A nested virtualization tool for information technology practical education
Identifieur interne : 000136 ( Pmc/Corpus ); précédent : 000135; suivant : 000137A nested virtualization tool for information technology practical education
Auteurs : Carlos Pérez ; Juan M. Ordu A ; Francisco R. SorianoSource :
- SpringerPlus [ 2193-1801 ] ; 2016.
Abstract
A common problem of some information technology courses is the difficulty of providing practical exercises. Although different approaches have been followed to solve this problem, it is still an open issue, specially in security and computer network courses.
This paper proposes NETinVM, a tool based on nested virtualization that includes a fully functional lab, comprising several computers and networks, in a single virtual machine. It also analyzes and evaluates how it has been used in different teaching environments.
The results show that this tool makes it possible to perform demos, labs and practical exercises, greatly appreciated by the students, that would otherwise be unfeasible. Also, its portability allows to reproduce classroom activities, as well as the students’ autonomous work.
Url:
DOI: 10.1186/s40064-016-2041-8
PubMed: 27104131
PubMed Central: 4828358
Links to Exploration step
PMC:4828358Le document en format XML
<record><TEI><teiHeader><fileDesc><titleStmt><title xml:lang="en">A nested virtualization tool for information technology practical education</title><author><name sortKey="Perez, Carlos" sort="Perez, Carlos" uniqKey="Perez C" first="Carlos" last="Pérez">Carlos Pérez</name><affiliation><nlm:aff id="Aff1">Departamento de Informática, Universidad de Valencia, Avda. Universidad, s/n, 46100 Burjassot, Valencia Spain</nlm:aff></affiliation></author><author><name sortKey="Ordu A, Juan M" sort="Ordu A, Juan M" uniqKey="Ordu A J" first="Juan M." last="Ordu A">Juan M. Ordu A</name><affiliation><nlm:aff id="Aff1">Departamento de Informática, Universidad de Valencia, Avda. Universidad, s/n, 46100 Burjassot, Valencia Spain</nlm:aff></affiliation></author><author><name sortKey="Soriano, Francisco R" sort="Soriano, Francisco R" uniqKey="Soriano F" first="Francisco R." last="Soriano">Francisco R. Soriano</name><affiliation><nlm:aff id="Aff1">Departamento de Informática, Universidad de Valencia, Avda. Universidad, s/n, 46100 Burjassot, Valencia Spain</nlm:aff></affiliation><affiliation><nlm:aff id="Aff2">IRTIC, Universidad de Valencia, Polígono La Coma, s/n, Paterna, Valencia Spain</nlm:aff></affiliation></author></titleStmt><publicationStmt><idno type="wicri:source">PMC</idno><idno type="pmid">27104131</idno><idno type="pmc">4828358</idno><idno type="url">http://www.ncbi.nlm.nih.gov/pmc/articles/PMC4828358</idno><idno type="RBID">PMC:4828358</idno><idno type="doi">10.1186/s40064-016-2041-8</idno><date when="2016">2016</date><idno type="wicri:Area/Pmc/Corpus">000136</idno><idno type="wicri:explorRef" wicri:stream="Pmc" wicri:step="Corpus" wicri:corpus="PMC">000136</idno></publicationStmt><sourceDesc><biblStruct><analytic><title xml:lang="en" level="a" type="main">A nested virtualization tool for information technology practical education</title><author><name sortKey="Perez, Carlos" sort="Perez, Carlos" uniqKey="Perez C" first="Carlos" last="Pérez">Carlos Pérez</name><affiliation><nlm:aff id="Aff1">Departamento de Informática, Universidad de Valencia, Avda. Universidad, s/n, 46100 Burjassot, Valencia Spain</nlm:aff></affiliation></author><author><name sortKey="Ordu A, Juan M" sort="Ordu A, Juan M" uniqKey="Ordu A J" first="Juan M." last="Ordu A">Juan M. Ordu A</name><affiliation><nlm:aff id="Aff1">Departamento de Informática, Universidad de Valencia, Avda. Universidad, s/n, 46100 Burjassot, Valencia Spain</nlm:aff></affiliation></author><author><name sortKey="Soriano, Francisco R" sort="Soriano, Francisco R" uniqKey="Soriano F" first="Francisco R." last="Soriano">Francisco R. Soriano</name><affiliation><nlm:aff id="Aff1">Departamento de Informática, Universidad de Valencia, Avda. Universidad, s/n, 46100 Burjassot, Valencia Spain</nlm:aff></affiliation><affiliation><nlm:aff id="Aff2">IRTIC, Universidad de Valencia, Polígono La Coma, s/n, Paterna, Valencia Spain</nlm:aff></affiliation></author></analytic><series><title level="j">SpringerPlus</title><idno type="eISSN">2193-1801</idno><imprint><date when="2016">2016</date></imprint></series></biblStruct></sourceDesc></fileDesc><profileDesc><textClass></textClass></profileDesc></teiHeader><front><div type="abstract" xml:lang="en"><sec><title>Background</title><p>A common problem of some information technology courses is the difficulty of providing practical exercises. Although different approaches have been followed to solve this problem, it is still an open issue, specially in security and computer network courses.</p></sec><sec><title>Results</title><p>This paper proposes NETinVM, a tool based on nested virtualization that includes a fully functional lab, comprising several computers and networks, in a single virtual machine. It also analyzes and evaluates how it has been used in different teaching environments.</p></sec><sec><title>Conclusions</title><p> The results show that this tool makes it possible to perform demos, labs and practical exercises, greatly appreciated by the students, that would otherwise be unfeasible. Also, its portability allows to reproduce classroom activities, as well as the students’ autonomous work.</p></sec></div></front><back><div1 type="bibliography"><listBibl><biblStruct></biblStruct><biblStruct></biblStruct><biblStruct></biblStruct><biblStruct><analytic><author><name sortKey="Barrows, H" uniqKey="Barrows H">H Barrows</name></author><author><name sortKey="Tamblyn, R" uniqKey="Tamblyn R">R Tamblyn</name></author></analytic></biblStruct><biblStruct><analytic><author><name sortKey="Bower, T" uniqKey="Bower T">T Bower</name></author></analytic></biblStruct><biblStruct></biblStruct><biblStruct></biblStruct><biblStruct></biblStruct><biblStruct><analytic><author><name sortKey="Burd, Sd" uniqKey="Burd S">SD Burd</name></author><author><name sortKey="Seazzu, Af" uniqKey="Seazzu A">AF Seazzu</name></author><author><name sortKey="Conway, C" uniqKey="Conway C">C Conway</name></author></analytic></biblStruct><biblStruct></biblStruct><biblStruct><analytic><author><name sortKey="Carter, J" uniqKey="Carter J">J Carter</name></author></analytic></biblStruct><biblStruct></biblStruct><biblStruct></biblStruct><biblStruct><analytic><author><name sortKey="Faircloth, J" uniqKey="Faircloth J">J Faircloth</name></author></analytic></biblStruct><biblStruct><analytic><author><name sortKey="Gaspar, A" uniqKey="Gaspar A">A Gaspar</name></author><author><name sortKey="Langevin, S" uniqKey="Langevin S">S Langevin</name></author><author><name sortKey="Armitage, Wd" uniqKey="Armitage W">WD Armitage</name></author><author><name sortKey="Rideout, M" uniqKey="Rideout M">M Rideout</name></author></analytic></biblStruct><biblStruct></biblStruct><biblStruct></biblStruct><biblStruct><analytic><author><name sortKey="Marinescu, Dc" uniqKey="Marinescu D">DC Marinescu</name></author></analytic></biblStruct><biblStruct></biblStruct><biblStruct></biblStruct><biblStruct><analytic><author><name sortKey="O Rady, Mj" uniqKey="O Rady M">MJ O’Grady</name></author></analytic></biblStruct><biblStruct></biblStruct><biblStruct></biblStruct><biblStruct></biblStruct><biblStruct></biblStruct><biblStruct></biblStruct><biblStruct><analytic><author><name sortKey="Raman, R" uniqKey="Raman R">R Raman</name></author><author><name sortKey="Achuthan, K" uniqKey="Achuthan K">K Achuthan</name></author><author><name sortKey="Nedungadi, P" uniqKey="Nedungadi P">P Nedungadi</name></author><author><name sortKey="Diwakar, S" uniqKey="Diwakar S">S Diwakar</name></author><author><name sortKey="Bose, R" uniqKey="Bose R">R Bose</name></author></analytic></biblStruct><biblStruct></biblStruct><biblStruct></biblStruct><biblStruct><analytic><author><name sortKey="Sarkar, Ni" uniqKey="Sarkar N">NI Sarkar</name></author></analytic></biblStruct><biblStruct><analytic><author><name sortKey="Savery, J" uniqKey="Savery J">J Savery</name></author></analytic></biblStruct><biblStruct></biblStruct><biblStruct><analytic><author><name sortKey="Son, J" uniqKey="Son J">J Son</name></author><author><name sortKey="Irrechukwu, C" uniqKey="Irrechukwu C">C Irrechukwu</name></author><author><name sortKey="Fitzgibbons, P" uniqKey="Fitzgibbons P">P Fitzgibbons</name></author></analytic></biblStruct><biblStruct></biblStruct><biblStruct></biblStruct><biblStruct></biblStruct><biblStruct><analytic><author><name sortKey="Xu, L" uniqKey="Xu L">L Xu</name></author><author><name sortKey="Huang, D" uniqKey="Huang D">D Huang</name></author><author><name sortKey="Tsai, W T" uniqKey="Tsai W">W-T Tsai</name></author></analytic></biblStruct></listBibl></div1></back></TEI><pmc article-type="research-article"><pmc-dir>properties open_access</pmc-dir>
<front><journal-meta><journal-id journal-id-type="nlm-ta">Springerplus</journal-id><journal-id journal-id-type="iso-abbrev">Springerplus</journal-id><journal-title-group><journal-title>SpringerPlus</journal-title></journal-title-group><issn pub-type="epub">2193-1801</issn><publisher><publisher-name>Springer International Publishing</publisher-name><publisher-loc>Cham</publisher-loc></publisher></journal-meta><article-meta><article-id pub-id-type="pmid">27104131</article-id><article-id pub-id-type="pmc">4828358</article-id><article-id pub-id-type="publisher-id">2041</article-id><article-id pub-id-type="doi">10.1186/s40064-016-2041-8</article-id><article-categories><subj-group subj-group-type="heading"><subject>Software</subject></subj-group></article-categories><title-group><article-title>A nested virtualization tool for information technology practical education</article-title></title-group><contrib-group><contrib contrib-type="author"><name><surname>Pérez</surname><given-names>Carlos</given-names></name><address><email>Carlos.Perez@uv.es</email></address><xref ref-type="aff" rid="Aff1"></xref></contrib><contrib contrib-type="author" corresp="yes"><name><surname>Orduña</surname><given-names>Juan M.</given-names></name><address><email>Juan.Orduna@uv.es</email></address><xref ref-type="aff" rid="Aff1"></xref></contrib><contrib contrib-type="author"><name><surname>Soriano</surname><given-names>Francisco R.</given-names></name><address><email>Francisco.R.Soriano@uv.es</email></address><xref ref-type="aff" rid="Aff1"></xref><xref ref-type="aff" rid="Aff2"></xref></contrib><aff id="Aff1"><label></label>Departamento de Informática, Universidad de Valencia, Avda. Universidad, s/n, 46100 Burjassot, Valencia Spain</aff><aff id="Aff2"><label></label>IRTIC, Universidad de Valencia, Polígono La Coma, s/n, Paterna, Valencia Spain</aff></contrib-group><pub-date pub-type="epub"><day>12</day><month>4</month><year>2016</year></pub-date><pub-date pub-type="pmc-release"><day>12</day><month>4</month><year>2016</year></pub-date><pub-date pub-type="collection"><year>2016</year></pub-date><volume>5</volume><elocation-id>443</elocation-id><history><date date-type="received"><day>24</day><month>9</month><year>2015</year></date><date date-type="accepted"><day>22</day><month>3</month><year>2016</year></date></history><permissions><copyright-statement>© Pérez et al. 2016</copyright-statement><license license-type="OpenAccess"><license-p><bold>Open Access</bold>This article is distributed under the terms of the Creative Commons Attribution 4.0 International License (<ext-link ext-link-type="uri" xlink:href="http://creativecommons.org/licenses/by/4.0/">http://creativecommons.org/licenses/by/4.0/</ext-link>), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.</license-p></license></permissions><abstract id="Abs1"><sec><title>Background</title><p>A common problem of some information technology courses is the difficulty of providing practical exercises. Although different approaches have been followed to solve this problem, it is still an open issue, specially in security and computer network courses.</p></sec><sec><title>Results</title><p>This paper proposes NETinVM, a tool based on nested virtualization that includes a fully functional lab, comprising several computers and networks, in a single virtual machine. It also analyzes and evaluates how it has been used in different teaching environments.</p></sec><sec><title>Conclusions</title><p> The results show that this tool makes it possible to perform demos, labs and practical exercises, greatly appreciated by the students, that would otherwise be unfeasible. Also, its portability allows to reproduce classroom activities, as well as the students’ autonomous work.</p></sec></abstract><kwd-group xml:lang="en"><title>Keywords</title><kwd>Nested virtualization</kwd><kwd>Network security</kwd><kwd>Computer networks</kwd><kwd>Lecture-based learning</kwd><kwd>System administration</kwd><kwd>Problem-based learning</kwd></kwd-group><funding-group><award-group><funding-source><institution>Springerplus</institution></funding-source><award-id>COMPPLUSSCI15*.</award-id><principal-award-recipient><name><surname>Orduña</surname><given-names>Juan M.</given-names></name></principal-award-recipient></award-group></funding-group><custom-meta-group><custom-meta><meta-name>issue-copyright-statement</meta-name><meta-value>© The Author(s) 2016</meta-value></custom-meta></custom-meta-group></article-meta></front><body><sec id="Sec1"><title>Background</title><p>Security, system administration and computer networks are fundamental elements of information technology (IT) systems today, and many related courses (operating systems, computer network fundamentals, computer and network security, network management, etc.) are included in computer science graduate and postgraduate degrees. A common problem that arises in all these courses is the difficulty of designing practical exercises.</p><p>It is widely accepted that students learn more effectively from courses that provide for involvement in practical activities (e.g., setting up a customized network, installing and configuring network services, testing ethical hacking techniques, etc.), as shown in a wide variety of papers, conferences and books devoted to computer science education (Sarkar <xref ref-type="bibr" rid="CR30">2006</xref>; Trabelsi and Alketbi <xref ref-type="bibr" rid="CR34">2013</xref>; O’Grady <xref ref-type="bibr" rid="CR21">2012</xref>; Carter <xref ref-type="bibr" rid="CR11">2013</xref>). However, it is very difficult to design practical exercises that do not seriously affect the infrastructure where these exercises are done. Operating system administration exercises or penetration tests are examples of such activities, that may be even illegal. Simulation tools such as Packet Tracer from Cisco (<xref ref-type="bibr" rid="CR12">2014</xref>) could be an alternative to real systems. However, the complexity of simulating real systems make these tools to focus on certain subsystems (i.e. the network), thus limiting their scope.</p><p>Virtualization techniques were proposed some years ago as an efficient alternative for teaching computer networks related courses in a secure and controlled environment (Bulbrook <xref ref-type="bibr" rid="CR8">2006</xref>; Gaspar et al. <xref ref-type="bibr" rid="CR15">2008</xref>; Pizzonia and Rimondini <xref ref-type="bibr" rid="CR23">2008</xref>; Burd et al. <xref ref-type="bibr" rid="CR9">2009</xref>), and they are currently used in many courses (Faircloth <xref ref-type="bibr" rid="CR14">2011</xref>; Salah <xref ref-type="bibr" rid="CR29">2014</xref>; Raman et al. <xref ref-type="bibr" rid="CR27">2014</xref>). These proposals use virtualization in order to set up network and computer infrastructures that resemble the actual ones (even in the user interface), while they provide the required security and isolation from the actual infrastructures. These tools provide users with an easily reproducible environment, and they allow students’ autonomous work. Virtualization and nested virtualization tools have also been proposed in many education environments (Bower <xref ref-type="bibr" rid="CR5">2010</xref>; Wannous et al. <xref ref-type="bibr" rid="CR35">2012</xref>).</p><p>Traditionally, two different approaches have been used: the first one is to provide copies of virtual machine images to the students so that they run them in its own computer, and the second one is to setup a virtual laboratory using the institution’s infrastructure, providing students with remote access. Both of these approaches present some inconveniences. The first one should be limited to a single virtual machine in order to provide ease of use. Otherwise, it requires that each student configures its own virtual lab using several images and creating its own virtual network infrastructure (a non-trivial and error-prone process, which is bounded by the resources of the host computer). The second approach requires significant investment in infrastructure resources, and the requirements are proportional to the number of students. Additionally, the availability of the resources cannot be guaranteed once the course finishes (for example, in subsequent years).</p><p>The advent of cloud computing and the increasing availability of web services during the last years (Marinescu <xref ref-type="bibr" rid="CR18">2013</xref>; Amazon <xref ref-type="bibr" rid="CR3">2014</xref>; Google <xref ref-type="bibr" rid="CR16">2014</xref>) has allowed to go one step further, and some cloud-based virtualization tools for online teaching have been proposed (Salah <xref ref-type="bibr" rid="CR29">2014</xref>; Willems et al. <xref ref-type="bibr" rid="CR36">2011</xref>; Abraham <xref ref-type="bibr" rid="CR1">2013</xref>; Xu et al. <xref ref-type="bibr" rid="CR37">2014</xref>). Nevertheless, the deployment of cloud services adds some drawbacks to virtualization tools. First, the use of a given cloud infrastructure forces the user to learn and use a concrete technology and services, making the course dependent on a given service provider. Second, the number of students in a given course may require a cloud infrastructure size that exceeds the maximum size that the provider offers for free, increasing the cost of the course. Third, the use of cloud resources may add significant latencies that affect the interactivity of the exercises. Finally, the reproducibility and usability along time is seriously affected, since students are not guaranteed that the cloud infrastructure is accessible some time after the course finishes (Son et al. <xref ref-type="bibr" rid="CR33">2012</xref>), like the second approach in the use of virtualization techniques described above.</p><p>In order to avoid the problems introduced by these approaches, this paper proposes NETinVM, a tool based on nested virtualization (virtual machines inside a virtual machine) that includes a fully functional lab in a single virtual machine. This lab comprises three interconnected networks with several computers attached to each network, providing a portable and realistic scenario for teaching courses related to security, system administration and computer networks. The paper analyzes the use of NETinVM in different learning techniques [Problem-Based Learning (PBL) and traditional Lecture-Based Learning (LBL)] applied to courses of different computer science fields. The results show that this tool allows to perform labs and practical exercises that would otherwise be unfeasible. Also, it allows to reproduce the results of the proposed exercises, providing portability and allowing the students to work autonomously.</p><p>The rest of the paper is organized as follows: “<xref rid="Sec2" ref-type="sec">Implementation</xref>” section summarizes the implementation and main features of NETinVM. Next, “<xref rid="Sec9" ref-type="sec">Results and discussion</xref>” section shows the application of NETinVM to different learning and training environments and the results obtained with this tool. Finally, “<xref rid="Sec14" ref-type="sec">Conclusions</xref>” section shows come conclusion remarks and future work to be done.</p></sec><sec id="Sec2"><title>Implementation</title><p>NETinVM is a VMware virtual machine image that includes, ready to run, a computer network of User-Mode Linux (UML) virtual machines. When started, the UML machines form a computer network named “example.net” whose general structure is shown in Fig. <xref rid="Fig1" ref-type="fig">1</xref>. This section, describes these three basic elements (the VMware virtual machine, the UML virtual machines and the virtual network) and how some critical infrastructure issues have been solved. For a detailed description, the NETinVM web page can be consulted (Pérez and Pérez <xref ref-type="bibr" rid="CR24">2014</xref>).<fig id="Fig1"><label>Fig. 1</label><caption><p>General structure of NETinVM. Virtual machines and networks within NETinVM</p></caption><graphic xlink:href="40064_2016_2041_Fig1_HTML" id="MO1"></graphic></fig></p><sec id="Sec3"><title>VMware virtual machine image</title><p>The VMware virtual machine, named <italic>Base</italic>, provides the base to run and monitor the UML virtual machines, and its fully qualified domain name is “base.example.net”. <italic>Base</italic> includes 1 32-bit processor, 2 GB of RAM, a 20 GB SCSI hard disk, a DVD player, 1 network interface connected to VMware’s NAT network, USB controller, 1 sound card, and 1 graphics card. On this virtual hardware, version 12.1 of openSUSE (Novell <xref ref-type="bibr" rid="CR19">2008</xref>) is executed, which provides the KDE desktop, LibreOffice and C/C++ development tools. <italic>Base</italic> also includes the tools needed to monitor the execution of UML machines, such as Tcpdump or Wireshark. Obviously, it also includes UML and the disk image used by the UML virtual machines that will run in it. Even with all these tools installed, <italic>Base</italic> has around 13 GB of free disk space. This storage capacity allows to start and work with the UMLs, and also to install additional tools.</p></sec><sec id="Sec4"><title>UML virtual machines</title><p>The UML virtual machines (UMLs) are created using User-Mode Linux and, depending on the network they are connected to, they assume different roles: corporate workstation, internal server, router, bastion node, external server or Internet node. Each UML has the following virtual hardware: 1 32-bit processor, 128 MB RAM, 1 GB hard drive, and 1 network interface (except the UML that acts as a router—labeled as “fw” in Fig. <xref rid="Fig1" ref-type="fig">1</xref>, which has 3 interfaces). All UMLs use the copy-on-write technique provided by UML. Therefore, all of them initially start using the same file system, and each one writes his changes to a separate sparse file. In this file system the version 6 of Debian (<xref ref-type="bibr" rid="CR13">2008</xref>) is installed, including appropriate tools for teaching networking, system administration and security topics. There are several advantages derived from all UML machines sharing the same root file system, which we call “reference file system” (RFS):<list list-type="order"><list-item><p>It saves space. Using copy-on-write, 19 UML machines can be running taking as little as 0.5 GB of <italic>Base</italic>’s disk.</p></list-item><list-item><p>It simplifies maintenance. Updating all UML machines with the latest security patches or adding a software package to all of them is as simple as doing it in one of them.</p></list-item><list-item><p>It simplifies its use. All UMLs are similar and have the same software installed.</p></list-item></list></p></sec><sec id="Sec5"><title>Virtual networks</title><p>NETinVM is pre-configured to create three interconnected virtual networks, playing the role of the corporate, perimeter and external networks of an organization. These networks are named “int” (for internal network), “dmz” (for DMZ or demilitarized zone, which is often used as a synonym for perimeter network) and “ext” (for external network). The networks are created using the “uml_switch” program included with UML. This program implements a virtual Ethernet hub or switch (configured as a hub in NETinVM). One of the UML machines, “fw” (for firewall), interconnects the three networks providing communication and packet filtering, as shown in Fig. <xref rid="Fig1" ref-type="fig">1</xref>. The rest of UMLs have a single network interface connected to the network they are named after, as follows (where X can be from “a” to “f”): <italic>intX</italic> UMLs are connected to the internal network. These machines only offer the SSH service. <italic>dmzX</italic> UMLs are connected to the perimeter network (DMZ). They are conceived as bastion nodes. In this network there are two machines with alias. “dmza” has the alias “www.example.net” and it provides HTTP and HTTPS services; “dmzb” has the alias “ftp.example.net” and it offers FTP. Finally, <italic>extX</italic> UMLs are connected to networks that are external to the organization (e.g., “Internet”). These three networks are connected through <italic>base</italic> to VMware’s “vmnet8” (NAT) virtual network, which allows the connection of UML to external (real) networks.</p><p>The default gateway for the internal and perimeter networks (machines “intX” and “dmzX”) is “fw”, the default gateway for “fw” is the IP address of “base” in the “ext” network, and the machines on the external network (“extX”) have “base” as the default gateway, and “fw” as the gateway to access the perimeter and internal networks. “fw” applies NAT to all traffic from the internal and perimeter networks that is going out through its external network interface, so that these packets get to the external network with 10.0.0.254 as source IP address. Therefore, the traffic among UML machines of the three networks always goes through “fw”, while the traffic directed to machines outside “base” goes through “fw” if and only if it comes from the internal or the perimeter networks. In any case, the traffic to the outside world always goes through “base”, which, as “fw”, has also enabled IP forwarding and NAT. Communications between “base” and any UML Machine are carried out directly, without passing through “fw” (provided that the IP of “base” corresponding to the network of the UML machine is used). This arrangement is convenient because it allows access from “base” to all UML machines using SSH, regardless of the configuration of routing and packet filtering in “fw”. The UML machines can communicate each other via standard network protocols. All UML machines have the SSH service enabled by default and there are bastion nodes offering HTTP and FTP services, but any other standard IP service can be also configured (NFS, SMTP, ...).</p><p>The configuration of SNAT in “fw” as described above is necessary so that responses to outgoing connections to Internet originated in the internal and perimeter networks get back through “fw”. If SNAT were not active in “fw”, the responses would be sent by “base” directly to the UML machines, thus bypassing “fw”.</p></sec><sec id="Sec6"><title>Inter-machine communication</title><p>The UML machines can communicate each other via standard network protocols. All UML machines have the SSH service enabled by default and there are bastion nodes offering HTTP and FTP services, but any other standard IP service can be also configured (NFS, SMTP, ...).</p><p>Communications between “base” and the UML machines can also be carried out through the network, with the advantage that “base” is directly connected to the three subnets and, therefore, it has access to all UML machines regardless of the configuration of “fw”.</p><p>Also, when a UML virtual machine starts, 3 virtual terminals appears in <italic>Base</italic>. In this way, the user can work with the UMLs even when the network is not operational, as if having physical access to the machines.</p><p>Finally, the UML machines have access to the directory “$HOME/uml/mntdirs/tmp” of <italic>Base</italic> using the path “/mnt/tmp”. To set up this correspondence, it is used UML’s “hostfs” file system. Thus, all of the UMLs and <italic>Base</italic> share a directory through which they can exchange information without network access.</p></sec><sec id="Sec7"><title>Configuration of UMLs</title><p>Although sharing the same reference file system (RFS) is very positive, it is clearly necessary that each UML virtual machine can be adapted to play different roles. For example, ‘fw’ has three network interfaces and performs packet filtering, ‘dmza’ provides HTTP and HTTPS, ‘exta’ only provides SSH, ...</p><p>The RFS includes one and only configuration tool, the script “configure.sh”, which is stored in “base” and is also accessible to the UMLs using the “hostfs” file system introduced before. When starting, every UML tries to run this script, whose algorithm is as follows:<list list-type="order"><list-item><p>Checks if the UML has already been configured. If so, it ends.</p></list-item><list-item><p>Marks the machine as configured.</p></list-item><list-item><p>Applies the default settings.</p></list-item><list-item><p>Applies the network specific settings.</p></list-item><list-item><p>Applies the machine specific settings.</p></list-item></list></p><p>The configuration (the default, network specific or machine specific) involves enabling services and/or execute orders. In any case, as the configuration is done only once per virtual machine, the changes have to be permanent and stored in the machine’s filesystem. For example, if a service “fw” is added, symbolic links must be added to “/etc/rcX.d” (where X is the default run level).</p><p>This configuration mechanism has three key advantages:<list list-type="order"><list-item><p>Configuration (even “configure.sh” itself) can be completely changed without starting any UML machine.</p></list-item><list-item><p>Once they are running (even after the first boot), UMLs have a standard Debian file system, since the only commands executed are those of the standard booting process.</p></list-item><list-item><p>Different configurations can be easily saved so that different exercises begin with a known different initial state.</p></list-item></list></p></sec><sec id="Sec8"><title>Backup and restore</title><p>NETinVM includes a tool for creating and restoring backups. To save the state of all of the UMLs is enough to run the script “uml_backup.sh”. And, to restore a previously saved state, it is just necessary to run the script “uml_restore.sh”. Both utilities use the standard KDE file dialog to select where to store copies (“uml_backup.sh”) and which backup to restore (“uml_restore.sh”). The only requirement is that the UMLs must be stopped to perform a backup or restoration.</p><p>Backups are TGZ files including configuration files (which are small) and copy-on-write files (which are sparse files that include only changes made with respect to the RFS). Thus, each backup usually takes some KB or, at most, a few MB of disk space. This makes it possible to perform dozens of exercises, each one with multiple restoration points, without consuming too much storage space.</p></sec></sec><sec id="Sec9"><title>Results and discussion</title><p>NETinVM has been intensively used at University of Valencia since 2012 for teaching courses related to security, system administration and network planning. These courses are part of the degree curricula for Telematics Engineering and Computer Engineering and master curricula for web services, and they are based on different learning techniques: Problem-Based Learning (PBL) and traditional Lecture-Based Learning (LBL). Also, NETinVM has been used in other scenarios such as books and web-based courses. In this section, we analyze the use of NETinVM in all these environments.</p><sec id="Sec10"><title>Lecture-based learning in a computer security course</title><p>Traditional Lecture-Based Learning, where the teacher makes an oral presentation intended to present the main concepts of the course, is usually complemented with exercises to be carried out by the students. This is the case for computer security, a mandatory course scheduled in the third year of both the Degree in Computer Engineering (DCE) the Degree in Telematics Engineering (DTE). This is an introductory course of computer security and thus it has a wide scope. Nevertheless, it has the goal of providing the students with practical skills. In order to achieve this goal, we have extended the traditional LBL model with the following teaching activities, made possible by NETinVM: demos, exercises and labs. <italic>Demos</italic>, are practical explanations where the teacher performs and discusses the activity with the students in a lecture session. This kind of activity provides the students with deeper insights and it fosters their participation. NETinVM allows the students to reproduce later the same activities or even test new cases. <italic>Exercises</italic> consist of practical assignments involving several hosts and networks that students must do autonomously. By using NETinVM, these activities can be securely performed in a realistic and reproducible scenario. Finally, <italic>labs</italic> are guided sessions where complex exercises are performed by the students under the teacher supervision. NETinVM allows the students to complement the guided session with further optional work. A representative example of a <italic>demo</italic> could be using Snort as a NIDS. This demo consists of running the Snort intrusion detection software (Snor_team <xref ref-type="bibr" rid="CR32">2014</xref>), and showing how alerts are generated when suspicious activities are detected. The examples used were scanning the network with Nmap, connecting as administrator to a remote SQL database, and asking the DNS server for a zone transfer. While performing these activities, the network traffic was captured with Wireshark and the results were discussed with the students. An example of <italic>exercise</italic> carried out in the classroom is understanding security alerts. Two CVE alerts were selected, and the students were asked to test if “base” or the UML machines were vulnerable, and if there was an exploit that worked against them. Finally, a representative example of <italic>labs</italic> is firewall configuration. Using Linux Iptables, the lab goes from configuring a single machine (personal firewall) to configuring a machine which is responsible for the interconnection and filtering of the three NETinVM networks, thus providing a real case scenario. The lab includes both basic static rules and more advanced possibilities as packet logging or stateful rules.</p><p>Next, we describe some representative examples of these teaching activities carried out during the 2013–2014 year. Two of the demos performed were the following ones:<list list-type="bullet"><list-item><p><italic>Public key cryptography in SSH for server authentication</italic> In this demo, an initial connection to a SSH server is started. Since the server’s public key is not present in the client’s known hosts file, a confirmation message appears. The importance of answering this question is discussed with the students, highlighting that this verification is the only protection against man-in-the-middle attacks.</p></list-item><list-item><p><italic>Using Snort as a NIDS</italic> This demo consists of running the Snort intrusion detection software (Snor_team <xref ref-type="bibr" rid="CR32">2014</xref>), and showing how alerts are generated when suspicious activities are detected. The examples used were scanning the network with Nmap, connecting as administrator to a remote SQL database, and asking the DNS server for a zone transfer. While performing these activities, the network traffic was captured with Wireshark and the results were discussed with the students.</p></list-item></list></p><p>Two examples of the exercises proposed were the following ones:<list list-type="bullet"><list-item><p><italic>Understanding security alerts</italic> Two CVE alerts were selected, and the students were asked to test if “base” or the UML machines were vulnerable, and if there was an exploit that worked against them.</p></list-item><list-item><p><italic>Analysis of Snort rules</italic> Students were asked to perform two kinds of remote access to a database. Each access should trigger a snort alert. They had to capture network activity, correlate the information in the captured packets with the corresponding snort rule, and justify why the alert was or was not generated, depending on the case. This exercise is an extension of the second example demo explained above. In this way, once the session in the classroom finishes, the students can not only reproduce the demo by their own, but they can also extend that demo through this exercise.</p></list-item></list></p><p>Finally, these are two examples of the labs carried out:<list list-type="bullet"><list-item><p><italic>Firewall configuration</italic> Using Linux Iptables, the lab goes from configuring a single machine (personal firewall) to configuring a machine which is responsible for the interconnection and filtering of the three NETinVM networks, thus providing a real case scenario. The lab includes both basic static rules and more advanced possibilities as packet logging or stateful rules.</p></list-item><list-item><p><italic>Forensic analysis</italic> Students are challenged to use The Sleuth Kit (TSK) and Autopsy tools (Carrier <xref ref-type="bibr" rid="CR10">2014</xref>) to construct a time line and retrieve information from a file system image of a hacked UML machine. They have previously learned to obtain file system images in a demo in the classroom. Similarly, another demos have been performed to introduce them to the TSK and Autopsy tools. The challenge includes finding a binary trojan, recovering deleted files related to malicious activity, and finding hidden information in the file system.</p></list-item></list></p><p>It must be noticed that NETinVM permits to easily modify a given activity to become a different kind of activity in a different year. This is possible because the same platform (NETinVM) is used for all three kind of activities, and this platform is available for the students anywhere and anytime. For example, it is easy to change one demo into one or more autonomous exercises. Also, it is easy to convert a lab session into a set of demos or exercises.</p><p>We have qualitatively and quantitatively evaluated the approach followed in this course. The quantitative evaluation comes from numeric evaluations of the course carried out by the students as part of the University of Valencia’s quality assessment protocol. This protocol includes anonymous annual surveys with questions regarding different aspects of the teaching-learning process. The most significant one for our work is the evaluation of the methodology, but we have also included the global average for the course, since it is a global assessment of both the NETinVM tool and its use throughout the course. Numeric values can be between 0 and 5, with a mark of 5 being the best possible score. Table <xref rid="Tab1" ref-type="table">1</xref> shows the quantitative evaluation of the course made by the students. The first row in this table shows the specific results for the methodology followed in the security course, and the second one shows the general results for the course. The first (most-left) column shows the results for the security course in the Degree in Computer Engineering, and for comparison purposes the second column shows the average values obtained in all the courses of this Degree. The two next columns show the analog values for the Degree in Telematics Engineering, and the last column, labelled as “Univ.”, shows the average values obtained by all the courses taught in the University of Valencia. This table shows that the marks obtained by the security course in both degrees are significantly higher than the average values of their degrees and the University. These values clearly show that the students greatly appreciate the approach followed by the course, that NETinVM has made possible.<table-wrap id="Tab1"><label>Table 1</label><caption><p>Students course evaluation</p></caption><table frame="hsides" rules="groups"><thead><tr><th align="left"></th><th align="left">Security (DCE)</th><th align="left">DCE</th><th align="left">Security (DTE)</th><th align="left">DTE</th><th align="left">Univ.</th></tr></thead><tbody><tr><td align="left">Methodology</td><td char="." align="char">4.49</td><td char="." align="char">3.63</td><td char="." align="char">4.04</td><td char="." align="char">3.74</td><td char="." align="char">3.88</td></tr><tr><td align="left">Course average</td><td char="." align="char">4.48</td><td char="." align="char">3.52</td><td char="." align="char">4.08</td><td char="." align="char">3.67</td><td char="." align="char">3.83</td></tr></tbody></table><table-wrap-foot><p>Data from University of Valencia’s quality assessment protocol</p></table-wrap-foot></table-wrap></p><p>In order to complement this evaluation, we have used a reduced version of the Critical Incident Questionnaire, proposed by Brookfield (<xref ref-type="bibr" rid="CR6">2014a</xref>). We have asked the students to write down the best and the worst things about the course. Although they were not specifically asked about the utilization of NETinVM, their comments clearly show that they appreciate the practical approach made possible by this tool. Effectively, the most repeated positive opinions were (in descending order) the following ones: excellent demos; up to date and interesting content; agile and enjoyable classes; excellent laboratory assignments, and Lab assignments closely related to theoretical contents.</p><p>These comments clearly show that using NETinVM throughout the course, and the practical activities that can thus be added to the traditional LBL, are greatly appreciated by the students.</p></sec><sec id="Sec11"><title>Problem based learning in a network planning course</title><p>Problem-based learning (PBL) (Barrows and Tamblyn <xref ref-type="bibr" rid="CR4">1980</xref>; Savery <xref ref-type="bibr" rid="CR31">2006</xref>) is a teaching methodology where the student’s learning process relies on a problem (constructed by the teacher or other students) similar to those problems that the student will face in real life. The teacher is limited to be a “coach” or a moderator, instead of the source of knowledge, while the students should collaboratively solve the problem through cooperative learning. PBL methodology was applied in the context of a network planning course in the Engineering School, at University of Valencia. This is a mandatory course scheduled in the fourth year of the Degree of Telematics Engineering. The course focuses on network planning and management, including saturation and bottleneck detection. Concretely, NETinVM has been used to design a lab session where practical ways of detecting network saturation should be learned through PBL methodology.</p><p>The problem is set up as a team contest for winning the Best Hacker and the Best Administrator Awards. Each team should design and implement a secret procedure that tries to saturate the NETinVM networks. The only rule is that the saturation procedure must not require to become root in any of the NETinVM hosts. As a previous work to the lab session (prior to the contest), each team should design, implement and try as many different procedures they want in order to saturate the networks in NETinVM, and they can demand help to the teacher to guide the process. Prior to the start of the contest, each team should privately present the teacher (the saturation procedure is secret for the rest of the teams) a written report describing the final procedure they have implemented. The awards are based on a single real-time competition that takes place in one or more lab sessions, with as many rounds as participating teams. When it is the turn for each team, that teams becomes the hacker in that round, and the team components should implement the saturation procedure designed by that team in the NETinVM copies of the rest of the teams. The rest of the teams act as administrators in that round, and they should detect the source node (the NETinVM host) and the program(s) causing the network saturation as soon as possible, within maximum time of 20 min. Any erroneous detection is “punished” with the rating of that team as the last one in that round. All the rounds are timed, starting when every team (except the one acting as the hacker) has its NETinVM network saturated, and finishing either when all the teams have found the origin of the network saturation, or when 20 min have passed. After the contest, there is a round table discussion where all the teams present their saturation procedure to the rest of the teams, as well as the strategy and commands/programs used for detecting the origin of the saturation. Since the exercise has not a limited number of solutions, the validity, advantages and disadvantages of each proposal are discussed. The teams are marked in each round as both administrators and hackers. As administrators, the teams are marked according to the time required for finding the cause of the network saturation (in inverse order). As hackers, they are marked according to the time took by the first team that discovered the origin of the saturation (the longer time, the higher they are marked). The aggregated marks for all the rounds will determine the final team rankings for both contests, being the winner of each contest the team heading the ranking. The participation in the contests ensures a minimum mark, but the position in each ranking determines the mark as each of the roles. The final mark obtained by each team is the in the average value of the mark obtained in the two contests. The prize for each contest winner is some additional mark, ranging in 0.5 and 1 points out of 10.</p><p>The final resolution activity took two lab sessions (there were five teams, each one composed of four members), and the students reported an average dedication of 5 h per team member to the particular problem resolution, including team meetings (80 % of time) and individual work (20 %). All the groups showed great interest in the activity, and they developed sophisticated problem solutions showing a deep knowledge of Linux and network fundamentals. No erroneous detections happened in the contest, and one team achieved that the rest of the teams except one exceeded the maximum time to find the origin of the saturation.</p><p>The feasibility of the proposed PBL activity fully relies on NETinVM, since the saturation of any network should significantly affect the actual network infrastructure. Therefore, we asked the students to evaluate the activity, instead of the tool. Concretely, we made an anonymous survey, asking the students (grouped by teams) to evaluate the proposed activity in regard to standard lab sessions where students should perform practical exercises following the guide notes provided by the teacher. A mark of 5 out of 10 corresponds to an evaluation where the students equally value both kinds of lab sessions, a mark of 0 means that they absolutely prefer the standard lab sessions, and a mark of 10 means that they definitely prefer the activity based on PBL methodology. We also asked to report the main feature(s) of the activity that they liked the best. Table <xref rid="Tab2" ref-type="table">2</xref> shows the results of the survey. This table shows that the students significantly prefer the proposed activity. Also, they valued the freedom for designing any feasible solution and the format of contest among the existing teams as the best two aspects of the activity (in that order). The first aspect would not be possible without the use of NETinVM, since it provides the students with a virtual copy of real networks and hosts, allowing them to test any solution. Therefore, these results validate NETinVM as a valuable tool for activities based on PBL methodology.<table-wrap id="Tab2"><label>Table 2</label><caption><p>Evaluation of the activity provided by the students</p></caption><table frame="hsides" rules="groups"><thead><tr><th align="left" rowspan="2"></th><th align="left" colspan="5">Teams</th><th align="left" rowspan="2">Avg.</th></tr><tr><th align="left">1</th><th align="left">2</th><th align="left">3</th><th align="left">4</th><th align="left">5</th></tr></thead><tbody><tr><td align="left">Marks</td><td align="left">8.0</td><td align="left">9.0</td><td align="left">7.0</td><td align="left">8.5</td><td align="left">8.0</td><td align="left">8.1</td></tr></tbody></table></table-wrap></p></sec><sec id="Sec12"><title>Using NETinVM for teaching enterprise web applications development</title><p>Enterprise web applications are built by integrating specialized components (web servers, application servers, database management systems, ...) connected via networks. At postgraduate level, students must be able to develop skills in integrating all of these components in real-world scenarios. This is the case of the Master in Systems and Services in the Information Society, where a common platform for all the courses of the master was desirable. The authors engaged in the project of adapting NETinVM to provide a satisfactory teaching and learning environment for enterprise web application development, including facets such as application development, application deployment, server administration and security.</p><p>The solution consisted of adapting the standard configuration of NETinVM to suit the specific needs of this project. The following changes were performed: Installing and configuring an application server (Glassfish) in “dmzc”; installing and configuring MySQL and LDAP in “intb”; installing and configuring Eclipse in “base”; Adapting the rules at “fw” to the new environment. In particular, the application’s server front-end interface (port 80) had to be publicly accessible, the application’s server administrative interface had to be accessible only from selected nodes of the internal network, and the applications’ server should be able to contact the LDAP and MySQL internal server.</p><p>This adapted version of NETinVM provided master’s students and teachers with a common platform that proved to be appropriate to conduct all the practical exercises and demonstrations, with the following advantages (Pérez et al. <xref ref-type="bibr" rid="CR25">2011</xref>): the students had to learn only a single tool (NETinVM) that was shared by different subjects in different areas, such as operating system administration, computer and network security, and web development; students were able to develop, deploy and test their applications in their own portable environment without compromising real systems or networks; students and teachers shared a common environment, so classroom demonstrations could be reproduced by students; finally, using the same tool throughout the master allowed for better coordination among teachers of different subjects.</p></sec><sec id="Sec13"><title>Other uses of NETinVM</title><p>The ease of portability and reproducibility of a realistic scenario yielded by NETinVM make this virtual machine an ideal tool for Massive Open Online Courses (MOOC). In this way, it has been used as the platform for a new Massive Open Online Course (MOOC) at University of Valencia (Pérez <xref ref-type="bibr" rid="CR26">2016</xref>). In this open course, the networks and virtual machines included in NETinVM are used for providing each student with its own virtual lab where practical network and security exercises can be performed.</p><p>Nevertheless, NETinVM has been successfully used in other scenarios by people not related to the University of Valencia. Effectively, in the book “CASP: CompTIA® Advanced Security Practitioner, Study Guide”, by Gregg (<xref ref-type="bibr" rid="CR17">2012</xref>), the author uses NETinVM in 11 out of 20 labs. These labs provide a hands-on approach necessary to fully understand the concepts introduced in the book, which is preparatory to the “CompTIA® Advanced Security Practitioner” exam (Brookfield <xref ref-type="bibr" rid="CR7">2014b</xref>). NETinVM is used for labs such as port scanning, network traffic analysis, web vulnerability assessment, system auditing, network intrusion detection, or rootkit detection.</p><p>Another example of use is the paper titled “Using OSSEC with NETinVM” (Allen <xref ref-type="bibr" rid="CR2">2010</xref>), submitted by Jon Mark Allen as part of the GIAC (GCIH) Gold Certification from the SANS Institute (<xref ref-type="bibr" rid="CR28">2014</xref>). This paper, presented in September 17, 2010, uses NETinVM as an appropriate virtual scenario for installing and customizing the host-based intrusion detection system OSSEC (<xref ref-type="bibr" rid="CR20">2014</xref>). Using NETinVM allowed the author to configure OSSEC to comply with a security policy. In addition, it also made possible launching attacks, checking that alerts were effectively generated, and seeing how OSSEC automatically responded to the attacks.</p><p>Finally, NETinVM has also been adapted to suit more specific requirements. This is the case of the “Lab in a box” of the PenTestlaboratory, where NETinVM was modified to build a virtual laboratory for penetration testing courses (PenTestlaboratory <xref ref-type="bibr" rid="CR22">2014</xref>). In this set up, UML machines where specifically configured to be vulnerable, in order to become potential targets of pentesters.</p></sec></sec><sec id="Sec14"><title>Conclusions</title><p>This paper has proposed NETinVM, a tool based on nested virtualization that includes a fully functional lab in a single virtual machine. Also, it has analyzed and evaluated how it has been used in different environments. The results show that this tool makes it possible to perform demos, labs and practical exercises, greatly appreciated by the students, that would otherwise be unfeasible. In addition, it allows to reproduce the results of the proposed exercises, providing portability and allowing the students to work autonomously. Also, NETinVM has been adapted to suit other scenarios, such as enterprise web application development or penetration testing.</p><p>As a future work, the authors plan to add support for controlled remote access, thus allowing the instructor to provide students with remote assistance.</p></sec><sec id="Sec15"><title>Availability and requirements</title><p><list list-type="bullet"><list-item><p>Project name: NETinVM</p></list-item><list-item><p>Project home page: <ext-link ext-link-type="uri" xlink:href="http://www.netinvm.org">http://www.netinvm.org</ext-link></p></list-item><list-item><p>Hardware requirements:<list list-type="bullet"><list-item><p>Processor with hardware support for virtualization</p></list-item><list-item><p>4 GB RAM</p></list-item><list-item><p>20 GB of available hard disk space</p></list-item></list></p></list-item><list-item><p>Software requirements:<list list-type="bullet"><list-item><p>VMware Player, VMware Workstation or Virtualbox</p></list-item><list-item><p>Operating system(s): Any of the OS on which VMware or Virtualbox works.</p></list-item></list></p></list-item></list></p></sec></body><back><ack><title>Authors' contributions</title><p>CP is one of the NETinVM tools co-authors, and he has also been one of the instructors of both security and the enterprise web applications development courses described in the “<xref rid="Sec9" ref-type="sec">Results and discussion</xref>” section. JMO has been the instructor of the network planning course described in the “<xref rid="Sec9" ref-type="sec">Results and discussion</xref>” section. FRS has been one of the instructors of the security course described in the “<xref rid="Sec9" ref-type="sec">Results and discussion</xref>” section. Finally, all the authors have participated in the writting of this paper. All authors read and approved the final manuscript. </p><sec id="FPar1"><title>Acknowledgements</title><p>This work has been supported by Springerplus under Grant COMPPLUSSCI15. Also, this work has been supported by Spanish MINECO and EU FEDER funds under Grant TIN2015-66972-C5-5-R.</p></sec><sec id="FPar2"><title>Competing interests</title><p>The authors declare that they have no competing interests.</p></sec></ack><ref-list id="Bib1"><title>References</title><ref id="CR1"><mixed-citation publication-type="other">Abraham S (2013) Virtual learning tools in cyber security education. In: 16th Annual NY State cyberSecurity conference. IEEE, Los Alamitos, CA, pp 408–415</mixed-citation></ref><ref id="CR2"><mixed-citation publication-type="other">Allen JM (2010) Using OSSEC with NETinVM. <ext-link ext-link-type="uri" xlink:href="http://www.sans.org/reading-room/whitepapers/detection/ossec-netinvm-33473">http://www.sans.org/reading-room/whitepapers/detection/ossec-netinvm-33473</ext-link></mixed-citation></ref><ref id="CR3"><mixed-citation publication-type="other">Amazon (2014) Amazon Web Services. <ext-link ext-link-type="uri" xlink:href="http://aws.amazon.com/">http://aws.amazon.com/</ext-link></mixed-citation></ref><ref id="CR4"><element-citation publication-type="book"><person-group person-group-type="author"><name><surname>Barrows</surname><given-names>H</given-names></name><name><surname>Tamblyn</surname><given-names>R</given-names></name></person-group><source>Problem-based learning: an approach to medical education</source><year>1980</year><publisher-loc>New York, NY</publisher-loc><publisher-name>Springer</publisher-name></element-citation></ref><ref id="CR5"><element-citation publication-type="journal"><person-group person-group-type="author"><name><surname>Bower</surname><given-names>T</given-names></name></person-group><article-title>Experiences with virtualization technology in education</article-title><source>J Comput Sci Coll</source><year>2010</year><volume>25</volume><issue>5</issue><fpage>311</fpage><lpage>318</lpage></element-citation></ref><ref id="CR6"><mixed-citation publication-type="other">Brookfield S (2014a) Critical Incident Questionnaire. <ext-link ext-link-type="uri" xlink:href="http://www.stephenbrookfield.com">http://www.stephenbrookfield.com</ext-link></mixed-citation></ref><ref id="CR7"><mixed-citation publication-type="other">Brookfield S (2014b) CompTIA certifications and exams. <ext-link ext-link-type="uri" xlink:href="http://certification.comptia.org/">http://certification.comptia.org/</ext-link></mixed-citation></ref><ref id="CR8"><mixed-citation publication-type="other">Bulbrook H (2006) Using virtual machines to provide a secure teaching lab environment. White paper. Durham Technical Community College, Durham</mixed-citation></ref><ref id="CR9"><element-citation publication-type="journal"><person-group person-group-type="author"><name><surname>Burd</surname><given-names>SD</given-names></name><name><surname>Seazzu</surname><given-names>AF</given-names></name><name><surname>Conway</surname><given-names>C</given-names></name></person-group><article-title>Virtual computing laboratories: a case study with comparisons to physical computing laboratories</article-title><source>J Inf Technol Educ Innov Pract</source><year>2009</year><volume>8</volume><issue>8</issue><fpage>55</fpage><lpage>78</lpage></element-citation></ref><ref id="CR10"><mixed-citation publication-type="other">Carrier B (2014) Autopsy and The Sleuth Kit tools. <ext-link ext-link-type="uri" xlink:href="http://www.sleuthkit.org/index.php">http://www.sleuthkit.org/index.php</ext-link></mixed-citation></ref><ref id="CR11"><element-citation publication-type="book"><person-group person-group-type="editor"><name><surname>Carter</surname><given-names>J</given-names></name></person-group><source>ITiCSE ’13: proceedings of the 18th ACM conference on innovation and technology in computer science education</source><year>2003</year><publisher-loc>New York, NY</publisher-loc><publisher-name>ACM</publisher-name></element-citation></ref><ref id="CR12"><mixed-citation publication-type="other">Cisco (2014) Cisco Packet Tracert. <ext-link ext-link-type="uri" xlink:href="https://www.netacad.com/es/web/about-us/cisco-packet-tracer">https://www.netacad.com/es/web/about-us/cisco-packet-tracer</ext-link></mixed-citation></ref><ref id="CR13"><mixed-citation publication-type="other">Debian_Project (2008) Debian: the universal operating system. <ext-link ext-link-type="uri" xlink:href="http://www.debian.org">www.debian.org</ext-link></mixed-citation></ref><ref id="CR14"><element-citation publication-type="book"><person-group person-group-type="author"><name><surname>Faircloth</surname><given-names>J</given-names></name></person-group><source>Penetration tester’s open source toolkit</source><year>2011</year><edition>3</edition><publisher-loc>Sebastopol, CA</publisher-loc><publisher-name>Syngress Publishing</publisher-name></element-citation></ref><ref id="CR15"><element-citation publication-type="journal"><person-group person-group-type="author"><name><surname>Gaspar</surname><given-names>A</given-names></name><name><surname>Langevin</surname><given-names>S</given-names></name><name><surname>Armitage</surname><given-names>WD</given-names></name><name><surname>Rideout</surname><given-names>M</given-names></name></person-group><article-title>March of the (virtual) machines: past, present, and future milestones in the adoption of virtualization in computing education</article-title><source>J Comput Small Coll</source><year>2008</year><volume>23</volume><issue>5</issue><fpage>123</fpage><lpage>132</lpage></element-citation></ref><ref id="CR16"><mixed-citation publication-type="other">Google (2014) Google Cloud Platform. <ext-link ext-link-type="uri" xlink:href="https://cloud.google.com/">https://cloud.google.com/</ext-link></mixed-citation></ref><ref id="CR17"><mixed-citation publication-type="other">Gregg M (2012) CompTIA® Advanced Security Practitioner. Study Guide. Sybex. A Wiley Brand, Hoboken, NJ, USA</mixed-citation></ref><ref id="CR18"><element-citation publication-type="book"><person-group person-group-type="author"><name><surname>Marinescu</surname><given-names>DC</given-names></name></person-group><source>Cloud computing: theory and practice</source><year>2013</year><publisher-loc>Amsterdam</publisher-loc><publisher-name>Elsevier Science</publisher-name></element-citation></ref><ref id="CR19"><mixed-citation publication-type="other">Novell I (2008) openSUSE.org. <ext-link ext-link-type="uri" xlink:href="http://software.opensuse.org/121">http://software.opensuse.org/121</ext-link></mixed-citation></ref><ref id="CR20"><mixed-citation publication-type="other">OSSEC (2014) Open Source SEcurity. <ext-link ext-link-type="uri" xlink:href="http://www.ossec.net">http://www.ossec.net</ext-link></mixed-citation></ref><ref id="CR21"><element-citation publication-type="journal"><person-group person-group-type="author"><name><surname>O’Grady</surname><given-names>MJ</given-names></name></person-group><article-title>Practical problem-based learning in computing education</article-title><source>Trans Comput Educ</source><year>2012</year><volume>12</volume><issue>3</issue><fpage>10</fpage><lpage>11016</lpage></element-citation></ref><ref id="CR22"><mixed-citation publication-type="other">PenTestlaboratory (2014) Lab in a Box. <ext-link ext-link-type="uri" xlink:href="http://pentestlab.org/lab-in-a-box">http://pentestlab.org/lab-in-a-box</ext-link></mixed-citation></ref><ref id="CR23"><mixed-citation publication-type="other">Pizzonia M, Rimondini M (2008) Netkit: easy emulation of complex networks on inexpensive hardware. In: Proceedings of the 4th international conference on testbeds and research infrastructures for the development of networks & communities, pp 1–10</mixed-citation></ref><ref id="CR24"><mixed-citation publication-type="other">Pérez C, Pérez D (2014) NETinVM: a tool for teaching and learning about systems, networks and security. <ext-link ext-link-type="uri" xlink:href="http://www.netinvm.org">http://www.netinvm.org</ext-link></mixed-citation></ref><ref id="CR25"><mixed-citation publication-type="other">Pérez C, Gutiérrez J, Grimaldo F, Castro I (2011) A virtual web lab for teaching enterprise web applications development. In: ICERI2011, International conference of education, research and innovation, pp 408–415</mixed-citation></ref><ref id="CR26"><mixed-citation publication-type="other">Pérez C (2016) UV006 Seguridad informática práctica. <ext-link ext-link-type="uri" xlink:href="http://uvx.uv.es/courses">http://uvx.uv.es/courses</ext-link></mixed-citation></ref><ref id="CR27"><element-citation publication-type="journal"><person-group person-group-type="author"><name><surname>Raman</surname><given-names>R</given-names></name><name><surname>Achuthan</surname><given-names>K</given-names></name><name><surname>Nedungadi</surname><given-names>P</given-names></name><name><surname>Diwakar</surname><given-names>S</given-names></name><name><surname>Bose</surname><given-names>R</given-names></name></person-group><article-title>The vlab oer experience: modeling potential-adopter student acceptance</article-title><source>IEEE Trans Educ</source><year>2014</year><volume>57</volume><issue>4</issue><fpage>235</fpage><lpage>241</lpage><pub-id pub-id-type="doi">10.1109/TE.2013.2294152</pub-id></element-citation></ref><ref id="CR28"><mixed-citation publication-type="other">SANS I (2014) SANS information security training and cyber certifications. <ext-link ext-link-type="uri" xlink:href="http://www.sans.org">http://www.sans.org</ext-link></mixed-citation></ref><ref id="CR29"><mixed-citation publication-type="other">Salah K (2014) Harnessing the cloud for teaching cybersecurity. In: Proceedings of the 45th ACM technical symposium on computer science education. ACM, New York, NY, pp 529–534. doi:10.1145/2538862.2538880</mixed-citation></ref><ref id="CR30"><element-citation publication-type="journal"><person-group person-group-type="author"><name><surname>Sarkar</surname><given-names>NI</given-names></name></person-group><article-title>Teaching computer networking fundamentals using practical laboratory exercises</article-title><source>IEEE Trans Educ</source><year>2006</year><volume>49</volume><issue>2</issue><fpage>285</fpage><lpage>291</lpage><pub-id pub-id-type="doi">10.1109/TE.2006.873967</pub-id></element-citation></ref><ref id="CR31"><element-citation publication-type="journal"><person-group person-group-type="author"><name><surname>Savery</surname><given-names>J</given-names></name></person-group><article-title>Overview of problem-based learning: definitions and distinctions</article-title><source>Interdiscip J Probl Based Learn</source><year>2006</year><volume>1</volume><fpage>9</fpage><lpage>29</lpage></element-citation></ref><ref id="CR32"><mixed-citation publication-type="other">Snort_team (2014) The Snort Project. <ext-link ext-link-type="uri" xlink:href="https://www.snort.org/">https://www.snort.org/</ext-link></mixed-citation></ref><ref id="CR33"><element-citation publication-type="journal"><person-group person-group-type="author"><name><surname>Son</surname><given-names>J</given-names></name><name><surname>Irrechukwu</surname><given-names>C</given-names></name><name><surname>Fitzgibbons</surname><given-names>P</given-names></name></person-group><article-title>A comparison of virtual lab solutions for online cybersecurity education</article-title><source>Commun IIMA Int Inf Manag Assoc</source><year>2012</year><volume>12</volume><issue>4</issue><fpage>81</fpage><lpage>96</lpage></element-citation></ref><ref id="CR34"><mixed-citation publication-type="other">Trabelsi Z, Alketbi L (2013) Using network packet generators and snort rules for teaching denial of service attacks. In: Proceedings of 18th ACM conference on innovation and technology in computer science education. ACM, New York, NY, pp 285–290</mixed-citation></ref><ref id="CR35"><mixed-citation publication-type="other">Wannous M, Nakano H, Nagai T (2012) Virtualization and nested virtualization for constructing a reproducible online laboratory. In: Global engineering education conference (EDUCON), 2012 IEEE, pp 1–4. doi:10.1109/EDUCON.2012.6201022</mixed-citation></ref><ref id="CR36"><mixed-citation publication-type="other">Willems C, Klingbeil T, Radvilaviciusyz L, Cenysz A, Meinel C (2011) A distributed virtual laboratory architecture for cybersecurity training. In: IEEE Proceedings of the 6th international conference on internet technology and secured transactions. IEEE, Los Alamitos, CA, pp 408–415</mixed-citation></ref><ref id="CR37"><element-citation publication-type="journal"><person-group person-group-type="author"><name><surname>Xu</surname><given-names>L</given-names></name><name><surname>Huang</surname><given-names>D</given-names></name><name><surname>Tsai</surname><given-names>W-T</given-names></name></person-group><article-title>Cloud-based virtual laboratory for network security education</article-title><source>IEEE Trans Educ</source><year>2014</year><volume>57</volume><issue>3</issue><fpage>145</fpage><lpage>150</lpage><pub-id pub-id-type="doi">10.1109/TE.2013.2282285</pub-id></element-citation></ref></ref-list></back></pmc></record>Pour manipuler ce document sous Unix (Dilib)
EXPLOR_STEP=$WICRI_ROOT/Ticri/CIDE/explor/TelematiV1/Data/Pmc/Corpus
HfdSelect -h $EXPLOR_STEP/biblio.hfd -nk 000136 | SxmlIndent | more
Ou
HfdSelect -h $EXPLOR_AREA/Data/Pmc/Corpus/biblio.hfd -nk 000136 | SxmlIndent | more
Pour mettre un lien sur cette page dans le réseau Wicri
{{Explor lien
|wiki= Ticri/CIDE
|area= TelematiV1
|flux= Pmc
|étape= Corpus
|type= RBID
|clé= PMC:4828358
|texte= A nested virtualization tool for information technology practical education
}}
Pour générer des pages wiki
HfdIndexSelect -h $EXPLOR_AREA/Data/Pmc/Corpus/RBID.i -Sk "pubmed:27104131" \
| HfdSelect -Kh $EXPLOR_AREA/Data/Pmc/Corpus/biblio.hfd \
| NlmPubMed2Wicri -a TelematiV1
| This area was generated with Dilib version V0.6.31. |  |