Recent Patents on Computer Science 2012, 5, 37-50 37 Virtualization of Teaching at the Department of KVD UWB in Pilsen, New Features and Benefits Dr. Ing. Ji(cid:5)í Toman* and Ing. Petr Michalík Department of Computer Science and Educational Technology, Faculty of Education, University of West Bohemia, Kla- tovska 51, 30619 Pilsen, Czech Republic; Department of Computer Science and Educational Technology, Faculty of Education, University of West Bohemia, Klatovska 51, 30619 Pilsen, Czech Republic Received: June 22, 2011; Accepted: October 14, 2011; Revised: October 13, 2011 Abstract: The existence and functionality of virtual environment at the Department of Computer Science and Educational Technology (KVD) of the University West Bohemia (UWB) in Pilsen are the current reality. The VMware ESX server has been in operation sinece 2007 at the KVD department. The software ESX 3.5.0 SP2 has been installed on the server Dell PE2900. Current status is as follows: about 10 virtual machines (VM) are used by department members, 6 virtual machines are used as a variety of servers and services for education and teaching, about 30 VM are designed as virtual labs to teach students. Earlier model to manage the VM bases solely on access via the ESX server using VMware Infra- structure client which is not effective and safe. In particular, the system of permissions and roles is not effective enough. It is not possible to set access rights (ACL) to each single VM separately. The new solution has been installed since Sep- tember 2009, ESX host server and vCenter server as one entity. The new ELMS licensing model for VMware vSphere 4 provides unprecedented efficiency, control and choice. Virtual Center Server 4.0 (recently called vCenter Server 4.0) has been implemented on the operating system MS Srv2008 and as one of the virtual machines. Information systems educa- tors must balance the need to protect the stability, availability, and security of computer laboratories with the learning ob- jectives of various courses. The same requirements and needs have to be considered on our side. This paper presents this basic environment, configuration, licensing model and sample teaching laboratories at the KVD. The manuscript demon- strates the advantages, strengths but also the weaknesses in the creation of virtual laboratories for teaching purposes. The final chapter deals with considerations on the coexistence of virtual computer environments to traditional classrooms. We then review the main body of research in this area and identify the key patents that have emerged in this field. Keywords: Active Directory (AD), Domain Controller (DC), ESX server, FPE (Faculty of Education), KVD (Department of Computer Science and Educational Technology), MS Srv2008, permission, role, subject UAPO (Administration Computers and Operating Systems), subject PSDS (Computer Network and Distributed Systems), Sun Ray technology, vCenter Server 4.0, virtualization, virtual lab, virtual machine (VM), virtualization in education, VMware vSphere 4, Z(cid:4)U v Plzni (UWB - Univer- sity of West Bohemia in Pilsen). 1. INTRODUCTION host computer that has to determine the amount of memory storage per memory pool. 1.1. What is Virtualization Virtual machine is a software implementation of a ma- There are many definitions and concepts in literature. chine (computer) that executes programs like a real machine. Virtualization is a term for the abstraction of computer Virtualization dramatically improves the efficiency and resources, respectively a virtual machine using the software availability of resources and applications in organization [3]. implementation of behavioral and physical characteristics of Internal resources are underutilized under the old “one the machine. server, one application” model and IT administrators spend Virtualization is a new approach to operating systems [1]. too much time managing servers rather than innovating. Virtualization dramatically improves recovery efficiency Virtualization is a proven software technology that is and availability of computing resources, particularly servers. rapidly transforming the IT landscape and fundamentally changing the way that people compute. The patent US7480773 [2] proposes a method to deter- mine the average memory storage of the virtual machine, Virtualization is the current reality in education. which provides the average number of virtual machines on a 1.2. Benefits of Virtualization *Address correspondence to these authors at the Department of Computer The use of desktop virtualization, servers, applications Science and Educational Technology, Faculty of Education, University of provide a familiar, commonly reported and published advan- West Bohemia, Klatovska 51, 30619 Pilsen, Czech Republic; Tel: +420 tages and benefits. 377636446; +420 377636443; E-mail: [email protected]; [email protected] - Reduction of financial costs, reduced operating rates. 1874-4796/12 $100.00+.00 © 2012 Bentham Science Publishers 38 Recent Patents on Computer Science, 2012, Vol. 5, No. 1 Toman and Michalík - Increasing the use of hardware resources such as serv- 1.4. Technical and Administrative Arrangements to En- ers, desktops (processors, disks, memory and network). sure the Operation of the Virtual Environment at the KVD - Sharing of technical resources. - Ensure the functionality and operation of teachers KVD - Increasing the level of service, administration, installa- and IT specialists beyond their normal teaching loads. It tion. is confirmed that the success of IT security also depends - Offering high availability and security. on the personal qualifications of people. We confirm and quote the words: “Success of IT security not only - Sophisticated management system virtual machines need especially in school. depends on the evolution of technologies, but also reces on the knowledge of IT-Personnel and the level of their - Possibility to create virtual networks, virtual switches, IT-security education” [3]. and ultimately the creation of flexible network of labora- - The authors of this article have been working for 19 tories. years as a computer network administrator and IT spe- - Strong support for workstations and server manufactur- cialist [5]. ers to use virtualization - Strong technical means of consolidation. 1.5. Authentication in Virtual Environment at the KVD - Efficient and flexible use of computers and computer - Each user authenticates either using the local MS classrooms at school. Srv2008 account or using private university school ac- count in the central domain of the UWB. Authentication - The existence of funds for central management of virtual is done through Active Directory and Kerberos authenti- environment (VMware Virtual Center Server, MS Vir- cation mechanism. tual Machine Manager). - The possibility of converting the physical channels to 1.6. Terminal Access to VM virtual environments. - Remote Desktop - terminal client (eg Remote Desktop - Fast creation of virtual machines, the optimal placement Client 6.1 in MS Windows OS) allows access to the MS of machines to host servers. and linux operating systems. The client starts using - Managing virtual environments, virtual machine, first “mstsc” (Microsoft terminal services client) or “rdesk- via a graphical interface, both via the command shell on top” command line. local stations in the classrooms, personal computers, - Remote desktop client uses RDP protocol which is in- laptops, and only through the installed VMware vSphere cluded in all operating systems. 4 client. - Access to the installed virtual machine using terminal 1.7. Coexistence of Standard Models of Teaching and service client. Learning in a Virtualization Environment - Appropriate Solutions? - Solution of license conditions of certain software prod- ucts. Virtualization brings and will bring advantages, even in the educational process. Virtualization reduces the cost, re- - Availability of services and software. sources. However, in the educational process, students must - Virtualization provides a useful tool for introducing op- have somehow approach to virtual machine. There must be erating systems [1], [4]. available cheap terminals with appropriate clients. But most of our classrooms are equipped with standard high- 1.3. Disadvantages of Virtualization performance desktop stations with high computing power and even standard software. To optimize the coexistence of - Initial investment in the apparent greater executive such an environment requires a significant intervention in the server. entire structure and concept, how to implement an environ- - Higher initial investment in software. ment for teaching and with optimum cost. Solutions to these problems are the subject of our research and motivation of - The existence of necessary expertise and the knowledge our efforts. The subject of our interest is not only to improve necessary to install and manage. virtualization environment, but to optimize its integration - Virtual machines require physical machines as well as into the former concept. Suitable integration, respectively compliance with licensing rules installed OS and other balanced coexistence virtualization environment and still software products. existing classical computer classrooms is the fundamental solution. Non-negligible factor is the quality of teaching, - Access to virtual machines from traditional desktop availability of computing environment, if possible, 7 days a computer stations in classrooms week and 24 hours a day. It is expected also to integrate stu- dent laptops. Virtualization of Teaching, New Features and Benefits Recent Patents on Computer Science, 2012, Vol. 5, No. 1 39 2. PREVIOUS SOLUTION OF VIRTUALIZATION, The clear solution to this unsatisfactory state is the connec- THE CONFIGURATION AND MANAGEMENT tion of the ESX server with vCenter server, respectively to BASED ONLY ON ESX SERVER use of VMware vSphere4 architecture. A brief mention how to administer ESX Server. 3. THE CURRENT SOLUTION OF VIRTUALIZA- VMware Infrastructure allows the client to work on ESX TION, CONJUNCTION ESX SERVER AND VCENTER server in two modes of activity - Inventory and Administra- SERVER tion. Both schemes are suitable for the main administrator of The VMware vCenter Server is required for administra- the system and not for every user, such as a student. A sig- tion and control of VMware vSphere™ environments. nificant shortcoming is that this scheme only allows global VMware vCenter Server is a universal center for managing settings for individual roles, that is, global set of access VMware environments and integrated management of all rights to all virtual machines. host servers in one. This solution offers unified management Now we describe briefly the procedure for creating users, of all hosts and virtual machines in the data center through a groups and roles. single console, allowing administrators to improve manage- ment, simplify daily tasks and reducing complexity and cost The administrator of ESX server creates the appropriate groups and users similar on Linux server and then creates the of IT management environment. roles in Administration mode. The individual roles are as- VMware vCenter Server 4 has been installed on the signed to the user groups or individual users. Offer using the server called VCS, see http://vcs.fpe.zcu.cz. Download checkboxes shown options are divided into modes such as VMware vSphere client allows access to VMware vSphere Inventory, Interaction, Configuration, State, Provisioning. environment, respectively to access to the ESX host server The mode Inventory - Permission - Assign permission allows and to the vCenter server. Fig. (1) and Fig. (2). shows the select the user or group, next select pre-created Assigned Getting Started and Home Page of the VCS server. Role and edit the selected role respectively. A great advantage over previous solutions, see chapter 2 Clearly, setup of access rights in terms of system admini- is the ability to assign appropriate roles to individual VMs. stration is impractical and very limited. A users and groups See Fig. (3). usage role R_UAPO1. must be created on the ESX server (VMware Linux kernel) Figure 4 shows configuration, editing of the role first. Each role can be created with given privileges, but al- R_UAPO1. Configuration window offers the possibility to ways with the rights to all the virtual machines. This method edit the role name or make changes to the effective privi- of administration and management is very limited, virtually leges allowed in this role by enabling or disabling the check unusable in a school environment. We do not have any more boxes. flexible and comprehensive tool for managing access rights to individual virtual machines. A user authenticated to the Permissions - role - users/group in VMware vSphere en- ESX server via the VMware client has assigned roles cer- vironment is illustrated in Fig. (5), Fig. (6). tainly but with the permission to all VMs. Each authenticated It is clear that the mechanism for setting access rights for user can see and work with all the created VMs. It is clear each VM is robust, flexible and secure. In the following de- that in this way can’t set access to each VM separately. scription it is exemplified by the assignment procedure - Clearly, such a way of working is possible in some smaller assign permissions. companies but almost certainly unworkable in the school environment. All users and groups are selected from local domain of server VCS or alternatively from central domain of the UWB This method of administration and management is satis- (Active Directory). The domain controller w3k.zcu.cz uses factory for the following mode of operation. The administra- authentication technology called Kerberos 5. Kerberos uses tor creates a single virtual machine, install and configure the encrypted communication to avoid transmitting passwords in base operating system. Each VM allows remote access the plaintext form. mode, called Terminal Services. The user of VM receives the admin password of the VM’s OS. The user from any station VCS (vCenter) server has been is also installed as one of equipped with a Terminal Services client connects to the VM the virtual machines and operates on the MS Srv2008, see and it is further administered only in this mode. A significant Fig. (7). disadvantage is that a possible approach to the VM as a The Directory Service (respectively Microsoft Active physical machine is only through the VMware client. Directory) integrated into VMware vSphere brings many This approach is not allowed directly for a regular user positive qualities, many benefits. Secure access control, ro- (student, etc.). Any problems with VM as a physical machine bust permissions mechanisms, and integration with Micro- must address the student in cooperation with the ESX server soft® Active Directory guarantee authorized access to the administrator. Obviously, the possibility of such work in the environment and its virtual machines. Responsibilities can be school environment is very limited and impractical. In the delegated to tiers of system administrators. Fig. (8) shows academic environment with many diverse educational needs, vCenter server’s console screen of user administrator, Fig. student activities, etc., this system of virtualization environ- (9) shows console screen of regular student user. The pic- ment is very complicated, unreliable and almost useless. tures Fig. (8) and Fig. (9) demonstrate the quality of this new Such an environment can operate only within specified limits solution, which is given primarily in security, robustness and and in strict compliance with the rules of the users. flexibility of the system solution. As shown in Fig. (9), every 40 Recent Patents on Computer Science, 2012, Vol. 5, No. 1 Toman and Michalík Fig. (1). Getting Started. Fig. (2). VCS – vCenter server, main menu. Virtualization of Teaching, New Features and Benefits Recent Patents on Computer Science, 2012, Vol. 5, No. 1 41 Fig. (3). All VMs assigned to the R_UAPO1 role. Fig. (4). Editing role R_UAPO1. 42 Recent Patents on Computer Science, 2012, Vol. 5, No. 1 Toman and Michalík Fig. (5). Permissions for LAB1_P01. Fig. (6). Assign permissions for user u1 using role R_UAPO1. Virtualization of Teaching, New Features and Benefits Recent Patents on Computer Science, 2012, Vol. 5, No. 1 43 Fig. (7). Performace of the vCenter Server. Fig. (8). VM’s assigned to user admin. 44 Recent Patents on Computer Science, 2012, Vol. 5, No. 1 Toman and Michalík Fig. (9). VM’s assigned to student, e.g. to user u1. student has access only to their virtual machines from his to settings or the computer rolls back to a stable state after a console. These approaches are safe for users, groups, see report, citation [1]. Fig. (4), Fig. (5), Fig. (6). Possibility to install, configure computers and operating systems is another contribution to improving the quality of 4. INSTRUCTION COURSES UAPO (ADMINISTRA- teaching in computer science and computer technology. TION OF COMPUTERS AND OPERATING SYS- TEMS), PSDS (COMPUTER NETWORKS AND DIS- 5. REALIZATION OF PRACTICAL TRAINING IN TRIBUTED SYSTEMS) IN VIRTUAL COMPUTER SPECIALIZED SUBJECTS LAB Our experience allows us to express the same conclu- The new subject UAPO - Administration of computers sions, see citation: and operating systems is taught since the educational year Virtualization provides a useful tool for introducing op- 2009/2010. These courses are designed not only for students erating systems. While a dual-boot configuration enables the of the FPE but also for students of the UWB. This subject is introduction of multiple operating systems, virtualization not only focused on the acquisition of theoretical knowledge offers several advantages. First, virtualization may be easier but in particular the verification of practical exercises and to implement and manage than dual boot configurations. seminars. The main content of the course is practical to in- Second, since the virtual machine and host operating system stall the optional operating systems, their configuration, ad- coexist and are accessible, the student may more easily ac- ministration and management. Currently installed computers cess both resources in class. Third, students may install and in classrooms do not have such facilities. The current central configure their own operating systems, thus extending the policy and administration of computers in the public class- range of topics possible. Fourth, the IS educator may distrib- rooms does not allow installation and configuration. ute virtual machines to students if there is no need for the Information systems educators often encounter control students to install their own operating systems. Finally, one and management issues with regard to shared computers in may introduce several different operating systems by using a university laboratories; when students use computers in labo- virtual machine for each operating system, citation [1]. ratories, they are using equipment that must be available and Possible solutions to the current requirements for teach- operational for the next student. In many cases, the transition ing: time between users is short as case between class sessions. As a result, there is a need to regulate the use of these com- a) Implement a flexible computer classroom equipped with puters to ensure availability. Often, the solution is to lock the a sufficient number of physical computers with appro- computer down so that students are unable to make changes priate technical, administrative system and background. Virtualization of Teaching, New Features and Benefits Recent Patents on Computer Science, 2012, Vol. 5, No. 1 45 b) Use today's modern technologies such as virtualization, figuration. Terminal station must be equipped with respectively virtual computer lab. VMware vSphere 4 client downloaded from https://vcs.fpe.zcu.cz/. Ad a) The first method assumes the purchase of a suffi- cient number of powerful computers, their placement in a c) Remote access to virtual machines from any standard specialized classroom with a special regime, the creation of desktop station equipped with an RDP client. appropriate physical network infrastructure, creating a pro- - On computers running MS Windows XP SP3 or higher fessional capacity for the maintenance and management of is available RDP client executable using "mstsc" (Mi- such environment. crosoft Terminal Services Client) in command line. The stations connected to the network must comply with - In general, the RDP protocol is part of the all operating the general rules and requirements of computer networks. It systems MS Windows and Linux. is obvious that such a solution does not only require consid- erable initial, but also ongoing financial support. Other use d) The working environment (file system, disk, CD / DVD of computers in the classroom is considerably limited. Com- drives, sound cards, smart cards, printers, etc.) of termi- puters in the classrooms are used for certain purposes and nal station can be mapped into a virtual machine. their other use during the current semester is impossible. RDP client allows for connection and use of local (local sta- Using older computers for teaching purposes is not appropri- tions) equipment and resources (local resources) such as: ate due to the necessary demands on computer hardware. Generally, a flexible laboratory for such teaching would re- - Mapping local resources to virtual machine quire considerable technical, programmatic, administrative, - Mapping local disks to virtual machine system and in particular human resources and everything The RDP client can set the optimal connection to the related to the considerable financial demands. The current funding rules of the traditional classrooms UWB signifi- remote station. cantly increase operating costs including energy costs, clean- ing, etc. 7. THE COURSES UAPO AND PSDS IN VIRTUAL LABORATORY Compared with other topics in software teaching, provid- ing security experience, has been found particularly difficult The UAPO and PSDS courses require about 30 to 40 by conventional means. Firstly, dedicated laboratories are virtual machines in each semester of the academic year. needed. This introduces big administrative problems, e.g. Virtual machine configuration: 1 processor, 512 MB (1 preparation for exercises needs many efforts to install sys- GB) memory with the possibility of using the pool mecha- tems and to prepare security tools. Secondly, students might nism (dynamic memory allocation), 22 GB disk storage, 1 frequently cause system errors because super-user rights Network Interface have to be given to them in some security tasks. Then, re- covery from failures is needed. It is difficult to maintain such All the virtual machines are registered in the an unstable system in practical use, citation [3]. BOOTP/DHCP and DNS records of UWB central Sauron system. Ad b) Most of the disadvantages greatly eliminates the use of existing opportunities and trends in general computing Physical access to the virtual machine is securely handled and IT technologies. And virtualization is undoubtedly such through vCenter server using vSphere client. This client al- technology. lows work with the virtual machine as with the physical de- vices. 6. BASIC FEATURES OF VIRTUAL ENVIRONMENT The teaching in a virtualization environment on KVD has AT THE KVD been running fours years. Our experience confirms the expe- rience published, I cite: The installation and implemantation of the virtual envi- ronment and existence of virtual laboratories must meet the In advanced courses where students need to install, con- proposed requirements for teaching and have to been inte- figure, and otherwise manipulate application and operating grated to the entire IT environment of UWB. Virtual envi- system settings, this is especially problematic as these activi- ronments also must fully respect the safety and reliability ties threaten the stability of workstations and security of requirements. Various systems and methods for implement- networks. Virtualization platforms offer the capability to ing configurable access control security for virtualization are integrate advanced topics into courses in a way that gives described in the patent US222880 [6]. The student will fully students control so that they can perform hands-on activities realize the practical teaching in the seminars. that would be infeasible on shared physical computers [1]. a) Authentication Information systems educators often encounter control and management issues with regard to shared computers in - to local accounts on Windows Srv 2008 university laboratories; when students use computers in labo- - to the central domain of UWB (Kerberos authentication) ratories, they are using equipment that must be available and Note: this option allows a student to a single authentication operational for the next student [3]. (Single Sign One) using his private account and password. In some settings, students, especially upper-level stu- dents, need exposure to information access controls, pass- b) Physical access to the virtualization environment, to the word-auditing tools, firewalls, encryption, and similar tools, individual virtual machines, to their installation and con- 46 Recent Patents on Computer Science, 2012, Vol. 5, No. 1 Toman and Michalík as well as the tools used by attackers to compromise the se- - Student tries to work with disk, drive capacity increases curity of systems and information. Students may also need to within the file system, cleaning and defragmenting the work with system settings and otherwise manipulate their disk. computers. This is something network administrators work - Student configures Security Settings and Internet hard to prevent [3]. - etc. Establishment and operation of the virtualization tech- nology in our department will offer similar benefits of IS 10. VIRTUAL LABS AS OPTIMAL SOLUTION OF educators and students. In addition, virtualization enables the LICENSING RULES FOR SOME SOFTWARE PROD- student to make changes and stay permanently between ses- UCTS sions so that students can engage in extended and projects that build on one another. This allows the faculty to extend We purchased 10 licenses for the program called Mul- the range of topics in courses in information systems and tisim. Multisim is an electronic schematic capture and simu- integrate and make more risky activities. At the same time as lation program which is part of a suite of circuit design pro- the student works in a virtual environment, the host is unaf- grams. So far, the licenses were installed on concrete 10 fected. physical machines in the traditional computer lab. It is a uni- versal classroom with regular use for teaching. This brought 8. STRUCTURE TEACHING problems of limited possibilities of use of Multisim program. Students can work with Multisim program only in the desig- The structure of teaching in a virtual environment de- nated practice time and then only if the classroom is free. pends on the number of students enrolled in individual Other solution, install such special software in the dedicated courses. Currently teaching is organized as follows: classroom, seems to be largely ineffective and inflexible. - UAPO course, 2 semesters in academic year, 20-30 stu- The optimal solution implemented in our environment is the dents, 20-30 VM installation of such special software products on the virtual machines. Such a solution has been realized. The 10 virtual - PSDS course, 1 semester in academic year, 20-30 stu- machines were installed 10 licenses Multisim program. Since dents divided into two groups, 10-15 VM now the students can access to VM with the installed Mul- Structure and organization of learning may also be tisim program using terminal client from any station in the adapted to the requirements and level of students. Our expe- computer lab, from their laptops, from home, from the stu- rience see chapter 9 is similar to the experience of other dent dormitory since now. schools and institutions see [1, 3, 4]. The installation of expensive software products with onerous licensing policies on virtual machimes thus becomes very 9. TASKS FOR STUDENTS flexible, efficient and fully usable. - Student appropriately and correctly configure vSphere Client that allows manipulate and control the virtual ma- 11. VIRTUAL LABS AS E-LEARNING METHOD FOR chine as well as the physical machine. TOMORROW - Student must make correct settings and disc formatting. Virtual labs allow students to explore and design their own lab investigation and there are modules designed to - Student must respect the requirements, messages during provide students with scenarios when applying IT technol- the installation ogy. It offers a virtual security laboratory to users over the - Student installs and properly configures the network Internet, instead of a limited simulation or an expensive card. dedicated laboratory. The virtual laboratory is built with vir- tual machines which are equipped with real security tools. A - Student installs and configures the security of OS as OS user can perform security exercises remotely without manag- updates, firewall configuration (outgoing, incoming traf- ing any software installation and configuration. It is a reli- fic), installs and configures an antivirus program, con- figures an Internet Browser. able tutoring system. In the virtual laboratory, privilege rights can be safely assigned to students for security tasks. - Student sets his user profile as his desktop background, The failures on a virtual machine would not affect the host color and display windows, screensaver, themes, mouse, system and can be detected and recovered in time [7]. The sound, the resolution of monitor etc. ongoing programs of the European Union's use of virtual - Student installs and configures a network printer. labs incorporated into the EnviroGIS project. These are pro- jects aimed at training teachers in the field of environmental - Student creates account and account management pol- education. The teachers appreciate the particular form of icy. distance learning with the use of programs and applications - Student setups and configures network and sharing cen- installed in the virtual lab. The teachers appreciate the oppor- ter. tunity to use the machines in a virtual laboratory by connect- ing their remote locations, from home via the Internet. An- - Student sets Backup and Restore Center other advantage of this solution is the flexible use of expen- - Student configures Remote Access Setup sive licensing schemes for geographical information systems (GIS).