I am currently sitting here in Las Vegas waiting to start a long day to do what I can to help setup SANS Security 2010. It is a lot of work but when I think about it, I owe the SANS people and my employer, Texas A&M University, a lot for providing me this opportunity. Through the SANS work study program, SANS has made the costs economical enough for my employer to be able to send me. I have been able to obtain six GIAC certifications and plan on renewing and obtaining at least one more before the year is out.

Through working with many of the instructors in the work study program, I have gotten to know them behind the scenes. In the last ten years, I have attended a large number of conferences and training sessions and I can tell you that all of the SANS instructors are hands down the best in their fields.

Back at home in Texas, folks have two great opportunities coming up.

SANS San Antonio - http://www.sans.org/san-antonio-2010/
SECURITY 504 in Houston - http://www.sans.org/houston-2010-cs/description.php?tid=4347

Both of these events promise to be the high quality that you normally expect from any SANS conference.

Too cool. Today I started thinking about a wiki that I have running on a Virtual Machine under VMware ESX. Wouldn’t it be cool if I could just down load a Virtual Machine from ESX and start it up under VMware Workstation on my desktop? Well that is absolutely what you can do. It works like a dream.

The following was performed with vSpear Client version 4.1.0 and VMware workstation 6.5.4.

Bring up the VMware vSpear console and select the VM view its settings. Open the Summary, right click on the datastore volume under the Resources window and select “Datastore Browser”. From there, in the popup window you browse to the directory that contains the Virtual Machine of interest. Once the directory is selected you can click on the “Download a file from this datastore to your local machine” button at the top and select a location on the local machine. Once the download is complete, simply open VWware Workstation and selected the “.vmx” file that was downloaded and VMware workstation will happily read it in.

The next thing that I recommend is that you edits its settings and disable its network interface so that you do not create any unforeseen issues on the network. Start the virtual machine and configured it to use DHCP rather than the static IP address that was previously configured. Shutdown the machine and configured the network to use NAT and enabled it. Start the virtual machine back up and it was good to go. You are now able to connect to the local wiki just as I am able to connect to the one on ESX and in production.

I am confident that I could have just started the virtual machine and reconfigured the network and restarted and all would have worked as well. But I wanted to make sure that everything is nice and clean and set the way that it is supposed to be. That way, after I have slept and forgotten everything, it still works the next time that I start it.
So what does this mean? The good thing is that it that the WIKI that has all of our documents on how we have machines set up and configured can now be downloaded and brought up anywhere in the case of disaster recovery. The bad thing is that it means that anyone that has access to your datastore can easily download a copy of your virtual machine and bring it up anywhere and you will/may never know. I guess that if someone has access to your VMware datastore, you have far bigger issues than worrying about whether they have downloaded a virtual machine, they can simply delete it, so make sure you know who has access to it and how.