What is a virtual test lab? I’ve read that they are usually expensive and require a lot of space. Are these test...
labs recommended for businesses of all sizes or are they simply a luxury for large corporations?
Until recently, testing complex software applications for functionality, performance or security has been an expensive undertaking. The task typically required a variety of machines with varying operating systems and configurations in order to replicate either your own network or potential client environments. These machines all needed to be networked, configured and maintained, which is a time-consuming and expensive task.
Virtualization has changed all that. Most virtual test labs consist of a computer running an OS like Windows Vista, and virtualization software, such as those offered by VMware Inc. This is called a system virtual machine, generally referred to as the host, and the software providing the virtualization is called the hypervisor. The hypervisor allows multiple OS environments to coexist and run on the same computer at the same time, sharing the underlying physical machine resources. These are called client machines. Client machines work independently from each other and any applications behave as if they were running on their own physical system.
The great thing about a virtual test lab is it can be as small or as large as you want or need. I have one set up on a single laptop. I use VMware Workstation (which costs around $189) to operate my virtual lab, but you could also use SOASTA Inc.’s CloudTest or the free VMware Player. By using virtualization, I can run several different virtual machines at once, which I use to analyze network traffic, test various security configurations, and replicate network attack scenarios.
A virtual test lab greatly reduces your investment in hardware, space and general overheads. By using virtual machines to conduct virtual software testing, you can emulate different computers with differentOSes on a single physical computer. Applications can easily be tested on various platforms and configurations using one machine. Since client machines are just files on the physical disk, you don't have to worry about crashing or misconfiguring the system because with a few clicks the virtual machine file can be deleted and replaced with a fresh copy.
The virtual machines in your test lab can easily be networked to each other, yet isolated from the main corporate infrastructure, reducing the need for firewalls and antivirus software. This also makes them ideal for training users on new applications, as they can’t do any permanent damage.
Many administrators have to maintain a variety of configurations to support staff or customers using different versions of Windows. A single computer can host each configuration for testing and problem solving. For example, if you use the Windows Server Update Service (WSUS), you can create a test group comprised of virtual machines representative of all the computers on your network. You can then approve updates specifically for the test group. Once the updates are tested and checked on the virtual machines, they can safely be rolled out to the rest of the network.
If you intend to run a virtual test lab on just one host machine, choose one with plenty of resources -- RAM, CPU and disk space -- as the virtual guest machines all share these resources. A rule of thumb is, 1GB per operating system and roughly 20GB of space per guest OS. There’s a great article on our sister site, SearchWindowsServer.com, “Configuring a Windows virtual test lab on a budget” which will help you get started.
Dig Deeper on Web application and API security best practices
Related Q&A from Michael Cobb
Pirated software is still a major concern nowadays. Uncover how to prevent software piracy and protect your organization's intellectual property. Continue Reading
Shellcode is a set of instructions that executes a command in software to take control of or exploit a compromised machine. Read up on the malware ... Continue Reading
The popular port scan is a hacking tool that enables attackers to gather information about how corporate networks operate. Learn how to detect and ... Continue Reading