Lab Setup 4 – Host Build

Lab Setup 4 – Host Build

By this stage you’ve decided on using VMware Workstation Professional along with the most appropriate architecture and networking you’re going to be configuring on your VMware host. Now it’s time to get building…

The PC

  • CPU / Memory – The amount of grunt your virtual lab will need will be based solely on how much you’re going to be doing with your virtual machines. Each one you have running will drain system resources so if you’re thinking about multiple VMs running at the same time, think about i5 processors and 16GB of RAM as a minimum. Ultimately, you want to be able to similarly replicate your “real world” physical PCs in your VMs so you’ll want more resources to at least cover that. If in doubt, have as much CPU and memory as you can, and have capacity for future upgrades. If you’re buying new hardware for this lab, consider an Intel NUC 5th/6th/7th Generation with at least 16GB RAM. They’re great and can even run ESXi if you prefer that to VMware Workstation.
  • Hard Disks – VMware virtual machines take up a LOT of disk space when you get motoring with lots of snapshots. For that reason, it makes sense to add some large disks to your machine. 200GB disk space per VM would be reasonable. Create a 50GB partition for Windows (e.g. C:\), a 100GB partition for software and ISOs (e.g. S:\) and a partition for the Virtual Machines (e.g. V:\). If you have access to some ultra fast SSDs then use these for the Virtual Machine drive. Fast SSDs make a world of difference for fast snapshotting and cloning.
  • Network Cards – Running your virtual lab in VMware Workstation as opposed to ESXi is the huge benefit of support for any type of network card, be it an internal built-in Ethernet card, USB based network adaptors and crucially WiFi. By default you’ll do fine with the on-board ethernet adaptor (and maybe wifi too) of your PC, but if you think your network design requires more physical interfaces then grab some more of whatever type you like. Wifi adaptors are great if you’re going mobile, internal adaptors have much better stability and support for ESXi if you ever migrate to that, and USB is great for if you want even more options.
  • Operating System – A solid choice is with Windows 10 Professional. You gain the essential facility of Remote Desktop over the Home edition. Clearly a licensed version is best but you can get a 90 day evaluation version from Microsoft from their Windows trial site.
  • Extra Software – Your VMware host should be a pretty desolate place outside of VMware workstation. Think of it almost as a DMZ between the dirty virtual world and the protected, real, physical world. For that reason you’ll want to put some security software on there such as a software firewall and antivirus programme, and maybe even some other endpoint security tools such as USB device control or application control. At a minimum, enable the Windows firewall and install some Antivirus software you trust (currently…… you may change your mind after some testing!).
  • Backups – Backups are boring but important, so it’s wise to make use of some backup software to back up the host.

Host Setup – Best Practices

  • Patches / Updates – Keep your VMware Host patched with the latest updates as they become available. Windows 10 likes to take care of this for you, along with regular reboots, which will shut down VMware Workstation and its VMs. This is only a problem if you plan to leave VMs running unattended. If you plan on doing that then consider deferring Windows 10 updates, scheduling them for a time that is convenient and/or look at whether you need to auto-start your VMware Workstation and VMs so that they come back up after a reboot. Ideally though, focus on keeping your host as patched as possible.
  • File Sharing – Don’t be tempted to allow open access between your VMs and your host and the physical network for things like file sharing. VMware Workstation is great at allowing all sorts of methods for sending files in and out of a VM, but since you’re handling malware and live infections you’ll want to stop this. By default, don’t allow any vectors for moving files in and out of a VM, whether it be by VMware shared folders, Remote Desktop Copy/Paste or network protocols (e.g. FTP, SMB…). A technique we use is a dedicated VM that acts as an FTP server to all the other VMs and has a read only shared folder back to the Host. This means that only the FTP VM can see the host’s real files, and the VMs can only access them by FTPing to the FTP server VM. This gives you a lot of control and visibility.

Installation Order

Follow this approach:

  1. Physical Build – Get the machine hardware ready with the right CPU, memory, disks and network cards.
  2. Operating System – Install the operating system, backups, patching and security software.
  3. VMware Workstation Installation – Install VMware Workstation Professional. (Usual Next, Next, all the way through and reboot.)
  4. Configure VMware Workstation  – Fine tune VMware to make it ready for creating your virtual machines.

Configure VMware Workstation

Recommended VMware Fine Tuning :

  1. Edit > Virtual Network Editor – Configure this as per your network design. N.B. Each physical adaptor can be bridged to by only one virtual adaptor. If you’re using internal an internal router such as pfSense you may want to disable VMware’s DHCP and configure it on your virtual router, or just rely on VM static IPs.
  2. Edit > Preferences
    1. Workstation – Disable “Enable all shared folders by default”
    2. Memory – Check that this setting allows for enough memory for the Windows PC to operate (the defaults are usually okay here)

Now it’s time to build some virtual machines…..

user-gravatar
Carl Gottlieb

[email protected]

Data Protection Consultant, specialist in anti-malware security solutions and Consulting Director of Cognition Secure. Helping organisations test products for themselves and get the best protection.

Want a few pointers? Fancy a chat? Just want an antivirus product recommendation?