Thursday, February 7, 2013

Creating a Citrix VDI for Digital Forensic Analysis


                If the past few weeks have taught me anything so far, it would be that the process of creating a Citrix environment is rather difficult.  What seemed like it would be rather cut and dry installing and setting up a few basic parameters has easily turned into what may be the hardest part of the project. 

                My initial issue was attempting to find a location that I could actually set a miniature virtual environment up in.  My first thoughts were almost to the level of Inception – a virtual machine hypervisor hosting a virtual machine domain controller delegating IP’s to multiple virtual machines that are each being hosted by…surprise!,  a virtual machine (Citrix’s vdiManager).  For any of you that follow meme’s, I’m pretty sure Xzibit would have something to say about my attempt here (if you don’t get the reference, see here).  Needless to say, it was an idea I dropped pretty quickly and went on to finding some hardware that I could use instead.



                Fortunately, the Senator Patrick Leahy Center for Digital Investigation (LCDI) has multiple servers, and one of them wasn't currently in use.  This gave me the server that I needed for my hypervisor, and from here I was able to start moving forward.  The first go around with real hardware involved setting up an ESXi 5 hypervisor on the Dell Server that would be used to host a virtual machine of XenServer.  After doing some quick setup with this, which was rather painless, I ran into a few roadblocks.  Attempting to create a Windows virtual machine using XenServer hosted on top of ESXi 5 prompted multiple errors and wouldn’t allow for appropriate virtualization to ensue.  Turns out I managed to overlook the fact that XenServer is a hypervisor and not similar to Windows Server that would rest on top of a hypervisor.

                It tends to work out more often than not that the third time is the charm, and so far my third attempt is looking that way.  This go around, I installed XenServer as the hypervisor on the server and then hosted vdiManager to it.  I am using Citrix’s VDI-in-a-Box (ViaB) to quickly set up a small environment that doesn’t require multiple protocols and variables to be put into place that their other programs, such as Virtual Desktop, would. 


There have definitely been a few stopping points that have been frustrating, but it’s more little things on the internal network that I needed to tweak.  For example, it was necessary to create a new domain controller due to limitations and restrictions set in place on the current domain controller.  After I recognized a few of the simple networking problems, moving forward started to become easier and easier.

Setup Overview for VDI-in-a-Box

The next frustrating stop with my process came very quickly, though, and again I started face-palming every few minutes wondering why I couldn't get it working.  In order to host a VM to vdiManager to create a base image, RDP needs to be configured as does File and Printer sharing.  Although this is one of the most basic things to do on a computer, my virtual machine just wouldn’t have it.  Yet again though, some quick network troubleshooting and I noticed that the DNS was incorrect, changed it, and the settings were up and running.  Finally, at long last, the conversion to upload the image was beginning. 

Stepping back from the setup process of the environment, it is important to take a look at the semantics of this project and the blogs that I will be writing.  My initial blog post stated that I would be looking at the difference between persistent and non-persistent VDI’s.  Though this is still the case and nothing has changed, ViaB uses different terminology to describe these two states of an image.  A persistent image is known as a “personal desktop”, and a non-persistent image is referenced as a “pooled desktop.”  Please take note that, although I will try to keep my own wording consistent, there may be images and references throughout to pooled versus personal desktops.

Template setup for Pooled vs Personal  (Non-persistent vs Persistent)

Check back in the near future for more updates on the progress of this project.  The environment should be finished setting up soon, and not too long after the real fun should start!  

Please feel free to leave any comments and/or suggestions for me!

3 comments:

  1. Don't forget to make sure your VM's are in a "ready" state and not "unregistered" ;)

    ReplyDelete
  2. I think VDI-in-a-Box bypasses the need for them to be registered, which is rather convenient in terms of getting it set up quickly. I didn't need to install any of the additional components on the XenServer itself, such as a desktop director interface.

    The most important thing with ViaB is to remember to assign users to templates and to ensure the client machines have Citrix Receiver installed - this threw me for a loop for quite a while. I didn't realize that a simple RDP connection was not enough!

    ReplyDelete
  3. Thank you for this interesting article Ethan. From a computer forensic point of view, if I need to collect say a virtual user data where and how I can get this on the citrix XenServer?

    ReplyDelete