Collaboration Policy: CP-9 (Work in groups, hand in a group submission) SI455 – Advanced Computer Networking Lab1: Creating a Virtual Network (v1.1) Due 16 Jan by start of class Glossary CLASS: refers to all students in a single section. TEAM: refers to a team of 4-5 students. STUDENT: refers to an individual within a team. HOST OS: the operating system of the physical PC that each student is using GUEST OS: the operating system that is running within a Virtual Machine VIRTUAL NETWORK: refers to the virtual machines running in the vSphere server PC: the physical workstation for each student For Lab 1, each student must complete the following six tasks and complete the checklist at the end of this document. Hand in the completed checklist to your instructor. Be prepared to show your instructor your running network the day that the lab is due. Goals By the end of this Lab, each student should: 1. be able to log into the vSphere virtual network, 2. be able to create a VM on their host OS from a downloaded ISO file, 3. be able to convert & upload their VM to the vSphere virtual network, 4. be able to connect their VM to a virtual switch 5. be able to create a Linux DHCP server 6. be able to set either a static or dynamic IP address for machines in the virtual network Background We will be building a network of Virtual Machines this semester. Each group will create a separate network for this first lab. In later labs, we will connect the groups’ networks to each other and make some services available publicly. We will eventually be attacking and defending these networks. The goal of these labs is for each student to be able to perform all of the tasks required to build and maintain a complete network for a small organization. 1 Collaboration Policy: CP-9 (Work in groups, hand in a group submission) Big-Picture goals for this lab It is important that you understand why you are performing the tasks in this lab. Here are the big-picture steps that you need to achieve: 1. Build a Linux VM on your local machine. ISOs are available from the Internet. You need to be able to download one and build a VM locally. This is a skill that you previously used in IC322. You can use VMware Player to build your VM. 2. Patch and update the VM. Our virtual network does not have access to the Internet. Once you upload it to carol, you will not be able to add new software. For now, your VMs must be built while on your local machine. 3. Convert & upload the VM to carol. The files that create a local VM are formatted differently for use with VMware Player than for ESXi. Use the “VMware vCenter Converter Standalone Client” to both convert and upload your files. 4. Connect your new VM to your group’s network. You will need to create a virtual switch in the ESXi server for your group, and connect your VMs to your group’s switch. Once you set your IP addresses properly your VMs should be able to communicate. 5. Add a DHCP server. This will allow your workstations to use dynamic IP addresses. 6. Add a webserver. This is just to give your network a reason to exist. Here is an overview of the network that your group will build by the end of this lab: • Each group is named after a color (red, green, blue, gold) • Where the word “color” appears below, substitute your actual group’s name. e.g. “color1” → red1, blue1, green1 or gold1 “colorweb” → redweb, blueweb, greenweb, or goldweb • “colorN” represents the Ubuntu workstations for each member of the group. 2 Collaboration Policy: CP-9 (Work in groups, hand in a group submission) Task 1: Build a User Workstation (Each group member builds their own) This task will walk you through downloading and installing the VMs for your personal workstations. Each student will have their own Linux workstation in the virtual network. We will use Ubuntu Server 12.04 - a popular version of Linux that is considered easy to install and maintain. The Server version is command-line only and does not come with a built-in GUI. We will be installing LXDE for an X11 desktop environment. 1. Human coordination. Each workstation in your group needs a name and IP address. You will need to assign machine names amongst yourselves (e.g. red1, red2, etc.) and agree to a static IP addressing system that you can use until you get your DHCP server operational. 2. Start the vSphere client software a. Login to your classroom PC b. Click (Start→All Programs→VMware→VMware vSphere Client) c. Enter “gertie.cs.usna.edu” for IP address d. Enter your ACADEMY user name e. Enter your ACADEMY password f. Do not select “Use Windows session credentials” g. Click “Login” h. Accept/install any required certificates VMware tip: When you see a file named *.iso, that file was created by taking a snapshot of a complete CD or DVD. We usually use ISO files rather than actual CDs to install new OSs, since they are easier to obtain. When we load an OS from an ISO, we are simulating putting an install disk in the drive and rebooting the machine. 3. Create a Linux VM a. Create a directory on your Desktop named NOTE: “SI455Lab1”. The 64-bit version would normally b. Download an ISO file. Go to the following URL be preferable, but trying it resulted in in a browser on your host machine: some installation errors. The 32-bit http://www.ubuntu.com/download/server. Under version will be easier for us to build "Choose your flavour", select "32-bit". Click "Get and maintain. Ubuntu". You may be taken to a screen that asks for a donation. Linux is free to download, so this is not required. Click "Not now, take me to the download" to continue. Save the ISO file in the default location: C:\Users\<loginname>\Downloads\. c. Start the VMware player (Start→All Programs→VMware→VMware Player) d. Click "Create a New Virtual Machine" e. Click on "Installer disc image file (iso)" f. Click "Browse" and select your ISO file from the Downloads directory. Click "Next". g. "Personalize Linux page": By default, Ubuntu does not use a "root" account - the first user-account created is automatically a regular user who gain root privileges by running “sudo”. 3 Collaboration Policy: CP-9 (Work in groups, hand in a group submission) i. Enter your actual full name ii. For username, use your last name (max 32 characters) iii. Pick a unique password - do not recycle one you have used before iv. Click "Next" when done h. "Name the virtual machine": i. Pick a unique name for each machine in your Team ii. Under location, Browse to your private Desktop SI455Lab1 directory. iii. Create a subdirectory with your machine name. Select it. iv. Click "Next" VMware tip: i. "Specify Disk Capacity" page: This indicates VMware gives you lots of popups how much space will be taken up by the virtual asking you to upgrade or install more hard drive. Normally you want to take the software. Disregard all of them. default value, but since we are not going to install much new software or load files, we can use a lot less. Reduce it to 5.0GB and click "Next". j. "Ready to Create Virtual Machine" page: This shows the settings for virtual memory, CPUs, peripherals, etc. Click "Finish" to accept the defaults. Your computer is going to spend several minutes installing. 4. Login. When installation complete, your VM will prompt you for your password. 5. Update VM. a. Download list of updatable packages with “sudo apt-get update” b. Install new packages with “sudo apt-get upgrade” 6. Install a windows manager on the VM. The “Ubuntu Desktop” version of the Os comes with the “Gnome” windows manager with the “Unity” add-on. This is too large for our tastes – it is hard to build a VM with Gnome that requires less than 12GB. We are going to use the LXDE windows manager, which is more bare-bones. a. Type “df .” to check the space available on the main partition. It should show about 4GB allocated and 2.7GB still available. b. Type “sudo apt-get install lxde” c. Type “sudo reboot” to reboot in the windowed environment d. Put the terminal icon on the desktop: i. Click the “Start” icon in the lower-left corner of the VM’s desktop ii. Select “Accessories” iii. RMB on “LXTerminal” iv. LMB on “Add to desktop” e. Double-click the “LXTerminal” icon on the desktop to open a terminal 4 Collaboration Policy: CP-9 (Work in groups, hand in a group submission) f. Type “df .” to check the space available on the main partition. It should show about 4GB allocated and 2.3GB still available. Adding the LXDE windows manager took up about 0.4GB of disk space. 7. Install miscellaneous other packages the VM. For security reasons, we cannot give Internet access to the VMs on carol. For now, we are going to need to install any software we need on our VMs before we upload them to our ESXi server. Install the following packages: a. sudo apt-get install nmap b. sudo apt-get install openssh-server c. sudo apt-get install gedit d. sudo apt-get install python-scapy e. sudo apt-get install wireshark f. sudo apt-get install thunderbird g. Type “df .” to check the space available on the main partition. It should show about 4GB allocated and 2.0GB still available. Adding these packages took up about 0.3GB of disk space. 8. Cleanup the install files. The apt-get command downloads *.deb files from an Internet repository. It stores the install files in /var/cache/apt/archives. You should occasionally clean this directory out to free up space. a. Run “ls –al /var/cache/apt/archives/”. You should see about 100 *.deb files. b. Run “sudo apt-get clean” to delete the installation files. c. Run “ls –al /var/cache/apt/archives/”. The directory should be mostly empty.. d. Type “df .” to check the space available on the main partition. It should show about 4GB allocated and 2.2GB still available. Removing the installation files freed about 0.2GB of disk space. 9. Upload the VM to carol. This step will copy your VM up to carol and reconfigure the *.vmx files from the VMware Player to the ESXi format. You will still have your local copy of the VM on your machine after this step, but the two VMs will not be connected in any way. a. Logout of the VM. Click “Start→Logout→Shutdown” b. Start the vCenter Converter. Click “Start→All Programs→VMware→VMware vCenter Converter Standalone Client”. c. Select “Connect to a local server” d. Click “Login” e. Click “Convert Machine” f. Conversion Step 1: Source System 5 Collaboration Policy: CP-9 (Work in groups, hand in a group submission) g. h. i. j. k. l. i. Set “Select Source type” to “VMware Workstation or other VMware virtual machine” ii. Click “Browse” and select the *.vmx file for the VM that you created. Click “Open”. iii. Click “Next” Conversion Step 2: Destination System i. Set “Select destination type” to “VMware Infrastructure virtual machine” ii. Set “Server” to “gertie.cs.usna.edu” iii. Set “User name” to your Academy login name (e.g. m179999) iv. Set “Password” to your Academy password v. Click “Next” Conversion Step 3: Destination Virtual Machine i. Select the folder with your group’s color it the “SI455 Adv Networks” tree ii. Click “Next” Conversion Step 4: Destination Location i. In the “Datastore” section, set the droplist to “Datastore1”. ii. Click “Next” Conversion Step 5: Options i. Click “Next” Conversion Step 6: Summary i. Click “Finish” The converter should spend several minutes converting and uploading your files. Do not make any changes to the VM until the upload is complete. 10. Verify that your VM uploaded correctly. Use the vSphere Client for this step. a. Set the vSphere GUI to display the list of VMs and templates. Click “Inventory” in the GUI bar and select “Inventory→VMs and Templates”. The bar should now look like this: b. The tree on the left of the screen shows the list of available VMs and some organizational folders. Open your group’s folder under “CAROL/SI455 Adv Networks”. c. LMB on the name of your VM in the tree to select it d. Select the “Summary” tab in the main window e. Check the following on the Summary page: i. “Guest OS” should show “Ubuntu Linux (32-bit)” ii. “State” should show “Powered Off”. We can only change the network switch while VM is powered off, so leave it off for now. iii. “Storage” should show that your VM is on DataStore1. If it is in the wrong place, then RMB on the name of your VM in the tree and select “Delete from 6 Collaboration Policy: CP-9 (Work in groups, hand in a group submission) Disk”. This will remove it from the incorrect drive. You will need to upload it again using the converter. Make sure that you select the correct upload drive. iv. “Network” shows the switch that your VM is connected to. It defaults to the first item in the list. We will change it to your group’s switch next. f. Connect your VM to your group’s switch i. Click “Edit Settings” ii. Click “Network adapter 1” iii. In the “Network Connection” droplist, select the switch that has your group’s name in it. The options are redprivate/greenprivate/blueprivate/goldprivate. iv. Click OK. v. vSphere will take a minute to reconfigure your VM. Verify that the “Network” box in the Summary page shows your group’s switch. 11. Turn on your VM a. There are three different ways to do this: i. In the summary page, click “Power On” ii. In the tree on the left of the page, RMB your VM’s name and select “Power→Power ON” iii. In the tree on the left of the page, LMB your VM’s name and press “Ctrl B” b. Click on the “Console” tab to see your VM’s screen. It will go through the boot process and give you a login prompt. c. To get a separate window, click on this button just above the main window: d. Login to your VM e. Press “Ctrl-Alt-Enter” to enter/exit full-screen mode. Once we start using this VM as our main OS, we are going to want keep in in full-screen mode and forget about both our host and vSphere. f. You can change the monitor size with Start→Preferences→Monitor Settings. (NOTE: Check the current resolution of the Host OS. You can set the Guest OS to the same resolution in fullscreen mode.) 12. Set your LAN IP address. At this point, let’s forget about out Host OS and vSphere. Maximize your Guest OS. We are going to use a network address of 10.10.1.0 and a netmask of 255.255.255.0. All of your group’s IP addresses will look like this: 10.10.1.X. For our preliminary setup, we are going to use static IP addresses for the user workstations, where X >200. Once we get a DHCP server running, we will shift these to dynamic addresses. Your group should decide which workstation gets which IP address and write them down to avoid confusion. a. Open a terminal window 7 Collaboration Policy: CP-9 (Work in groups, hand in a group submission) b. cd /etc/network/ c. sudo gedit interfaces d. Edit the interfaces file to look like the file below. Set the “address” value in your file to whatever IP address you selected for your personal VM. # The loopback network interface auto lo iface lo inet loopback # The Ethernet network interface auto eth0 iface eth0 inet static address 10.10.1.201 netmask 255.255.255.0 e. f. g. h. Close the editor when done. Run “sudo /etc/init.d/networking restart” to apply these changes. Run “ifconfig” to check that eth0 is online. Ping your own IP address and another group member’s to verify that you are connected. 8 Collaboration Policy: CP-9 (Work in groups, hand in a group submission) Task 2: Build a Webserver (One per group) This task will walk you through creating the VM for your group’s webserver. Two group members can work on this together while the other two build the DHCP server in Task 3. We are going to use the same version of Ubuntu that we used for the user workstations, except we are not going to load a windows manager. You have already done some of these steps, so the second time should be easier. 1. Build a new VM for your server. a. Follow steps 3-5 from Task 1 above. The following steps are slightly different this time: i. Step 3b: You have already downloaded the ISO – no need to do it again. ii. Step 3g: Do not use your own name for the server. Use “owner” for the login name, and select a password that they entire group will know. iii. Step 3h: Name the machine your team’s color plus the word “web” (redweb/greenweb/blueweb/goldweb) b. Stop after Step 5b. Do NOT install the lxde windows manager. 2. Install packages the VM. Install the following packages: a. sudo apt-get install openssh-server b. sudo apt-get install mysql-server mysql-client i. You will be prompted to create a password for the MySQL administrative user. Create one for the group and write it down. The MySQL user name is “root”. c. sudo apt-get install apache2 d. sudo apt-get install php5 libapache2-mod-php5 e. sudo apt-get clean f. Run “df .”. You should have about 2.7GB of disk space available. This is more than enough for a webserver. g. Run “nano”. This is just to check that we have an editor that does not require a windowed environment. (You cannot run gedit without a GUI.) You will need to use either nano or vi to edit files on this machine. Press Ctrl-x to exit nano. 3. Upload the webserver to carol. a. Follow steps 10-12 from Task 1 above. The following steps are slightly different this time: i. Step 10a: Run “sudo shutdown –h now” to logout and power off from the command-line. 4. Set the webserver’s IP address. We are going to use static IP addresses for the servers, and dynamic addresses for the workstations. a. Select the webserver in vSphere and login to it. 9 Collaboration Policy: CP-9 (Work in groups, hand in a group submission) b. cd /etc/network/ c. sudo nano interfaces d. Edit the interfaces file to look like the image below. The address is the same (10.10.1.10) for each group’s web server. e. Press Ctrl-o to save f. Press Ctrl-x to exit nano g. Run “sudo /etc/init.d/networking restart” to apply these changes. h. Run “ifconfig” to check that eth0 is online. i. Ping one of the user workstations to verify that the server is online. 5. Turn on the server’s ssh daemon. This is the last time we will access this server by logging into its console from vSphere. The proper way to access a server is to ssh from a user workstation. We need to turn on the ssh server first. a. Run “sudo start ssh” b. Close the server’s vSphere console window. We will not need it again. 6. Verify that the webserver is serving pages. The apache2 webserver turns on by default. If it is working, then the page should be visible from a workstation. a. Login to one of your user workstations in vSphere. b. Start the Chromium browser (It is one of the icons along the bottom of the taskbar) c. Enter “10.10.1.10” in the browser’s URL bar. You should see the default message “It Works!” if the webserver is running. This is the default page. 7. Login to the webserver with ssh. Run the following from one of the user workstations. a. “ssh owner@10.10.1.10” i. Type “yes” to accept the connection ii. Enter the password for the server when prompted. b. You should now have a shell on the server. The only way to tell right now is to run “ifconfig” and check the IP address. Any commands that you type here will run on the webserver, not your own workstation. c. Type “exit” to leave the ssh session and return to your workstation. Run “ifconfig” again to verify that you are now back on your workstation. 10 Collaboration Policy: CP-9 (Work in groups, hand in a group submission) Task 3: Build a DHCP server (One per group) This task will walk you through creating the VM for your group’s DHCP server. Two group members can work on this together while the other two build the webserver in Task 2. We are going to use the same version of Ubuntu that we used for the user workstations, except we are not going to load a windows manager. You have already done some of these steps, so the second time should be easier. 8. Build a new VM for your server. a. Follow steps 3-5 from Task 1 above. The following steps are slightly different this time: i. Step 3b: You have already downloaded the ISO – no need to do it again. ii. Step 3g: Do not use your own name for the server. Use “owner” for the login name, and select a password that they entire group will know. iii. Step 3h: Name the machine your team’s color plus the word “dhcp” (reddhcp/greendhcp /bluedhcp /golddhcp) b. Stop after Step 5b. Do NOT install the lxde windows manager. 9. Install packages the VM. Install the following packages: a. sudo apt-get install openssh-server b. sudo apt-get install isc-dhcp-server c. sudo apt-get clean d. Run “df .”. You should have about 2.8GB of disk space available. This is way more than enough for a DHCP server. e. Run “nano”. This is just to check that we have an editor that does not require a windowed environment. (You cannot run gedit without a GUI.) You will need to use either nano or vi to edit files on this machine. Press Ctrl-x to exit nano. 10. Upload the DHCP server to carol. a. Follow steps 10-12 from Task 1 above. The following steps are slightly different this time: i. Step 10a: Run “sudo shutdown –h now” to logout and power off from the command-line. 11. Set the DHCP server’s IP address. We are going to use static IP addresses for the servers, and dynamic addresses for the workstations. a. Select the webserver in vSphere and login to it. b. cd /etc/network/ c. sudo nano interfaces d. Edit the interfaces file to look like the image below. The address is the same (10.10.1.5) for each group’s DHCP server. 11 Collaboration Policy: CP-9 (Work in groups, hand in a group submission) e. Press Ctrl-o to save f. Press Ctrl-x to exit nano g. Run “sudo /etc/init.d/networking restart” to apply these changes. h. Run “ifconfig” to check that eth0 is online. i. Ping one of the user workstations to verify that the server is online. 12. Turn on the server’s ssh daemon. This is the last time we will access this server by logging into its console from vSphere. The proper way to access a server is to ssh from a user workstation. We need to turn on the ssh server first. a. Run “sudo start ssh” b. Close the server’s vSphere console window. We will not need it again. 13. Login to the DHCP server with ssh. Run the following from one of the user workstations. a. “ssh owner@10.10.1.5” i. Type “yes” to accept the connection ii. Enter the password for the server when prompted. b. You should now have a shell on the server. The only way to tell right now is to run “ifconfig” and check the IP address. Any commands that you type here will run on the DHCP server, not your own workstation. c. Type “exit” to leave the ssh session and return to your workstation. Run “ifconfig” again to verify that you are now back on your workstation. 14. Configure the DHCP server. This server will give out dynamic IP addresses to each of the workstations. We need to (a) configure the DHCP server to know which IP addresses to give out and (b) reconfigure the workstations to use dynamic addresses instead of static. The DHCP config instructions are here: https://help.ubuntu.com/12.04/serverguide/dhcp.html You will edit the dhcpd.conf file in one of these steps. Begin by deleting all of the lines from the default version of that file. (Most of it is actually commented out already.) Using the format given from the webpage above, add the following data to the file: subnet: 10.10.1.0 netmask: 255.255.255.0 range: 10.10.1.100 10.10.1.199 We do not have a router or DNS set up yet, so leave those options out. 12 Collaboration Policy: CP-9 (Work in groups, hand in a group submission) 15. Configure the workstation for dynamic addressing. You will need to make these changes on each workstation. a. Edit the /etc/network/interfaces file on each workstation and set then to the following: auto lo iface lo inet loopback auto eth0 iface eth0 inet dhcp b. Run “sudo /etc/init.d/networking restart” to apply these changes. c. Run “ifconfig” to check that eth0 is online. Verify that your new IP addresses are in the range 10.10.1.100-10.10.1.199. 13 Collaboration Policy: CP-9 (Work in groups, hand in a group submission) Name: ____________________ Section: ___________ Team: _______________________ SI455 – Computer Networking Lab 1 Checklist Fill in the table below to verify that you have successfully built your network. • Column(2) – enter the IP address as reported by ifconfig, on the eth0 interface. • Column(3) – Run the “ping” command on all of the IP addresses from Column 2. Put a YES in the box if the ping returned successfully. • Column(4) – Verify connectivity with the webserver by retrieving its webpage. For the workstations, run the local browser. For the servers, run the wget command with the webserver’s IP address. This should download the index.html file. If the page is successfully retrieved, put a YES in the box. • Column(5) – Verify whether DHCP is working properly. If the IP address of the workstations was granted by the DHCP server and not created statically, then put a YES in the box. (1) Machine Name (2) IP Address (3) Ping all 6 machines (4) Retrieve page from webserver (5) DHCP functioning properly Workstation 1 Workstation 2 Workstation 3 Workstation 4 Webserver DHCP server Hand in this sheet at the start of class on the day that the lab is due. Be prepared to demonstrate your functioning network as well. 14