NETLAB+ User Group Meeting Minutes, December 14, 2018
The NETLAB+ User Group had the opportunity to hear from Jason Zeller at Network Development Group (NDG), Jim Cosentino from the Far North Region, and David Hovey, BACCC. Meeting minutes and recorded video have been posted in this article.
Topics covered included:
- NDG NETLAB+ and NDG Online Lab as a Service
- NETLAB+ File Transfer in the North/Far North Region
- NETLAB+ Outage: Symptoms & Lessons Learned
MEETING MINUTES – SUMMARIES
Shawn Monsen, Welcome
- Visit the NETLAB+ User Group website at http://cccnlug.org for great content available; register for full access to site features, including the User Group Forum, and to receive monthly news updates and meeting invitations
- Richard Grotegut encouraged the group to register for the WASTC 2019 Winter ICT Educators' Conference. Registration is filling up and nearing capacity. There will be workshops, really good keynote speakers, and networking events. The hotel block filled up already and another block was opened. Visit www.wastc.org for more information.
Jason Zeller, Network Development Group (NDG)
NDG NETLAB+ and NDG Online Lab as a Service
- Linux Course updates: old exams available until July 1, 2019; new exam objectives have been released and are available now
- Linux Course prices have decreased. Unhatched and Essentials are always free; Linux 1 & Linux 2 is always free for instructors, but is now $29.95 for students
- Linux Unhatched updates:
- It is being updated to promote careers in IT & prepare for CCNA CyberOps. The courses will also be enhanced with an appendix of Linux commands.
- New course curriculum releases:
- NDG A+ v3 (released 8-31-18)
- NDG Security+v3 (released 8-31-18) This has 25 labs and point to security objectives for CompTIA
Hosted Lab Services
- There’s a hosted portal with many labs available.
- The Palo Alto Networks Labs for Beginners is heavily being promoted; the Cybersecurity Gateway labs will continue to be offered for free through May 2019. (The Gateway course is made up of 11 labs and the Essentials course has 12 labs).
- The Linux courses is a prerequisite before entering the CCNA Cyber Ops program
- CCNA CyberOps was recently listed and approved by the Dept. of Defense for their certification for new employees; will be heavily utilized in industry
- California CySa+ - CompTIA mapped certification (10 labs proposed)
- NDG CTF Competition Labs: 3 Capture the Flag (CTF) style labs are coming – skills/tools learned in courses are used to try and break in and capture the flags on a system
- Scenarios map to NDG Ethical Hacking, NDG Security+ and NDG Digital Forensics
- Available by end of Q1 2019
- Small competitions that can be run at user schools
Will there be a Pentax+ coming out?
Nothing has been released yet. If not Jason may try to work on this himself.
It sounds like the competition will be available in NETLAB+ as well as hosted. Will there be a cost for the hosted site?
That hasn’t been determined yet. It’s currently set up in a pod style where you will potentially have a server and as you capture the flags you will have a place to submit them in order to gain points. (Points can be redeemed for hints and questions utilizing the CTFD Platform). However, they are still working on how the CTFD Platform is going to be hosted. (Long term the goal is to embed the platform into NETLAB).
Will labs incorporate Server 2016 in the future?
Yes. The Security+ labs NDG v3 does. (It can be found on the internal network)
Jim Cosentino, Folsom Lake College
NETLAB+ File Transfer in the North/Far North Region
The Palo Alto firewall is being used for the student VMs as a result of a partnership to allow access in NETLAB+.
(Problem) How can students get files/data to their instructors with NETLAB as a closed system that is set up in such a way that nothing gets in/out?
(Solution) Create a simple hole in the firewall to send projects/assignments through Canvas (current LMS system), Google Apps, and Gmail. Only the VMs on that network will be allowed access those programs while on the network using specific allowed IP addresses and those specific identified URL addresses.
What will the student see when they get ready to send something?
They will see a standard browser interface and can only access the URLs allowed within the firewall.
Is this just a subset of the labs that you have set up on the server?
What’s the likelihood of expanding this out to other labs?
I wouldn’t do this with pre-canned labs. If we get something from CSSIA or NDG and it’s designed as a sandbox (closed off) lab; we don’t mess with it. There has been some discussion of possibilities for instructors teaching using other software; that would have to be worked out with the software company regarding licensing and the work would have to be saved elsewhere and loaded/unloaded into the system.
Are you utilizing the Pan 8 firewall for DHCP for each pod?
Response: Yes. Each pod is on a trusted network.
Feedback: The one thing I’ve seen from other schools that employed this same technique is to make sure that the range is large enough for expansion and to restrict your lease to 30 min intervals (to coincide with the user limits) so the leases don’t run on indefinitely.
David Hovey, Cabrillo College, BACCC
NETLAB+ Outage: Symptoms & Lessons Learned
- BACCC NETLAB suffered a severe outage: Everything broke (the software went down including the backup software and left all servers inoperable.) The SAN was the cause of the issue.
- The Synology NAS Systems failed and ignored the backup (hot spare drive) drive and went to the secondary system, which halted at that same time.
- Takeaway: “Don’t trust ‘Prosumer’ level companies to provide Enterprise level support.” (The company was initially unresponsive and slow to action)
- David got everything up and running quickly; months later Synology finally got into the logs and told him what happened. Their response; Back up everything, shut down everything, give them access for week to figure out what happened and they could go from there.
Moving forward, what would you do differently next time?
I would buy an enterprise grade SAN System; Something with 24/7 support.
Comment: (Jim Cosentino, Folsom Lake College) That’s exactly what we did at Folsom. Our SAN is run through our district office and that’s what we were advised to do during the build out of NETLAB. (It wasn’t inexpensive, but worth it).
Comment: (Jason Zeller, from NDG standpoint) All of our platforms are based off of a Synology platform. However, that would just be the main NETLAB systems themselves. When it comes to everything else we use a SSID environment and strongly suggest that everyone utilize a SSID environment especially with features that will be rolled out in 2019. This feature will clone pods off of itself in real-time, eliminating the need to continually build out pods.
- This feature will be available for onsite versions as well
- NDG no longer recommends the SANS for the student pods. Current recommendation is that local storage on all severs have NVME, PCIE, and SSDs. It is recommended to have 2 TB drives. One NVME is used for your masters and the second NVME drive is used for your link clones. This increase speeds drastically.
- In the future, using SSD you will set up a master pod and then at reservation the pods will clone themselves according to the parameters that you put in place ahead of time. However, if you have a progressive style pods (custom lab) there will still be the need for additional storage.
Can you think of a minimum number of pods that you would install for a class that would cover 30 students in a session? Can we practically reduce it to 12 or 8 pods and still service them?
It really depends on your schedule. If you aren’t trying to get them all on at once, you can use a small number of pods (like 3) to service a large number of students. It comes down to teaching methods.