Content

What is virtualization? …………………………………………………………..………..

How might it help? ……………………………………………………………….………

Why would a server farm use virtualization? …………………………………………

The limitations …………………………………………………………………….………

Getting started …………………………………………………………………….………

Why set up a lab? ………………………………………………………………….…….

Lab set-up …………………………………………………………………………….…..

Creating a virtual machine ………………………………………………………….….

Kali Linux ………………………………………………………………………………....

The BIG Showdown …………………………………………………………………..….

VMware Workstation ……………………………………………………………….…….

Oracle VM VirtualBox 4.2 ……………………………………………………………….

Conclusion ………………………………………………………………………………..

References …………………………………………………………………………..……

Page 1 of 27

2

2

3

4

5

5

5

6

7

20

20

22

23

24

What is Virtualization?

According to online oxforddictionaries.com the meaning of virtualize is to create a virtual

version of (a computing resource or facility) (oxford reference 2015). In other words it refers

to creating a virtual, as opposed to real, version of something. In computing this could be an

operating system, software or even a virtual network of computers, switches, routers,

servers and so on…. . Let’s now look at this a bit deeper to see just exactly how this is

achieved.

How might it help?

To discover how it works we can look at server computers as these are some of the most

common places you will find virtualization. Within a network the servers are among the most

powerful nodes. They can contain multiple processors enable them to run complex

calculations and tasks with ease. Usually one server is assigned one task for example an

email server will be dedicated to handle all the email correspondence within the network.

Although this makes it a lot easier to track down network problems it does not take

advantage of the processing power of the server and also if you were to allocate one server

to one task in the end you are going to be struggling for space as your network get bigger

and bigger.

(Laumer 2015) (The Buzz Media 2015)

The overcrowding of cables is not the only problem there is also the overheating of the

servers themselves.

Page 2 of 27

(dotcom-monitor 2015)

Both of these problems can be solved through the use of server virtualization. This is

achieved by converting one server into multiple virtual machines. Each server will be able to

mimic its own unique physical device with its own operating system if needed. This will also

solve the problem of under usage of the server’s under-used processing power.

Why would a server farm use virtualization?

In a business it all boils down to money which is great for the business man but as a network

administrator it has its ups and downs.

As mentioned above space and under-usage of processing power were 2 of the points

mentioned. In a virtualized environment space is consolidated meaning that one server

could be allocated several tasks to cater for. As there will be multiple operating systems

running on one server the processor will be working to its full potential.

A company could also put into practice redundancy. Usually the company would have to

buy extra servers to run the same applications in case of failure whereby the extra server

could take over. In the virtual world all the network administrator need to is to create a virtual

machine on another server thus saving money.

By creating virtual machines it gives the network administrator a chance to try out new applications or operating systems before using them in the main stream. In a virtual

environment there is no need to worry about doing any harm to other operations running on

the same server as it is running independently.

Page 3 of 27

Through time hardware becomes out-dated and changing from one system to another can

be difficult. In the virtual world virtual hardware can be created so as to enable continuation

of the services offered by the old systems. This can also help in the transition from old to

new software and processes.

An up and coming trend in server virtualization is called migration. This equates to moving

one server environment to another. In the past this was only possible if both physical

machines ran on the same hardware, operating system and processor. In the virtual world all

this can be done even with different processors as long as they come from the same

manufacturer.

Other such benefits include:

Saving energy/going green

Reduce data center digital footprint

Faster server provisioning

Reduce hardware lock-in

Increase uptime

Improve disaster recovery

Help in moving things to the cloud

(webhosting.about 2015)

The limitations

It’s not all good news. There are reasons to make a company think twice about introducing

virtualization. Some applications may demand on processing power which isn’t good in a

virtual world. Virtualization divides the processing power between its virtual machines. If one

of the machines requires a lot of processing power it will slow the whole system down taking

hours to complete something that could have been done quickly in a non-virtual

environment.

It is also wise not to use too many virtual machines within one server. As each virtual

machine needs processing power it takes away power form other virtual machines. On top of

that as a data base for example gets bigger disk space could become an issue as each

virtual machine needs disk space to go with it.

If some maintenance needs to be done on a particular server then it will affect all the virtual

machines hosted by it. This could lead to major problems in the everyday running of the

company perhaps even leading to the loss of money.

Page 4 of 27

With All its limitations it is still an attractive path to take as virtulization technology increases.

Server power consumption and heat output is decreased making it more financially attractive

for companies.

(webhosting.about 2015)

Within the next section I will explain how to set up a virtual lab for penetration testing. In this

environment a company can both protect and monitor their network thus eliminating the

server farm from being compromised resulting in thousands upon thousands of dollars.

Getting started

This is being put together with the assumption that the reader is a beginner in creating a

virtual environment and also in penetration testing. It has is also being put together and

designed as if you were the hacker

Why set up a lab?

Penetration testing is a skill that takes a lot of practice along with a lot of experimenting.

Unfortunately a network administrator will not be allowed to practice on his own network

unless he knows what he is doing. So setting up a virtual lab is one way in which the

environment is totally safe and will not affect anything else on the network.

Lab Set-up

Prerequistes

The first thing you need to do is to install virtual software on your machine. For the purpose

of this assignment I will be using VMware. You can get the latest copy, VMware Workstation

11.1.0 for Windows or Linux at,

(vmware 2015)

You will also need Backtrack5:

https://www.backtrack-linux.org/downloads/

(backtrack-linux.org 2015)

Also Metasploitable2 at:

http://sourceforge.net/projects/metasploitable/files/Metasploitable2/

(sourceforge 2015)

Page 5 of 27

If you have a copy of any of the windows flavours you can also use one of them but failing

that you can download the latest version of Ubuntu Kylin at:

(ubuntu 2015)

Virtual machines come in two forms you can either download a virtual drive image or an ISO

file.

VMware virtual drive file ISO file

In order to keep everything neat and tidy, create a folder to keep your VirtualMachines in.

You will also need a beefy machine to run at least three virtual machines plus your host

operating system. You will need at least 4gb RAM minimum to allocate to all instances. You

will find more info here:

(vmware 2015)

Creating a virtual machine

1. Once you have started your installed virtual software you will be presented with this

screen.

Page 6 of 27

A. Create a new virtual machine. If you choose this option you will need to up load the ISO

image of the operating system.

B. Open a VMware virtual disk file. Here you will have to open one of the VMware virtual

disk files.

It doesn’t matter which file you download and use, you still get the same result.

For our purpose we will load Kail Linux VMware virtual drive file. You can download the file

from here: https://www.kali.org/downloads/

Kali Linux

Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and

Security Auditing. Kali contains several hundred tools aimed at various information security

tasks, such as  Penetration Testing, Forensics and Reverse Engineering. Kali Linux is

developed, funded and maintained by Offensive Security, a leading information security

training company.

Kali Linux was released on the 13th March, 2013 as a complete, top-to-bottom rebuild of

BackTrack Linux, adhering completely to Debian development standards. Many tools

More than 600 penetration testing tools included

Free and always will be

Open source Git tree

FHS compliant

Wide-ranging wireless device support

Custom kernel, patched for injection

Developed in a secure environment

GPG signed packages and repositories 

Multi-language support

Completely customizable

ARMEL and ARMHF support

(docs Kali 2015)

2. We will click on open a virtual machine as our file has been saved as a VMware virtual

disk file.

Page 7 of 27

3. Next, you will get asked what type of configuration do you want?

Typical (recommended): Create a workstation 10.0 virtual machine in a few easy steps.

This creates a virtual machine which has the same hardware version as the version of

Workstation you are using. If you are using Workstation 8.x, it creates a virtual machine with

hardware version 8. If you are using Workstation 6.5.x or 7.x, a virtual machine with

hardware version 7 is created.

If you select Typical, the wizard prompts you to specify or accept defaults for the

following choices:

The guest operating system

The virtual machine name and the location of the virtual machine's files

The network connection type

Whether to allocate all the space for a virtual disk at the time you create it

Whether to split a virtual disk into 2GB files

Custom (advanced): Create a virtual machine with advanced options, such as SCSI

controller type, virtual disk type and compatibility with older VMware products. If you choose

this option to create a virtual machine you can define its hardware compatibility. You can

select from Workstation 11.x, Workstation 10.x, Workstation 9.x, Workstation 8.x,

Workstation 6.5 -7.x, Workstation 6, Workstation 5, and Workstation 4.

Select Custom if you want to

Make a legacy virtual machine that is compatible with Workstation 4.x, GSX

Server 3.x, ESX Server 2.x and VMware ACE 1.x.

Store your virtual disk's files in a particular location

Use an IDE virtual disk for a guest operating system that would otherwise

have a SCSI virtual disk created by default

Page 8 of 27

Use a physical disk rather than a virtual disk (for expert users)

Set memory options that are different from the defaults

Assign more than one virtual processor to the virtual machine

If you selected Custom as your configuration path, you may create a virtual machine that

fully supports all Workstation 10 features or a legacy virtual machine compatible with specific

VMware products.

For our purpose we will press typical.

4. The next screen gives us three options from which we can install the operating system

from.

Installer disk will be used if you have an installation disk to install the operating

system/software from.

Page 9 of 27

Installer disk image file should be checked if you an ISO copy of the operating

system/software

I will install operating system later should be checked if you have a VMware virtual disk

file.

For our purpose we will install it later.

5. The next stage is to choose the guest operating system. This is the operating system

you are installing into the virtual machine. For our purpose we will choose Linux.

Once you have chosen your operating system you should scroll down the menu to choose

which version of the operating system you want. For our purpose we will choose Ubuntu.

6. The next step is to give your virtual machine a name. It does not matter what name you

Call it. For our purpose we will call it Kali Linux

Page 10 of 27

From here you now choose which folder to store your virtual machine in. Using the

default folder is okay. For our purpose we will choose the default folder.

7. Now we have to choose what size of virtual disk space we need. This will depend upon

what you intend to do with the operating system you are installing. If you intend to install

software and use the operating system to store files then a bigger drive may be

necessary.

You can set a size between 0.001GB and 2TB for a virtual disk file. You can also select

whether to store a virtual disk as a single file or split it into multiple files.

For our purpose we will just choose the default of 20GB.

Our next choice is how to store the virtual hard drive disk. We have two choices here.

The first one store virtual disk as a single file. This choice is the same having a single

partition on a hard drive. The virtual disk will grow as you add to it.

The second choice is split virtual disk into multiple files. Splitting the disk into multiple

files makes it easier to move the virtual machine to another computer but may reduce

performance with large disks. When you split a virtual disk less than 950GB, a series of

2GB virtual disk files are created. When you split a virtual disk greater than 950GB, two

virtual disk files are created. The maximum size of the first virtual disk file is 1.9TB and

the second virtual disk file stores the rest of the data.

For our purpose we will chose to split the virtual disk into multiple files.

Page 11 of 27

8.

9. Now all the settings have been made it is time to create the virtual machine. You can

always go back to either check or make any changes.

If you choose to customize hardware you will be guided to hardware settings. The first one

you see is the memory location. You can stick to the default memory settings but if you plan

to use the virtual machine to run many applications or applications that need high amounts

of memory, you may want to use a higher memory setting. You can also reset other

configurations here.

For our purpose we click finish.

10. We can now see our home screen with all the settings in the left hand column but we are

not finished yet as we still need to tell the virtual machine where to go a look for the

operating system.

Page 12 of 27

11. At this point can either double click on the edit virtual machine settings or CD/DVD (SATA) Auto detect lines. Both will take you to the same place but double clicking the

second one gets you there quicker.

12. Here we need to check the use ISO image file click on the browse button and select

from the folder you have the image stored in.

Page 13 of 27

You will also need to check the button connect at power on. Once you’ve done that click

the OK button.

13. It now takes you back to the settings column where you can see that now the virtual

machine knows where to find the image file.

15. You can now go ahead and press the power on this virtual machine link.

16. The start-up screen gives you a choice of system you want to boot up.

Page 14 of 27

17. Below are a selection of choices to log into Kali Linux.

Live (amd64 & 64 failsafe)These are the standard mode for everyday operations.

Live (forensic mode)Kali Linux “Live” provides a “forensic mode”, a feature first introduced in BackTrack Linux.

The “Forensic mode live boot” option has proven to be very popular for several reasons:

Kali Linux is widely and easily available, many potential users already have Kali ISOs

or bootable USB drives.

When a forensic need comes up, Kali Linux “Live” makes it quick and easy to put Kali

Linux on the job.

Kali Linux comes pre-loaded with the most popular open source forensic software, a

handy toolkit when you need to do forensic work.

Kali Linux Live USB PersistanceKali Linux “Live” has two options in the default boot menu which enable persistence — the

preservation of data on the “Kali Live” USB drive — across reboots of “Kali Live”. This can

be an extremely useful enhancement, and enables you to retain documents, collected

testing results, configurations, etc., when running Kali Linux “Live” from the USB drive, even

across different systems. The persistent data is stored in its own partition on the USB drive,

which can also be optionally LUKS-encrypted.

Live USB Encrypted Persistence As above but encrypted.

Page 15 of 27

For our purpose we will choose Live (amd64).

18. The first thing you notice is we do not have a network connection.

19. You can see if the network adaptor is active in the bottom right hand corner. In our case

the network adaptor is active but we do not have a connection.

Page 16 of 27

20. We need to double click the network adaptor to see the configuration box.

21. If your host computer is on a network and you have a separate IP address for your virtual

machine (or can get one automatically from a DHCP server), select Use bridged. Be

aware that this opens up your virtual network to the world.

If you do not have a separate IP address for your virtual machine but yo want to be able

to connect to the Internet, select Use network address translation (NAT). NAT allows you

to share files between the virtual machine and the host operating system.

If you want a totally separate network isolated from the host system choose Host-only or

custom.

Page 17 of 27

For our purpose we are going connect to the new custom network adaptor we created

earlier.

Page 18 of 27

22. When we go back to out virtual machine we can see the network adaptor is trying to

establish a connection with network.

Once a connection has been made you will see two computers together.

In order to double check we run the command ifconfig and it will show us our network IP

address. In our case the IP address is 192.168.127.128/24

Page 19 of 27

Viola! We now have a live connection to our virtual network.

The proof is in the pudding!

192.168.209.128

Page 20 of 27

192.168.209.130

192.168.209.129

Page 21 of 27

192.168.209.130 is pinging 192.168.209.128

Here we are capturing the ping in wireshark on another system.

The BIG Showdown

When you think of virtualization on your PC then two types of software come to mind:

VMware Workstation and VirtualBox. Looking back in history VMware has been around

longer than VirtualBox. The first release of VMware was in 1999 in fact they claim to be the

first to commercially successfully virtualize x86 architecture. Where as VrtualBox came to life

in January 2007 and is an open source project under the management of care of Oracle.

(Wikipedia 2015)

So, how do they compare head to head in today’s market place? The first thing to take note

is that they both run on Windows, Linux or Unix. When it comes to the Mac, VirtualBox

supports Mac OS x hosts and guests as well however, VMware offers a separate product,

VMware Fusion for a Mac.

In order to be fair both systems were tested on an Intel Core i7-3770K CPU with 16GB of

RAM, 128GB of SSD system-volume storage, and 2TB of additional hard disk space. The

host operating system was Windows 7.

VMware Workstation

VMware Workstation includes all the features of VMWare Player—easy virtual machine

creation, hardware optimization, driver-less guest OS printing—and adds in the ability to

clone machines, take multiple snapshots of the guest OS, and a replay changes made to the

guest OS for testing software and recording the results within the virtual machine.() The

most visible are support for Windows 8 and USB 3.0; improved graphics drivers, which

include OpenGL support for Linux guests; nested virtualization, which allows -- among other

things -- running Hyper-V in a guest (at your own risk!); and a number of remote-control and

VM management improvements. It even has some capabilities that users might never have

thought about.

Page 22 of 27

(infoworld 2015)

One good thing about VMware is that you need no experience with virtualization software as

it is designed for the beginner and provides shortcuts to creating a new machine, firing up an

existing one or setting preferences. If you have Virtual machines already loaded then they

will be seen automatically and can be started and the click of a button. If you want to start a

new one and you have the installation disk it will automatically detect it and prompt you for

any product keys needed.

VMware comes with a set of guest tools which you can install to make life a bit easier. Tools

enabling you to directly copy and paste files between host and guest. You can go into Unity

Mode, which allows programs from the virtual machine to be run directly on the host

desktop. Another key feature is the fact that it is able to map a virtual disk to a drive letter on

the host so that files can be copied in or out of that drive.

Want to take a picture of a given virtual machine? No problem, you will be presented with an

easy to read diagram of all the pictures you've taken highlighting the current one. It’s also

possible to schedule pictures which can be used to restore the system if needed. On top of

that, virtual machines can be remotely accessed via the open source VNC protocol or

shared out to other VMware Workstation users on the same network. Another cool feature is

that virtual machines can be uploaded to or from an instance of VMware. This creates a

workstation into an environment for to-be-deployed machines.

A feature which you would not expect to see is the "capture movie" function. You are able to

capture audio and video output and pipe it directly to a movie file. A fantastic way to create

tutorials, reports, demonstrations and so on.

Page 23 of 27

Oracle VM VirtualBox 4.2

According to reviews VirtualBox does not have as many features as VMware Workstation.

On the other hand it is however a good choice if you are using the open source version. This

version includes propriety extensions such as USB 2.0 support. It is free for personal use but

if you want to use for commercial use then you need to buy a license.

VirtualBox has many features also found in VMware Workstation. Look at the set-up process

of VMware Workstation for example. In VirtualBox, you need to follow the step given by a

wizard that prompts you as to which operating system you want to install. On VMware

Workstation it detects it automatically. In addition to that VirtualBox does not provide

extended setup automation features that VMware Workstation does. It does offer you a set

of recommended settings. For example memory size for the VM and a couple of other

internal options, but the actual OS installation process still has to be done manually.

When we talk about USB support in VirtualBox it is limited to USB 2.0, whereas VMware

Workstation can emulate USB 3.0. Although both can connect to USB devices (such as

cameras or scanners) on the host, it's a lot easier to accomplish in VMware Workstation, and

VirtualBox doesn't connect to and release hardware as reliably as VMware Workstation

does.

VirtualBox uses a peculiar variant on Microsoft's Remote Desktop Protocol to allow remote

connections to VMs. However, it is a proprietary extension of VirtualBox.

It’s not all that bad for VirtualBox it does have features that make you smile. A given virtual

machine can support up to 32 virtual CPU cores per machine, with the maximum depending

on your host hardware's capabilities. It also has an "execution cap" function, which lets you

specify a hard limit for host CPU utilization -- a feature not clearly provided by VMware

Workstation.

Page 24 of 27

When it comes to taking a snap they are head to head on this one. As in Workstation, you

can take multiple branching snapshots of a given VM. There is also the capability to clone

VMs, which can be done either by making a full, separate copy of the VM or by using a

snapshot as the basis for the clone.

When it comes to support for a variety of virtual-disk formats: VMDK, VHD, HDD (from

Parallels), and QED/QCOW (from QEMU). VirtualBox is a good testing ground to try out a

slightly broader range of virtual machine types than VMware Workstation.

Conclusion

So, all in all how do they shape up for the person looking for a free version? VMware has a

free version by the name of VMware Player. They differ in product licensing, as VirtualBox is

a little more generously licensed than VMware Player. You can also get a few features on

VirtualBox that VMware Player has limited use on, including snapshotting, virtual-network

management, and cloning of workstations.

At the end of the day it’s all about money. If you have to the money then VMware

Workstation is by far the best choice. It not only out performs VirtualBox but its cross-

integration with other VMware products that make Workstation worth the money. But

remember, VirtualBox does have things to offer that VMware Workstation or VMware Player

don’t.

(infoworld 2015)

Page 25 of 27

REFERENCES

(1) Oxford Reference 2015, Oxford Reference, Available from:

http://www.oxfordreference.com/search?

siteToSearch=aup&q=virtual&searchBtn=Search&isQuickSearch=true [6th April 2015]

(2) Laumer J, Data Center "Cable Mess" October 21, 2008, treehugger: Blog available at:

http://www.treehugger.com/sustainable-product-design/greener-data-centers-brian-p-

mccann-cmo-of-onpath-technologies-explains-how-the-virtualized-infrastructure-layer-can-

save-resources.html

(3) Kalla R, The Super Internet (Wall of Ethernet Cable) 15th November 2007, Available at:

http://www.thebuzzmedia.com/the-super-internet-wall-of-ethernet-cable/ [6th April 2015]

(4) Thoke O, Data Center Server Virtualization in Cloud Hosting Environment, Available

from: http://webhosting.about.com/od/Clouding-Hosting/a/Tips-For-Building-Data-Center-

For-Cloud-Hosting-Environment.htm?utm_term=virtualization%20server&utm_content=p1-

main-3-title&utm_medium=sem&utm_source=google&utm_campaign=adid-5563ea69-3c9e-

49ef-a526-3ffeedfdaa1d-0-ab_gsb_ocode-

5985&ad=semD&an=google_s&am=broad&q=virtualization%20server&dqi=server

%2520farms%2520Virtulization&o=5985&l=sem&qsrc=999&askid=5563ea69-3c9e-49ef-

a526-3ffeedfdaa1d-0-ab_gsb [6th April 2015]

(5) Download VMware Workstation, Available from:

https://my.vmware.com/web/vmware/info/slug/desktop_end_user_computing/

vmware_workstation/11_0 [6th April 2015]

(6) downloads : BackTrack Linux – Penetration Testing Distribution/, Available from:

http://www.backtrack-linux.org/downloads/ [6th April 2015]

(7) Metasploitable, Available from: 

http://sourceforge.net/projects/metasploitable/files/Metasploitable2/ [6th April 2015]

(8) Ubuntu Kylin, Available from: http://www.ubuntu.com/desktop/ubuntu-kylin [6th April

2015]

Page 26 of 27

(9) Configuration and Recommendations 2015, Available from:

www.vmware.com/files/pdf/isv/...and_Configuration_Recommendations.pdf [6th April 2015]

(10) Kali Linux Official Documentation, What is Kali Linux? 2015, Available from:

http://docs.kali.org/introduction/what-is-kali-linux [6th April 2015]

(11) VMware Workstation 2015, VMware Workstation, 4 March 2015, Available from: http://en.wikipedia.org/wiki/VMware_Workstation [6th April 205]

(11) Yegulalp S, VMware Workstation 9 vs. VirtualBox 4.2, Sep 26, 2012, Available from:

http://www.infoworld.com/article/2615128/virtualization/review--vmware-workstation-9-vs--

virtualbox-4-2.html [6th April 2015]

(12) Fitzpatrick J, Five Best Virtual Machine Applications, 19th December 2010, Available

from: http://lifehacker.com/5714966/five-best-virtual-machine-applications [6th April 2015]

Page 27 of 27