harddrive and it's good to go!

Hardware Level Virtualisation

Now what if you don't need your test lab to be portable..? And you have some spare hardware around, hey ram is cheap.. if your mobo supports 32gb of ram or more you can use a hardware level hypervisor! This means the operating system on the machine is the hypervisor, you build your VMs directly on the virtual host with a much smaller footprint.

Now most of these are free, and all from reputable vendors which is always good.

VMWare ESXi - I highly recommend this product mainly because this is a cut down version of ESX, pretty much the most common virtualisation platform out there at the moment, and it's free! This is a very powerful virtualisation platform and on dedicated hardware it will EASILY handle anything you throw at it providing you have the hardware to back it up.

Microsoft Hyper-V - This product is free, but there is no licensing model for Hyper-V! This means you have the full blown product, not a cut down version like ESXi. So you can configure features such as HA if you have multiple servers that will allow them to automatically fail over machines to one another should the other member of the HA group fail. A good, easy to use product and lots of info out there on the internet if you want more info!

Citrix XenServer - This was my favourite for years, it has a free license and it's easily the easiest product out of the three listed to use. It's also the youngest, although it is based on Xen which has been around for a very long time. It's a solid platform and very much worth a look if your interested!

Closing thoughts!

This is all I can cover now (It's mothers day.. Gotta be semi social!) but It should help you get started on getting the base of your DEV/Test Lab setup. What you should take away from this is that you do not need to spend a lot to build a solid DEV/Test lab and it's not hard to get started! I recommend you do some research on the above mentioned products to see what fits your needs/resources, then jump in the deep end and start playing!

Please let me know if you see any horribly misleading or incorrect info, and feel free to give me some feedback!

The next update will cover the setup up your first VM using Windows 2008 Server to provide your other virtual machines with DHCP, DNS and Active Directory!

[ReneQT]

Building your first VM

Ok so, building the first VM! Now I'm not going to cover how to install windows server 2008, it's pretty self explanatory but I will cover assigning resources for your VMs.

Resourcing

CPU - 1 Core

RAM - 1024mb

HDD - 20gb

The reason this machine isn't rocking 4 cores and 4gb of ram is pretty simple, it's not going to need it. It's going to be a domain controller and a DHCP/DNS server. In a production environment you'd give this a lot more resourcing but ours is only serving our DEV/Test lab so it'll be happy with the above.

So here's what setting up a custom VM in VMWare Fusion looks like. First up I'm building a custom VM so I select 'Install from Disk or Image' then click "More Options..."

Create a Custom VM...

From here I can select the OS I'm looking to install, what Fusion is trying to do is work out what OS I'm installing so it can pre-populate the resources for the VM.

So now Fusion has populated its recommended settings for the VM.. we can see it's assigned 40gb for the HDD. Now I know this machine does not need that much space for what I need so we will need to change this before we install the operating system.

So now the VM is built! We can see from the Fusion console that we have a VM! I've renamed it WIN2008DC01 (Windows 2008 Domain Controller 01)

Now I mentioned earlier we need to modify the resources on the machine, at the moment the machine has 2gb of ram and 40gb of hard drive space. I'm changing this to 1gb of ram and 20gb of hard drive space. So the next few screen shots are just of the settings panel, and the few settings I'm modifying.

And thats that! The VM is configured and its ready for us to install 2008 server! Or is it...

Ok so one thing that can be frustrating, and this goes for most virtual solutions is booting from an iso. Fusion actually does it pretty well but what I've done is mounted the iso to the VM's CD-Rom, then gone into the "Start Up Disk" setting shown in the earlier settings panel and selected the cd-rom.

Ensure your virtual machines network connection is setup to a private network! I've mentioned this before but this machine will always be internal only, this also means I do not want it accessing the internet just yet. You can use a bridged network to allow your machines to also get internet via your LAN or Wireless card but this will expose your virtual machines to the internal network (Spamming DHCP etc to places I don't want). I will be providing my these virtual machines with internet but this will place a router between the virtual machines and the bridged network.

(I had a screenshot of this but I've reached the limit for this post :(

So now the machine is ready to install 2008 server on!

Edited May 11, 2014 by ReneQT

[ReneQT]

Setting up your Active Directory Domain

Ok so I've install Windows Server 2008 and I'm all set to create my domain!

This is actually pretty straight forward but first up, you need to ensure your server has the following.

1. A Static IP, my IP range for this environment is 192.168.10.0/24, so this VM has been set with 192.168.10.253

2. Change your servers computer name to the correct name! You want to do this now so that you don't run into legacy DNS entries if you setup DNS with the wrong computer name. DNS would update pretty quick but I've had issues with this before. This machine has been set to WIN2008DC01

DCPromo

With windows server 2008 you have the 'server manager' application that launches on startup, you can pretty much add what ever services you want from this application but I still us DCPromo out of habit.

1. Windows Key + R, type DCPROMO

2. When the dialog loads click Next

3. Now this dialog is worthy of a read, what it essentially is talking about is how a 2008/2008 R2 functional level domains can enforce secure communications between legacy NT machines.

4. At the "Choose a deployment Configuration" select "Create a new domain in a new forest", We aren't adding to an existing forest, we're creating a brand new one!

5. pick a domain name! I'm going with "testlab.dev"

6. Set your forest functional level to "Windows Server 2008 R2", or what ever the highest you have to work with is.

7. For additional options you want to tick "DNS Server" this server will be the DNS server for our environment. Note: You will get a warning here about external DNS lookups, because we do not have a DNS server to forward lookups to outside of our lab yet. Click Yes, we will make a forward lookup zone once we've got the router in place!

8. The next dialog will let you pick where you want logs, database and the sysvol folder for your domain. I left these as default but it is common practice to push this to an external drive in large environments.

9. Now we can set a password for our Directory Services Restore Mode account, set this to something easy to remember. If we break the environment you might want to use this to restore if your not using snapshots!

10. Have a quick review of the summary, once your happy with it click Next and Windows will cruise through and build your domain!

11. Once the process is complete, click Finish and allow the machine to reboot.

You may notice that the machine takes bit longer to boot up now, once the machine is ready to login. Login with "<your domain name here\Administrator" (testlab.dev\Administrator in my case!)

Once you've logged into your new domain controller, Windows + R > type sysdm.cpl (This is just a shortcut to system management found when you right click Computer and select Manage from the start menu.)

You should notice the machine name has changed to include your new domain!

Edited May 11, 2014 by ReneQT

[ReneQT]

DHCP Server Setup

So we've got a Domain controller and a DNS server, now we need to setup DHCP!

Pre-Reqs

IP Range - 192.168.10.0/24

DHCP Scope - 192.168.10.1-192.168.10.200

Now the easy bit..

1. Start the Server Manager, Right click Roles and select "Add Roles"

2. Feel free to read the "Before you begin" dialog, then click "Next"

3. At select server roles, tick DHCP Server and then click "Next"

4. Give the "Introduction to DHCP Server" a read and click "Next"

5. Network Connection Bindings define which of your network connections your DHCP Server will provide addresses to, I've only got one interface for this server so the decision is easy!

6. Specify IPv4 DNS settings should already have your domain name populated, set your preferred DNS server IP address to the IP address of your Domain Controller not your loopback address. You may notice I have entered 192.168.10.254 as my secondary DNS server, this is going to be the ip address of my router. This will allow DNS to function to an extent should DNS fail on the primary domain name server.

7. Leave WINS disabled, and click "Next"

8. DHCP Scopes is the important part, click add and configure the DHCP scope as per your own network addressing.

9. Configure DHCPv6 as disabled, click "Next"

10. DHCP Server Authorisation can be left with the default settings, this means that if any other DHCP servers are added to the domain they need to be added using the same account.

11. Confirm that your settings are correct and click "Install"!

And DHCP is installed! You can verify it's installed via server manager as below.

Concluding....

So now we have a Domain Controller, DNS and DHCP server! Now we can join virtual machines to our network and they'll automatically get an ip address via DHCP and DNS will resolve hostnames to IP addresses within the network.

The next step will be creating a Kali, Win7 and XP virtual machine, I won't cover the VMWare Fusion steps again because they're near identical for each virtual machine, give or take a few settings.

I apologise if the DHCP config seems rushed, I wrote it out once already and accidentally swiped back a page.. I'm new to OSX :(

Edited May 11, 2014 by ReneQT

[cooper]

About those vmdk files, you can use them with VMWare Player, which IS free software last I checked. And there are also things you can do to make those vmdk files without a paid vmware workstation. Google it if you're interested in this.

[ReneQT]

Indeed, you can also convert those VMDK files using other utilities into VHD and other formats to make them compatible with other virtualisation products.

The process seems so much simpler in my head, it looks much more complex in writing!