How to set up a Linux lab with no Linux machines

How to set up a Linux lab with no Linux machines

So when you’re told that you might have 30-odd students that need access to Linux for some course they’re doing, and you don’t have any spare machines and don’t want to dual boot with Windows on a computer suite and you don’t have time to do that anyway, what do you do?

Well, one solution is what we’ve done: A Linux virtual machine running on a Hyper-V server, with “child” virtual machines, each accessible from a Windows machine.

Specific for this purpose, Linux will not need a GUI. Everything the students need to use is via the command line, and they also don’t need networking or internet access. I also wanted everything to be as secure as possible, both on the Windows client and Hyper-V server, without giving students unnecessary elevated privileges.

1. Install Hyper-V

Luckily, we had a spare server lying around which could take Hyper-V. One mistake we made was to install Windows Server 2008 R2 with Hyper-V on it. Everything appeared to work, but in order to connect to the virtual machines we created, the student user would need to be in the local administrators group on the server – a big no-no. There were ways around this, but none that I was happy with as permissions elsewhere needed to be changed, or software needed to be installed on client PCs.

Hyper-V on Server 2012 R2 fixes this by creating a Hyper-V Administrators group, so students can go in there instead.

To install Hyper-V, simply open Server Manager on the server, and choose Manage > Add Roles and Features, then use the wizard, selecting Hyper-V as you go.

With Hyper-V installed, it was time to create the “parent” Virtual Machine.

2. Install Parent VM

After testing many distros, we decided on CentOS 6.5 for our students to use. It’s a pretty “normal” Linux distribution, allowed everything our students needed to do, and, when installed GUI-less, has a pretty low memory and disk space footprint. We looked at properly small distros like TTYLinux, but some had issues running in Hyper-V, or didn’t come with the necessary stuff for the students. Some people are probably happy with text editing in vi, but nano, pico or (my personal preference) joe are a bit easier for those new to, well, anything command line related. Yes, you can get these on TTYLinux and other micro-distros, but it was just easier to get them working in CentOS.

It’s up to you anyway, it’s not really that important. To start the creation of a new virtual machine, open Hyper-V manager, right click the server name, and choose New > Virtual Machine. Configure the machine as you see fit.

I found that to install CentOS, I needed at least 512MB RAM for the parent virtual machine. With GUI-less options chosen, however, I found I could drop this down to 96MB once installed, saving a big chunk of RAM. It doesn’t really matter, as this parent machine won’t actually be running once the child machines are set up.

With a CentOS parent machine installed in Hyper-V, I set about configuring it as a generic setup for the students. They were going to need root access and have a couple of non-standard programs installed, so I configured that as necessary. Happy it was all done, I shut down the VM and made a backup.

3. Set up “child” VMs

You could, if you wanted, just duplicate this VM 30-odd times and you’d be done, but that’s very wasteful of server resources, and a pain should you ever need to modify the parent. Hyper-V lets you create child VMs that share the same base hard drive image, but write all modifications to a separate differencing disk image. Have a differencing disk for each student, and you’ve saved a massive amount of disk space. To give you an example, my base CentOS disk is 770MB, but the differencing disk image, after completing several Linux tasks, is just 45MB.

To make sure I didn’t make a mistake, I set the hard drive of the parent VM to read only, and then created a new hard drive in Hyper-V manager. You can do this by right-clicking the server name and choosing New > Hard Disk. The important option to choose in this wizard, is “Differencing” when asked which type of virtual hard disk to create, and when asked which disk to use as a parent, choose the parent Linux virtual disk you created earlier.

You might want to repeat this stage now, creating additional differencing disks for other users.

Now you can create the virtual machines that will use these differencing disks. As before, in Hyper-V manager, right-click the server name and choose New > Virtual Machine. Set it up as before, but when it comes to creating or specifying a virtual disk, point it at the differencing disk you created. Easy! Repeat as necessary, pointing each child VM at a different differencing disk.

Although Hyper-V is quite clever at carving up the actual physical RAM available to give to the virtual machines it is running (even if you give a VM 512MB of RAM, it won’t use it all until necessary), you’ll need to bear in mind possible maximums. With 30 VMs running with up to 96MB each, our server needs at least 2.9GB, in addition to that needed for the Server OS and anything else running on it, to be fully happy. In practice, much less will be needed, but it’s a good idea to plan for the worst. For a server running these machines and nothing else, 4GB should be enough.

That’s the basic server side and VM stuff done. We then found problems when connecting from the client Windows PCs…

4. Connecting to a Linux VM from a Windows PC – take 1

In an ideal universe, this is simple. You install the Remote Server Administration Tools on the student PC, then in Add/Remove Programs add the Windows features for Hyper-V.

Unfortunately (or fortunately, in my opinion), we run Windows 7, and there’s no way to manage Hyper-V on Server 2012 R2 from Windows 7 with these tools. They’ll install, and the “vmconnect.exe” application you would normally use to connect to the virtual machine (which acts like a Remote Desktop connection) will be installed too, but they simply won’t talk to Hyper-V.  If you’re on Windows 8.1, you’re in luck – the RSAT for you will work fine. Bad luck on having to use Windows 8.1 though.

The other downside to having the RSAT on a student PC is it’s another thing for students to try and access and fiddle with. We’d rather not have that. Yes, you can lock it down, but if it isn’t there in the first place, that’s even better.

Thankfully, there’s an alternative which fixes both of these issues – freerdp.

As the name suggests, freerdp is a free alternative to Windows Remote Desktop. It functions like Remote Desktop normally does, but in addition can “remote desktop” virtual machines, like vmconnect can. Sadly, connecting to a virtual machine isn’t as simple with freerdp as it is with vmconnect.

With vmconnect, you simply run it, choose your Hyper-V server, then pick which VM to connect to. With freerdp, you have to tell it in advance. Worse, vmconnect understands friendly VM names (like “CentOS Child 1”), but freerdp needs Hyper-V’s internal VM ID. Unhelpfully, Hyper-V manager doesn’t tell you what this ID is. So a quick diversion…

5. Getting the VM ID to connect to

PowerShell to the rescue! All you need to do to find the VM ID is open up PowerShell on the server and type:

Get-VM “CentOS Child 1” | Select ID

Wait, what? You don’t have the Hyper-V modules for PowerShell installed? Of course you don’t. I didn’t either. To see if you have, you can type (again, on the server):

Get-Command -Module Hyper-V

And see what happens. If you got nothing listed, then you don’t have the Hyper-V stuff for PowerShell installed. Another diversion…

6. Installing Hyper-V modules for PowerShell

Enter these commands in PowerShell on the server, one after another:

Import-Module ServerManager
Add-WindowsFeature RSAT-Hyper-V-Tools -IncludeAllSubFeature

It may take some time, but once installed, you can check to see if it has worked with:

Get-Command -Module Hyper-V

again. Big list of things now? Good – that’s installed. Back to…

7. Getting the VM ID to connect to (reprise)

Now you can try:

Get-VM “CentOS Child 1” | Select ID

and hopefully, some massive alphanumeric string is returned. Copy that down somewhere, as you’ll need it later.

8. Connecting to a Linux VM from a Windows PC – take 2

With the VM ID found, and with freerdp installed, you’re ready to connect to your VM, finally.

You’ll notice that the freerpd exe is actually called wfreerdp.exe, which is because it’s a Windows port the application. That isn’t important. It also doesn’t actually need installing on the Windows client PCs, although some Visual Studio re-distributable libraries might – the program comes with the installer for these if necessary.

To connect to your VM, create a shortcut to wfreerdp and modify the shortcut file (right-click it and choose properties) so that the Target reads:

Path\to\wfreerdp.exe /v:<SERVER>:2179 /vmconnect:<VMID>

Where you’ve replaced Path\to with the path to the exe, <SERVER> with the Hyper-V server name, and <VMID> with the VM ID you carefully squirrelled away earlier.

Now, if you run the shortcut, you’ll get a login box. Type a username with permission to access Hyper-V VMs (in the form DOMAIN\Username) and that user’s password, and lo – a window opens with your VM in it. Oh wait, you did start up your VM first, in Hyper-V manager, right? If not, start it up and try again.

9. Restricting users

Since we only want students who need access to these machines to actually have access to these machines, I set up a group in Active Directory on the domain, and put all the necessary students in it. On the Hyper-V server, I then added this domain group to the local group “Hyper-V Administrators” (the entire reason we went with Server 2012 R” in the first place, remember?).

In addition, there’s a set of permissions (Role assignments) on the server for Hyper-V services. To get to these, open mmc and add the “Authorisation Manager” snap-in. Right click “Authorisation Manager” and choose “Open Authorisation Store”, choose XML file, and browse to “C:\ProgramData\Microsoft\Windows\Hyper-V\InitialStore.xml”. In here you can set which users have which roles, and which permissions each role has. You’ll probably want a role definition for Admins and one for Users, then assign yourself or your Domain Admins group to the Admin role, and your student Hyper-V group to the Users role, but look through all the possible settings to see what suits you.

We put wfreerdp in a network share, to save installing it on every machine, and then locked that folder to only the Hyper-V users group too. We also created a custom shortcut to wfreerdp for each user, pointing at “their” child VM.

10. Beer?

And that’s it, hopefully!

0 Comments

  1. Pingback: Need to emulate linux on windows - Page 2

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.