Ask Slashdot: Safe Learning Environment For VMs?

First time accepted submitter rarkian writes "I am the teacher in this story. I teach Python and C++ to high school students: grades 9-12. I use CentOS 6 with DRBL to run my computer lab. Some of my students have become Linux experts. Next year I'm planning on allowing students to create and run their own VMs in a segregated LAN. Any advice on which virtualization technology to use and security concerns with allowing students to be root in a VM?"

VM is irrelevant

[onyxruby]

The fact that your using VM's is largely moot and goes back to the line of thought that VM's are somehow not 'real' computers. VM's run the same operating systems, software, have the same bugs, vulnerabilities and everything else as a physical computer. You need to patch them just like any other computer and you need to license them just like a regular computer. The fact that they are VM's really only makes two differences practical differences that matter, fist is that is easy to roll them back and second is that your aren't running on bare metal.

In other words you have a core issue that needs addressed of giving students root access to a computer. In an isolated environment this isn't necessarily a bad thing. Understand that they exploit root and see what they can do with it, however they are there to learn and if you can do so safely and without disruption of what your trying to teach then let them. Your focus needs to be on making it safe for those around them and that means making sure your VLAN and any related Internet access are properly setup. The lab is a lab and as long as you can make sure they aren't getting access to anyone persons computer than let them have at it.

A good rule of thumb is to roll your sessions back prior to the start of every single class. This always gives a fresh machine and the students will quickly learn how to set their VM just the way they want it.

Re:Set up VLANs

[TheCarp]

> This is Linux were talking about. What could you possibly teach them without an internet
> connection? The only use I see is teaching shell scripting or something, since other tasks like
> package management, and sane server configuration kinda require an active internet connection.

Well Python, that is what he said he wanted to teach them :)

Beyond that, you are right, I say, the key is not security but recovery. Template boxes so that a new VM can be spun up effortlessly, then let them have at it. Segment the lab off from the rest of the network, maybe let the lab out to the internet, but not to the schools internal network.

However the key is, you can always blow away a machine and reimage it to get class moving, so there is no real danger in letting them play. Hell, I took a class that taught us administration and hacking eachother's machines was explicitly allowed, as long as it stayed in the lab. (we were also required to create a guest account as one of the exercises)

Gives the advanced kids who are bored with the class something to do that lets them learn too; I certanly had fun.