Mappingwarenessn 1094548563
Mappingwarenessn 1094548563
Mappingwarenessn 1094548563
DSpace Repository
2016-03
Berndt, Erik W.
Monterey, California: Naval Postgraduate School
http://hdl.handle.net/10945/48563
This publication is a work of the U.S. Government as defined in Title 17, United
States Code, Section 101. Copyright protection is not available for this work in the
United States.
THESIS
by
Erik W. Berndt
March 2016
11. SUPPLEMENTARY NOTES The views expressed in this thesis are those of the author and do not reflect the
official policy or position of the Department of Defense or the U.S. Government. IRB Protocol number ____N/A____.
12a. DISTRIBUTION / AVAILABILITY STATEMENT 12b. DISTRIBUTION CODE
Approved for public release; distribution is unlimited
13. ABSTRACT (maximum 200 words)
i
THIS PAGE INTENTIONALLY LEFT BLANK
ii
Approved for public release; distribution is unlimited
Erik W. Berndt
Lieutenant, United States Coast Guard
B.S., Golden Gate University, 2008
from the
Alan Shaffer
Co-Advisor
Cynthia Irvine
Chair, Cyber Academic Group
iii
THIS PAGE INTENTIONALLY LEFT BLANK
iv
ABSTRACT
v
THIS PAGE INTENTIONALLY LEFT BLANK
vi
TABLE OF CONTENTS
I. INTRODUCTION..................................................................................................1
A. PROBLEM STATEMENT .......................................................................1
1. Primary Question ...........................................................................2
2. Secondary Questions......................................................................2
B. ASSUMPTIONS.........................................................................................2
C. OBJECTIVES ............................................................................................3
D. BENEFITS OF STUDY .............................................................................3
E. ORGANIZATION .....................................................................................3
viii
LIST OF FIGURES
ix
THIS PAGE INTENTIONALLY LEFT BLANK
x
LIST OF ACRONYMS AND ABBREVIATIONS
xi
P2V physical to virtual
PCAS Persistent Close Air Support
RAM random access memory
RDP Remote Desktop Protocol
SATCOM satellite communications
STIG Security Technical Implementation Guide
TCP/IP Transport Control Protocol/Internet Protocol
TDN Tactical Data Network
USB universal serial bus
VM virtual machine
VMDK virtual machine disk
VMP Virtualization Module Program
VMIR Virtualization Module Image Repository
VRDE Virtual Remote Desktop Extension
WAN wide area network
XML EXtensible Markup Language
XSD XML Schema Definition
xii
ACKNOWLEDGMENTS
First and foremost, I would like to acknowledge the love of my life, Mrs. Cheryl
Berndt. You are such a graceful and selfless mother, a capable and resourceful
homemaker, and the best friend that a guy could ask for. Over the past two years, you
expertly managed our growing household almost entirely on your own, allowing me to
focus on this demanding program. I love you more than this poorly wrought blurb could
possibly express.
I also would like to acknowledge my CSO cohorts who taught me such valuable
phrases as “if you wait until the last minute, it only takes a minute,” and “it’s only a lot of
reading if you do it”; thank you for the laughs, the support, and the epic bike rides. I
learned so much from you all, and will miss each and every one of you.
To Mr. John Gibson and Dr. Alan Shaffer: thank you for your guidance, your
long-leash approach to thesis advising, and for the laughs we shared during our meetings.
I appreciate the enthusiasm you both had for the project, and all of the insight your
guidance offered.
Finally, I would like to thank Mr. Ben McGee of the Redstone Arsenal, without
whose technical prowess and patience this project would not have gotten off the ground.
You made this thesis an absolute pleasure to work on, and I am glad to have had you in
my corner.
xiii
THIS PAGE INTENTIONALLY LEFT BLANK
xiv
I. INTRODUCTION
A. PROBLEM STATEMENT
The Mapping Module of the MAVNATT system maps and enumerates the
operational network environment and then compiles an inventory and configuration
details of the nodes within that network. The Module then outputs an open-format graph
1
file containing node elements representing computers and other network devices, edge
elements representing network links, and attribute data describing the configuration of
those elements. Once that open-format graph file is created, the Virtualization Module is
responsible to build the virtual instance of the network based on the information provided
therein. In the development of the MAVNATT virtualization module, we investigated the
following research questions:
1. Primary Question
2. Secondary Questions
Can the prototype meet the functionality requirements that were identified within
McBride’s thesis [1, p. 61], in order to provide a useful training environment?
B. ASSUMPTIONS
MAVNATT can parse the attribute data for use as inputs into the VM
hypervisor and network simulator components of the Virtualization
Module by using each tool’s respective API.
2
Server and workstation operating systems (OS) included within the
operational network shall be created from a gold disk build for each
respective OS within the Virtualization Module. Custom OSs,
applications, and configurations deviating from the gold disk build will be
provided by network administrator intervention following the execution of
the MAVNATT virtualization process.
C. OBJECTIVES
D. BENEFITS OF STUDY
E. ORGANIZATION
3
Chapter II: Background and Previous Work. This chapter outlines the purpose
for creating a network administrator training environment that closely resembles a target
operational network. It then discusses how the MAVNATT Virtualization Module
derives a virtual copy of the operational network based upon the input received from the
Mapping Module. Also discussed is the Awareness Module’s feed into the Virtualization
Module to populate the MAVNATT graphical user interface (GUI) in real time with the
status of network links and node reachability.
Chapter III: System Requirements and Design. This chapter discusses the node
and link attributes of the operational network that are required to create an accurate
virtual instance of the target network, as well as the system requirements necessary to
accommodate the MAVNATT conceptual network that this prototype uses as a sample
input. We also more thoroughly discuss the components of the Virtualization Module and
how they address the MAVNATT system’s functional requirements. Finally, this chapter
also introduces architectural variations of MAVNATT that may enhance the system’s
functionality.
Chapter VI: Conclusion and Future Work. This chapter discusses the
successes and limitations of the MAVNATT Virtualization Module’s prototype and
identifies functional areas that require further refinement in order to mitigate those
limitations.
4
II. BACKGROUND AND PREVIOUS WORK
A. OVERVIEW
5
Figure 1. MAVNATT Conceptual Model [1, p. 58]
B. MAPPING MODULE
C. AWARENESS MODULE
D. VIRTUALIZATION MODULE
The MAVNATT Virtualization Module bears responsibility for parsing the open-
format graph file input, then creating a virtual instance of the operational network based
on the attribute data contained therein. To that end, this research focuses on the
development and integration of four sub-components within the Virtualization Module:
the Virtualization Module Program (VMP), the virtualization hypervisor, the network
simulator, and the wide area network (WAN) emulator.
7
Figure 2. MAVNATT Tkinter GUI Displaying Network
Nodes [1, p. 72]
The MAVNATT GUI provides the network administrator with the following
capabilities:
Allows the execution of a new mapping process of the operational
network by calling the Mapping Module, which enumerates the devices
and their associated connectivity. Upon successful execution of the
mapping process, an open-format graph file is populated with the node
data gathered from the operational network, and is then ready to be used as
an input into the Virtualization Module. Each time the VMP calls the
Mapping Module, it pulls the latest updates from the Awareness Module
before building a new open-format graph input file.
Linux 3.x/2.6/2.4
Solaris 11/10
FreeBSD, OpenBSD
The Virtualization Module uses the MAVNATT virtualization API to create VMs
corresponding to each OS version within the operational network. These VMs are cloned
by the VMP, then loaded into the hypervisor as virtual machine disk (VMDK) files from
a preconfigured gold disk of the OS that resides within the MAVNATT Virtualization
Module Image Repository (VMIR). Since MAVNATT is ultimately intended for use on
the Marine Corps Tactical Data Network (TDN), the standard OS versions and builds
typically used on that network can be included in the VMIR. In an environment with a
well-controlled configuration management process, such as the TDN, achieving OS
parity between the operational network and the virtual network is a realistic goal for
MAVNATT to achieve. Each image included in the VMIR has a corresponding VMDK
file that is used by the virtualization hypervisor to create the VMs with which network
administrators will interface during training scenarios. Once a VM is created, the
Virtualization Module uses the hypervisor’s API to overlay attributes specific to each
10
entity based on operational network data received in the open-format graph file, as
captured by the MAVNATT Mapping Module.
11
Python programming language as MAVNATT and has extensive API availability, which
makes it a strong choice for use in the MAVNATT Virtualization Module. Additionally,
GNS3 provides the ability to emulate supported Cisco devices running a Cisco
internetwork operating system (IOS) image that has been hardened to achieve Defense
Information Systems Agency (DISA) Security Technical Implementation Guidelines
(STIG) compliance [5]. GNS3 provides the flexibility to interface with both physical and
virtual devices, both within and outside of the GNS3 environment, which will allow
MAVNATT to incorporate network devices that are not natively supported by the GNS3
platform.
The MAVNATT Mapping Module can transfer a .cfg configuration file from a
network device on the operational network directly to GNS3, where the file can then be
loaded by the corresponding virtual network device upon system boot [4, p. 33]; this
capability enables configuration parity of network devices between the operational and
virtual networks. GNS3 also integrates natively with VirtualBox, which eliminates the
need for further complexity within the MAVNATT Virtualization Module design. Figure
4 depicts the GNS3 interface loaded with a GraphML input file representing the network
devices from the MAVNATT conceptual network.
12
Figure 4. GNS3 with the MAVNATT Conceptual Network Devices
13
Figure 5. MAVNATT Implementation of a WANem Appliance
14
Figure 6. Simplified MAST Architecture [9, p. 27]
15
A related NPS thesis by Ray Longoria discussed an example of a typical MM
within a MAST scenario:
The objectives of this scenario are to see how the users respond to the
download question and if any users report the events to a system or
network administrator. Such events may be characteristic of a phishing
attack. The results of the training can let a unit know where to focus future
training resources. [9, p. 29]
VMDK files of the SG, SE, and MAST client machines are included in the
Virtualization Module Image Repository (VMIR), which allows the MAVNATT
Virtualization Module to create a virtual MAST environment. The Virtualization Module
uses the MAVNATT hypervisor’s API to provide the network administrator with an
interactive console session with the MAST servers and clients. Once a GraphML input
file representing a MAST environment has been loaded into MAVNATT, the MAST
administration and scenario functionality are identical to the physical installation of
MAST.
E. SUMMARY
This chapter provided a general overview of MAVNATT and its three modules,
and their relationship to this research. Chapter III will discuss the functional requirements
of the Virtualization Module, and how the prototype system design aims to meet those
requirements. Additionally, it thoroughly discusses the Virtualization Module’s
components.
16
III. SYSTEM REQUIREMENTS AND DESIGN
A. OVERVIEW
Requirement: The module must communicate with the Awareness Module. Specifically,
it should receive a network topology to virtualize and return a set of connectors to those
virtual devices.
Solution: We discussed in the previous chapter that the MAVNATT Awareness Module
was not yet developed at the time this research was conducted, therefore a functional
demonstration of the Awareness-Virtualization Module interface cannot be provided at
this time. In lieu of actual inputs from either of the Mapping or Awareness Modules, this
prototype makes use of a static GraphML file that represents a conceptual network. The
prototype is able to read the node and edge object data within the GraphML input file,
and then control the hypervisor and network simulator through their respective APIs to
build the corresponding virtual devices. The prototype is also able to configure those
devices according to the attribute data contained within the file for each node and edge.
Both VirtualBox and GNS3 make their entire feature sets available to developers through
their respective API’s [2] [4]; as such, any device setting or state can be passed from the
17
VMP to the hypervisor or network simulator as a GraphML node or edge attribute. This
capability provides excellent flexibility for future integration with the Awareness and
Mapping Modules.
Requirement: The module must ensure the virtual devices are unable to interfere with
the operational network.
Requirement: The module must infer a virtual device whenever a full specification is
not available.
Solution: A key feature of the prototype’s design is the Virtualization Module image
repository (VMIR), a directory of VMDK and IOS files used to create virtual machines
and virtual network devices within the Virtualization Module’s environment. The virtual
images are baseline copies of OS installations. The VMDK files are loaded into
VirtualBox to create VMs. The IOS files are loaded into GNS3 to create virtual network
devices. The VMP then applies the node attributes to the VM or virtual network device
through the APIs of the hypervisor and network simulator based upon the attribute data
contained within the device’s corresponding GraphML node. If a particular node contains
no data for an attribute, no action is taken to configure that attribute in the VM or virtual
network device. If additional configuration is required for the VM or network device, the
network administrator has the ability to establish a console session with the device,
through the VMP GUI, to apply additional settings manually in the absence of an
automatic process.
18
C. SYSTEM DESIGN
The VMP uses several elements of the GraphML input file to store operational
network data received from Mapping and Awareness Modules. A node object represents
each computer and network device and an edge object represents each network link. Each
of these node and edge objects is assigned an ID, a descriptive value, and an X & Y
coordinate that determines the object’s position on the network diagram. In addition, the
object can be configured with various attributes to describe characteristics that can be
stored as Boolean, int, long, float, double, or string data types [11]. An edge object
typically possesses source and target attributes to establish a connection between two
nodes; this feature of the GraphML language is used by the VMP to create the network
topology. These attributes are stored for each object as data keys and can be set arbitrarily
19
by the system designer. Figure 7 shows an example of a simple GraphML file with six
defined nodes—some with data keys and others without—and associated edges between the
nodes.
The GraphML schema can be extended to add any data key that is needed in order
to further define each node or edge. The key values are defined at the top of the
GraphML object and can be contracted or added to as needed. Specifically, each node is
an object and has an associated mapped graphical icon associated with it for the GUI. As
the GraphML input file is read into MAVNATT at run time, NetworkX combines with
the python Tkinter library to draw the icons for each node, then connects lines between
specific nodes based upon the edge objects in the GraphML input file.
Each node must be defined as a type of object: computer, router, or switch. Each
key has an attribute name defined as attr.name and an attribute type defined as attr.type.
20
An ID is included for each attribute, which corresponds to a data key entry. This pairing
associates a data value with a specific attribute for either a node or an edge, as specified
by the for value. The following example shows a source IP address stored as a string
value in an edge attribute. It also shows that each key can be assigned a for value of
either edge or node:
<data key=“d1”>10.0.0.1</data>
<data key=“d6”>192.168.1.2</data>
<data key=“d7”>eth0</data>
<data key=“d8”>192.168.1.21</data>
<data key=“d9”>eth1</data>
</edge>
<node id=“Windows7_A”>
<data key=“d0”>200</data>
<data key=“d1”>250</data>
<data key=“d2”>computer</data>
<data key=“d3”>Windows7</data>
<data key=“d10”>C:\MAVNATT\VMIR\Windows7_A.vmdk</data>
</node>
21
This node shows a Windows 7 computer, as well as the VMIR directory and the
specific VMDK file the Virtualization Module will use to clone it.
3. Virtualization Hypervisor
22
Reads the hostname, IP address, MAC address, and IP address of the next-
hop device or devices to determine the network topology
Applies these attributes to the VM, then moves to the next VM or network
device in the GraphML input file
In the MAVNATT development end state, the VMP will have the capability of
passing any attributes supported by the VirtualBox platform [2, p. 52] from the GraphML
input file provided by the Mapping and Awareness Modules to the VM clone. More
specifically, if a setting or configuration of a computer residing on the operational
network can be captured by the Mapping and Awareness Modules it can be reproduced
within the VirtualBox hosted VM in the virtual network. This provides great potential for
achieving near-parity between the operational network and its virtual copy.
While this memory usage did not adversely impact the implementation of our
prototype system, it will require additional consideration as MAVNATT is used to map
large-scale operational networks.
23
Figure 8. VirtualBox Virtual Host Machine Baseline RAM/CPU
Utilization
24
Figure 9. VirtualBox Virtual Host with Server 2012, 2048MB RAM
Allocated
4. Network Simulator
25
network device. After creating the underlying project files, the VMP launches GNS3
from the CLI and passes the project.gns file to the program at run time.
In the process of constructing the nodes and edges from the GraphML input file,
GNS3 builds a JSON file to represent each device within the GNS3 project. Figure 10
shows how GNS3 uses this file to represent the network edges for the GraphML input
file, with topological relationships between nodes in the prototype network.
27
Figure 11. WANem Appliance GUI
6. Physical-to-Virtual Process
a. P2V Overview
28
physical drivers used by the source machine are replaced with virtual drivers, which
preserves the original functionality of the system.
b. P2V Benefits
Although P2V conversion deviates from the original design intent of the
MAVNATT Virtualization Module, which is the use of an open-format graph file as a
model of an operational network, there may be several benefits to incorporating P2V into
the MAVNATT architecture. P2V products such as the VMWare vCenter Converter can
output a virtual machine file which results in a virtual instance of a server or workstation
machine that is functionally identical to the physical version [14]. Additionally,
Microsoft offers the native P2V tools Microsoft Virtual Machine Converter (MVMC) and
Disk2vhd for use in converting Microsoft server and workstation OSs, respectively [15].
The primary benefit provided by P2V tools is the functional parity between the
operational and virtual networks that result from the P2V process. Whereas the current
VMIR-based VM cloning process utilized by MAVNATT requires network administrator
intervention to install software applications and customizations that deviate from the gold
disk builds, the P2V process copies each physical machine from the operational network,
then creates an exact copy in the virtual network. Figure 12 provides a graphical
depiction of the VMWare vCenter Converter, and the general P2V concept.
29
Figure 12. VMWare vCenter Converter Concept [14]
a. P2V Drawbacks
Although the P2V process provides an exact copy of the physical environment
within the virtual network, the main drawback is that the process can take an hour or
multiple hours for each device [16]. MAVNATT is intended to be used in tactical
environments, and as such must be a lightweight solution, meaning that the P2V process
would not be feasible as a deployable design. In a more static training environment, the
P2V process could provide functionality enhancements over the process provided by the
standard MAVNATT architecture. Nonetheless, if used by the supported organization
well in advance to field activities a significant database of the organization’s systems
could be established as part of the library of virtual machines available for instantiation
upon deployment through the Virtualization Module Image Repository.
30
D. SUMMARY
31
THIS PAGE INTENTIONALLY LEFT BLANK
32
IV. SYSTEM IMPLEMENTATION
A. OVERVIEW
B. COMPONENT IMPLEMENTATION
1. Prototype Design
33
2. Virtualization Module Conceptual Network
34
Figure 13. MAVNATT Virtualization Module Conceptual Network
35
Figure 14. Conceptual Network GraphML Input File pages 1–2
36
Figure 15. Conceptual Network GraphML Input File pages 3–4
37
Figure 16. Conceptual Network GraphML Input File pages 5–6
38
4. Virtualization Module Program
The VMP is implemented using Python version 3.5.0 and Tkinter version 8.6.4 on
the host machine and from these, the MAVNATT.py file is loaded to start the program.
The VMP reads in the conceptual network’s GraphML input file at run time, and then
parses the node and edge object data against the GraphML schema [17] for validation
purposes. After a successful validation of the GraphML input file, the VMP uses the node
and edge data to draw the network diagram in the Tkinter GUI, as seen in Figure 17.
The VMP inventories the nodes of the GraphML file to determine the type, count,
and configuration of VMs that need to be created, and then executes the create and the
modify commands within VirtualBox through its API to clone and customize each VM.
At this point, the administrator uses the VMP’s context-sensitive menu to execute
the virtualize function of the program. The VMP then builds an associated topology.gns3
JSON topology file from the GraphML input file. The nodes, edges, and their attributes
39
are inventoried, and then corresponding VMs and virtual devices are created within the
topology.gns3 JSON file. Figure 18 shows an example of the JSON file for a VM that
was cloned by the VMP. The hexadecimal globally unique identifier (GUID) in the file
corresponds to an actual VM clone within VirtualBox, and is used by GNS3 to start the
corresponding VM.
5. Virtualization Hypervisor
40
For the prototype system, the 32GB of RAM installed on the host machine in the
development environment was more than adequate. As MAVNATT scales to virtualize a
greater number of computers and network devices on a true operational network, a more
robust hardware platform will be required. An example commercial off the shelf (COTS)
solution is the Dell PowerEdge R420xr ruggedized server [18], which provides the
following specifications:
Form factor 1U rack, 20” rack depth
Processor sockets: 2
Weight: 26.2lbs
6. Network Simulator
Version 1.3.11 of the GNS3 network simulator is installed on the host machine to
provide the network connectivity component of the Virtualization Module. As the VMP
issued a command through the API for GNS3 to load and start the file, the network
simulator creates the corresponding topology within its GUI and starts its own network
devices. GNS3 then starts the VirtualBox VMs through its native integration component
and establishes network connectivity between the devices. Each node on the GNS3
topology map turns to green indicating that it is reachable.
41
7. Wide Area Network Emulator
42
This configuration adds the two WANem network interfaces into a bridge group,
assigns an IP address, subnet mask, and default gateway to the bridge, and then starts it.
At this point, the administrator interacts with the WANem web interface to set the link
parameters manually; a WANem rule set could also be loaded at this point in the process.
Since the WANem appliance is bridged between two routers in the MAVNATT
implementation, only one interface needs to be configured with customized parameters.
After applying the desired link parameters to the WANem interfaces, the emulator begins
passing the network traffic with the characteristics defined by the administrator.
C. SUMMARY
43
THIS PAGE INTENTIONALLY LEFT BLANK
44
V. VIRTUALIZATION MODULE PROTOTYPE TESTING
A. OVERVIEW
B. UNIT TESTING
Test: Does the VMP run a schema validation routine against the GraphML input file and
then accurately draw the corresponding network topology within Tkinter canvas?
Result: Upon loading the GraphML file into the prototype, the VMP references the XML
Schema Definition (XSD) file [22] to ensure the file’s compliance with the format. In
Unit Test 1, the Virtualization Module conceptual network GraphML file passed the
validation routine, and the VMP accurately utilized the Python NeworkX library to draw
the corresponding network topology within Tkinter, as shown in Figure 20. We
successfully tested the VMP validation routine to show that, if the GraphML file does not
pass the schema validation, it will not load into the Tkinter canvas and an error routine
executes. To test a counter example of the validation routine, we loaded another copy of
the conceptual network’s GraphML file that was intentionally non-complaint with the
XML schema, and received the expected error.
45
Figure 20. VMP Network Topology within Tkinter from GraphML
Input File
2. VM Cloning
Test: Does the VMP accurately clone and configure VMs within VirtualBox based on
OS type and count within the GraphML input file?
Result: The VMP is able to utilize the VirtualBox API to clone any of the OS versions
represented within the VMIR. The VMP uses the VboxManage.exe clonehd API function
to create a new instance of any of the VMs within the VMIR, and then passes the
attributes from the GraphML file to the VM as configuration settings through the
VboxManage function. When the user clicks the virtualize button within the GUI, the
VMP clones and configures each of the VMs within the GraphML file.
A functional requirement from McBride’s thesis was for the prototype to infer a
system configuration in the absence of a complete accompanying configuration. As the
VMIR is populated with gold disk images of all anticipated OS versions, the only
required attribute is the OS version itself; other attributes must be manually configured
after the system has been instantiated.
46
3. Topology File Creation
Test: Does the VMP accurately generate the topology.gns3 JSON file from a GraphML
input file?
Result: For testing purposes, the topology.gns3 JSON file was hard-coded within the
VMP by manually building the conceptual network within GNS3, then exporting the
JSON file that was generated as a result of building the GNS3 project. Further
development efforts are required before the prototype will be able to dynamically convert
the GraphML input file into the JSON format. It is important to note that this
functionality is critical to the operation of the Virtualization Module, and will need to be
completed before MAVNATT is able to function as designed.
Test: Are network devices automatically created and configured within GNS3 based
upon the GraphML input file?
Result: When the topology.gns3 JSON file is loaded into GNS3 through the VMP, the
network simulator automatically creates distinct devices based upon the contents of the
JSON node data. At the time of testing, the conceptual network was manually created
within GNS3 to generate a corresponding JSON file; this file was then hard-coded into
the VMP for future demonstration of how the program will operate in its development
end state. As noted within the results of Unit Test 3, further development to dynamically
convert the GraphML input file into the JSON format is required to enable this
functionality in real time.
5. Network Partitioning
Test: Does the configuration of a MAVNATT virtual network prevent virtual nodes from
interfering with operational network?
48
Figure 22. Network Partitioning Through IP Filtering
49
2. VirtualBox
Each of the VMs share the physical processor of the host machine through the use
of software multiprocessing (SMP). VirtualBox will see each individual thread in a
hyper-threaded machine, however virtual machines should not be configured to use more
central processing unit (CPU) cores than are physically available [3, p. 47].
Solaris 10/11
50
3. Graphical Network Simulator-3
While the published minimum system requirements for GNS3 are a 1.5GHz
processor, 4GB of RAM, and 250MB of free drive space, there are many real-world use
cases from which to determine the resources a particular implementation will require
[24]. The GNS3 network simulator was originally developed to create Cisco network
environments for training purposes [4, p. 2]. A typical Cisco Certified Internetwork
Expert (CCIE) training lab consists of 20–25 nodes and requires the equivalent of an Intel
core i5 processor with 8GB of RAM for a Windows implementation. Figure 23 depicts
GNS3 running our conceptual network on a 64-bit Windows 7 host, with an i7 processor
and 8GB of RAM. Since our prototype operational network includes only four nodes, this
system is more than sufficient, assuming it will not be hosting additional VMs.
However, when all of the VMs within the conceptual network are incorporated
into the GNS3 network, as depicted in Figure 24, the RAM usage rapidly spikes. As
expected, this hardware platform configured with 8GB of RAM is inadequate for eight
51
VMs and four network devices. A system with this hardware configuration could
realistically host two Windows 7 VMs with the minimum RAM allocation of 2GB each.
This would provide the host OS with 2GB, and the remaining 2GB of RAM for the
virtual network devices within GNS3.
D. SCALABILITY
1. VirtualBox
The VirtualBox Main API provides the capability to create, launch, and
communicate with VMs hosted on remote instances of the hypervisor using the headless
vboxmanage command. This feature introduces modularity into the architecture and
enables decoupling of the resource-intensive VirtualBox from the remaining MAVNATT
components, thereby allowing the tool to scale as needed. The VirtualBox Virtual Remote
Desktop Extension (VRDE) feature allows remote access to any running VM. VRDE is
based upon the Remote Desktop Protocol (RDP) originally built into Microsoft Windows,
with additions for universal serial bus (USB) support [3, p. 14]. VRDE works at the
52
virtualization layer rather than relying upon the native Windows RDP server; as such, it
can be used with any OS supported by VirtualBox, including those with a command line
interface (CLI) only. VRDE uses the RDP client provided in all Windows versions and
uses the default RDP port 3389. Enabling the feature in VirtualBox is a straightforward
process, as depicted in Figure 25. Once the feature has been enabled, any computer with
TCP/IP connectivity to the VM can use a standard RDP client to make a remote
connection.
Although GNS3 can run 100+ nodes on a modestly configured host machine [25],
it also provides the Remote Server feature to offload resource demands from the local
host. This feature allows a locally installed simulator to interface with and control
additional instances of GNS3 hosted on remote hosts or cloud-based infrastructure [26].
This feature allows the network environment to scale as widely as needed. As Figure 26
shows, the GNS3 Remote Server feature requires minimal configuration to enable, and
allows any local or remote VMs to communicate across the entire Virtualization Module
environment.
53
Figure 26. GNS3 Remote Configuration Settings
E. SUMMARY
The testing of the Virtualization Module prototype showed that the objectives of
this research are indeed attainable. The APIs for the hypervisor and network simulator
provide sufficiently granular access to each program’s feature set in order to create the
desired virtual environment. Although our testing revealed that the functionality of the
Virtualization Module does not currently meet all of the requirements outlined in Chapter
III, substantial progress has been made toward those goals. The ability to dynamically
convert a GraphML file into a JSON file that GNS3 uses to create the virtual network
environment is a critical design element that is not functional at this time. Additionally,
the RAM requirements of the VMs employed in the Virtualization Module place a
significant resource burden on the host machine. As a result, our testing showed that this
prototype system is best suited to run on an enterprise-class server.
54
VI. CONCLUSIONS AND FUTURE WORK
A. OVERVIEW
B. CONCLUSIONS
The research objective of this work was to determine the feasibility of creating a
virtual copy of an operational network based upon a model of the network using an open-
format graph file. By developing a prototype of the MAVNATT Virtualization Module,
we concluded that this concept is indeed feasible. While the complete functionality that
the Virtualization Module will provide when it reaches its development end state is not
achieved in this prototype, the path forward toward that goal is much shorter as a result of
our research and development efforts.
1. Research Objectives
55
VMDK is a VirtualBox supported virtual machine format, we do not anticipate any
difficulty with importing the virtualized MAST environment.
2. Research Questions
Conclusion: The GraphML file format provides tremendous flexibility in the types of
attribute data that can be stored for each node and edge element; this flexibility provides
the ability to store any characteristic of a host on the operational network. At the time this
work was completed, the VMP was not entirely capable of parsing the GraphML file
automatically, however that capability is close to being functional. We believe that an
additional development will yield a prototype that is capable of fully addressing this
research question.
Conclusion: As discussed earlier, both VirtualBox and GNS3 make their entire feature
sets available to developers through their respective APIs. When coupled with the
tremendous flexibility of the GraphML file format, literally any supported feature
supported by the hypervisor or network simulator can be brought over from the
operational network to provide nearly identical configurations between the two networks.
Secondary question 2: Can the prototype meet the functionality requirements identified
by McBride [1, p. 61], in order to provide a useful training environment?
56
C. FUTURE WORK
There are many opportunities to refine and expand the prototype system through
further research Future work should focus on incorporating additional functionality that
will directly benefit MAVNATT’s intended application: the tactical network. Toward this
goal, the recommendations presented in this section focus on ways to improve the
Virtualization Module for its future integration into the enterprise environment.
1. Software Licensing
With the growing adoption of tactical handheld systems such as the Persistent
Close Air Support (PCAS)/Kinetic Integrated Low-cost SoftWare Integrated Tactical
Combat Handheld (KILSWITCH) devices at the tactical edge of the network [29], further
development efforts to integrate handheld devices into the VMIR would provide greater
capability for virtualizing operational networks. In addition to utilizing MAVNATT to
virtualize the basic components of an operational network, such as routers, switches,
57
desktops, and servers, the Virtualization Module can be used to import any compatible
handheld VM. The Android-x86 platform is a Linux distribution that provides a fully-
functional Android environment capable of running on the x86 architecture [30], and can
be simply imported into a standard hypervisor as a VM, as Figure 27 shows. Once
imported into the MAVNATT environment, these devices can be configured with full
network access, or can be partitioned to simulate an ad-hoc configuration.
59
THIS PAGE INTENTIONALLY LEFT BLANK
60
LIST OF REFERENCES
[3] Oracle Virtual Box User Manual. (2016). Oracle. [Online]. Available:
http://download.virtualbox.org/virtualbox/5.0.12/UserManual.pdf. Accessed Jan.
13, 2016.
[4] J. C. Neumann, The Book of GNS3, San Francisco, CA: No Starch Press, 2015.
[5] Security Technical Implementation Guides (STIGs). (May 21, 2015). Defense
Information Systems Agency (DISA). [Online]. Available:
http://iase.disa.mil/stigs/Pages/index.aspx. Accessed Jan. 10, 2016.
[6] Tactical Networking Systems (TNS). (Jun. 1, 2015). U.S. Marine Corps Concepts
and Programs. [Online]. Available:
https://marinecorpsconceptsandprograms.com/programs/command-and-
controlsituational-awareness-c2sa/tactical-networking-systems-tns. Accessed Jan.
3, 2016.
[7] Latency—Why Is It a Big Deal for Satellite Internet?. (2013). VSat Systems.
[Online]. Available: http://www.vsat-systems.com/satellite-Internet-
explained/latency.html. Accessed Jan. 12, 2016.
[8] N. J. Hayes, “Test Methodology for the Malicious Activity Simulation Tool
(MAST),” Naval Postgraduate School, Monterey, Ca, 2013.
61
[12] WANem The Wide Area Network emulator. (Feb. 2014). Tata Consultancy
Services Ltd., 21. [Online]. Available: http://wanem.sourceforge.net. Accessed
Jan. 21, 2016.
[16] M. Raffic, “Improving Transfer Rate of P2V and V2V Conversion in VMware
vCenter Converter,” VMWare Arena, Jul. 19, 2013. [Online]. Available:
http://www.vmwarearena.com/improving-transfer-rate-of-p2v-and-v2v/. Accessed
Jan. 30, 2016.
[19] System Requirements for Windows Server 2012 R2 Essentials. (Nov. 1, 2013).
Microsoft TechNet. [Online]. Available: https://technet.microsoft.com/en-
us/library/dn383626.aspx. Accessed Feb. 12, 2016.
62
[23] Using Python on Windows. (n.d.). Python.org. [Online]. Available:
https://docs.python.org/3/using/windows.html. Accessed Jan. 30, 2016.
[24] Minimum requirements for GNS3. (Dec. 16, 2014). Gns3.com. [Online].
Available: https://gns3.com/discussions/minimum-requirements-for-gns3.
Accessed Jan. 14, 2016.
[25] Running 100 Routers on GNS3. (May 9, 2012). GNS3 Talk. [Online]. Available:
https://www.youtube.com/watch?v=_NGLsh0KDDk. Accessed Jan. 30, 2016.
[27] T. Greene, “DOD saves $100M a year with new Microsoft licensing deal,”
Network World, Jan. 4, 2013. [Online]. Available:
http://www.networkworld.com/article/2162519/windows/dod-saves--100m-a-
year-with-new-microsoft-licensing-deal.html. Accessed Dec. 12, 2016.
[28] Department of Defense Joint Enterprise Level Agreement. (2014). Cisco Systems.
[Online]. Available:
http://www.cisco.com/c/en/us/solutions/industries/government/us-government-
solutions-services/resources/government-contracts-funding-vehicles/federal-
contracts/jela.html. Accessed Jan. 5, 2016.
[29] K. McCaney, “Marines, DARPA show what real-time air support looks like,”
Defense Systems, Apr. 5, 2015. [Online]. Available:
https://defensesystems.com/Articles/2015/04/07/DARPA-Marines-PCAS-air-
support-demo.aspx. [Accessed Jan. 28, 2016.
63
THIS PAGE INTENTIONALLY LEFT BLANK
64
INITIAL DISTRIBUTION LIST
65