[K12OSN] teaching kids sys admin with VM's

Jim Kronebusch jim at winonacotter.org
Thu Jan 17 21:15:29 UTC 2008

On Thu, 17 Jan 2008 08:48:45 -0800, Robert Arkiletian wrote
> Wondering if I could run k12ltsp 5EL for a full class of 30 kids. But
> in addition to the ltsp environment, each kid also have a vmware VM so
> I can teach them to install/configure a Linux OS.

Sounds like you might have a ton of options, just not sure what would be best :-)

> My students like Linux but many of them are not comfortable installing
> it at home. One of the main barriers is that they have no experience
> installing/configuring an OS. They never get a chance to be root in my
> class. I could also teach them how to setup their own apache web
> server.

Good idea, here the class that does this uses stand alone boxes.  But they have plenty
of physical space, and only about 15 students.

> Problem: what are the sys req of such a box?
> Could this handle it:
> dual  -  quad core Xeons/Opterons (8 cores total)
> 16GB ram (approx 512MB per person)
> 4 15k rpm scsi in a raid

Not sure.  Sounds very similar to my LTSP box, which handles 75 simultaneous client
connections without a problem.  But I don't know how many VM's it would handle.  Say you
gave 512MB Ram to each VM, 16GB should handle 30 sessions and 2GB left for the server
(in a perfect world).  I don't know how efficiently the processes would be split among
the cores, my guess is it would handle 30 with minimal use.  Let us know :-)

> Any pitfalls people see?
> For one I am wary of kids installing games in their VM's. I can't
> restrict what they do in their own VM's.
> I am also worried their VM's may break my ltsp setup. Could that happen?
> Also that they would start services on eth1 (outside network). Maybe I
> can restrict this, not sure. Wondering if this idea would be better on
> it's own box on the internal network. If so then how would they access
> it, vnc, nx?
> ideas, comments welcome.

Anyhow, I don't think I'd be brave enough to try to run this on my LTSP server.  I guess
I'd see a VNC connection from the LTSP box to your VM ware server.  I'd put the VM
server on it's own network headed up by something like IPCop with Block Outgoing Traffic
installed.  Then you can allow the incoming VNC connections, but use Block Outgoing
Traffic to block any outgoing ports you want to be certain won't mess with your main
network.  Then you can block everything from 1023 down except for 80 for net access and
downloads.  You could then allow them to configure dhcp, apache, nfs, etc, without any
worries.  You also wouldn't have to worry about them accessing NFS shares on the "real"
network by becoming root as you can block outgoing and incoming ports for NFS.

A good person to contact would be Jeremy Anderson (jeremy at angelar.com).  He works at
Hennepin Technical College and helped us host our nclinux.net conference last summer.  I
think he did exactly what you want to do for his classes.  He used Xen, and built some
scripts to create the images automatically.  I think he could tell you exactly what you
need to know for reference on how to set it up and how many VMs can run at once.  I
think he had a single quad core opteron and was happy with the performance, but I don't
remember how many were concurrent.

Hope that helps,

This message has been scanned for viruses and
dangerous content by the Cotter Technology 
Department, and is believed to be clean.

More information about the K12OSN mailing list