Skip to content

Decompressing and Booting Virtual Machines

This document walks through the process of extracting and starting prebuilt course VM(s) for use in SANS courses.

Note

You will not be creating a new virtual machine with the VMware application. Instead, you wil be extracting and then opening a prebuilt VM custom-created for use in your SANS class.

Preparation

File Extraction Utilities

If you do not already have one of the following archive utilities installed on your host computer, install the appropriate software from the /utilities/ directory of your ISO media file, or download the installer directly from the developer website linked to below. It's recommended to download the latest version of the software, but we include a recent installer on the ISO for convenience purposes.

Microsoft Windows host: 7zip

  • There is an installation binary for the 64-bit version of 7zip in your ISO media file. Alternatively, download and install the latest version from https://www.7-zip.org/. This installer must be run as an Administrator.

Apple macOS host: Keka

  • There is a DMG file with the Keka archival utility in your ISO media file. Alternatively, download and install the latest version from https://www.keka.io. This application should be installed to your host by double-clicking the DMG file and dragging the Keka icon to your "Applications" directory.

Virtualization Software

Virtual machines used in SANS courses require the use of VMware virtualization software. As of May 2024, VMware allows for its Workstation Pro application for Windows and Fusion Pro application for Mac to be installed for free for personal use. Visit the following announcements from VMware for more details:

Note that the installers for these applications are available in your SANS portal with the other downloadable files for your course. They can also be accessed from the links above.

VMware Image File Extraction

After verifying that you have the proper archive utility installed, decompress the virtual machines from their respective archive files. If your course provided a virtual machine in the "Priority - Required for Day 1" section of the Course Downloads page, as described in the previous "Downloading Course Materials" section, the archive will be separate from the mounted ISO image. If the ISO media file for your course contains virtual machine archives, extract the /virtual_machines/*.7z files from the mounted ISO volume to a preferred location on your host system. Depending on your system and the size of the virtual machine, this may take several minutes to complete.

Warnings!

  1. Due to the significant size and the dynamic nature of virtual machine files, do not extract your virtual machine(s) to a directory that synchronizes with a cloud storage service such as OneDrive or Dropbox.
  2. Extract virtual machines contained within the mounted ISO volume. Do not copy 7zip archives from the mounted ISO volume to your host, then extract the virtual machines. Doing so will use significantly more disk space than needed and will take extra time unnecessarily.
  3. If your course requires multiple VMs to be extracted, please ensure you extract each 7zip archive into its own, separate destination directory. Housing the content for multiple 7zipped archives within the same directory may result in errors due to VMware-created log files being clobbered/overwritten each time one of the VMs was booted.

Notice

Content and screenshots in this section are examples and do not reflect your specific course ID and name.

Using 7zip on Microsoft Windows

Windows 10:

  1. Right-click the filename of the archive you want to extract.

  2. Select "7-Zip"

  3. Then select "Extract files..." and choose the desired destination directory.

    Opening a 7zip archive file with the 7zip utility on Win10

Windows 11:

  1. Right-click the filename of the archive you want to extract.

  2. Select "Show more options"

    Opening a 7zip archive file with the 7zip utility on Win11

  3. Select "7-Zip"

  4. Then select "Extract files..." and choose the desired destination directory.

    Opening a 7zip archive file with the 7zip utility on Win11

Using Keka on Apple macOS

Right-click the filename of the archive you want to extract. Select "Open With" and then "Keka". Choose the desired destination directory.

Opening a 7zip archive file with Keka

Booting Virtual Machines

Troubleshooting VM Installation

If you encounter problems with the VM setup process, please see the Troubleshooting VM Startup and Performance section toward the end of this document.

Note

Screenshots in this section depict VMware Workstation Pro 17.0.0 on a Microsoft Windows 10 host and VMware Fusion 13.0.0 on an Apple macOS Ventura 13.1 host. Your view may differ slightly with a different host operating system, VMware product, or VMware product version. All core concepts should be reasonably equivalent. If in doubt, ask your instructor, TA, or SME for assistance in getting the VMs set up.

Your course may have more than one virtual machine. If so, they may need to be used individually or together. The lab instructions for your course will indicate the virtual machine(s) to use at the appropriate time.

VMware Workstation Pro on Microsoft Windows

  1. Run the VMware Workstation Pro application and open the *.vmx file for the virtual machine you wish to load. You must "Open" the existing virtual machine(s) that you have extracted - do not use VMware's "Create" or "Import" functions. Note that the .vmx extension may be hidden, so the Windows File Explorer may reflect a filename without an extension and a type of "VMware virtual machine configuration".

    • Alternatively, locate the *.vmx file in the Windows Explorer interface and double-click that file to open the virtual machine in VMware Workstation Pro. Note that this may automatically boot the virtual machine.

  2. Recommended: Take a snapshot of the virtual machine prior to making any changes or booting the virtual machine for the first time. (This feature is not available in VMware Workstation Player for Windows.)

  3. Click the "Power on this virtual machine" link.

    VMware Workstation power on/resume buttons

    Depending on your software version, VMware may prompt you to "Upgrade this virtual machine". Click "Upgrade" if you see this dialog.

    When asked if you "moved or copied" the virtual machine, click "I copied it".

VMware Fusion on macOS

  1. Run the VMware Fusion application and open the *.vmx file that you extracted. You must "Open" the existing virtual machine(s) that you have extracted. Do not use VMware's "Create" or "Import" functions. Note that the .vmx extension may be hidden.

    • Alternatively, locate the *.vmx file in the macOS Finder interface and double-click that file to open the virtual machine in VMware Fusion. Note that this will automatically boot the virtual machine.

  2. Recommended: Take a snapshot of the virtual machine prior to making any changes or booting the virtual machine for the first time.

  3. Click the "Play" icon to start the virtual machine.

    VMware Fusion power on/resume button

    Depending on your software version, VMware may prompt you to "Upgrade this virtual machine". Click "Upgrade" if you see this dialog.

    When asked if you "moved or copied" the virtual machine, click "I copied it".

Troubleshooting VM Startup and Performance

Please note the following potential issues which may require troubleshooting:

  • When attempting to boot the VM, if you see an error message that the host is VT-capable but VT is disabled, refer to the following document: https://sansurl.com/bios-vtx

  • When attempting to boot the VM, if you see an error message related to Device or Credential Guard, refer to the following document: https://sansurl.com/credential-guard

  • If your host operating system is Microsoft Windows and you experience especially poor performance with your VM(s), refer to the following document: https://sansurl.com/win-powercfg

  • Some course VMs support copying files between hosts and VMs using SMB/SAMBA shares. If you're system has trouble accessing such shares, refer to the following document: https://sansurl.com/smb-shares

Logging Into Virtual Machines

After the virtual machine boots, you may need to provide login credentials or the virtual machine may automatically log you in. If credentials are needed, see the "Virtual Machine Credentials" section at the end of your course's Lab Setup Instructions PDF file. All login credentials are also displayed in the respective virtual machine's information panel. Below are screenshots showing the login credentials under VMware Workstation and VMware Fusion, respectively.

Virtual machine information panel showing login credentials in VMware Workstation Virtual machine information panel showing login credentials in VMware Fusion

It is critical that you do not upgrade software within the virtual machine unless specifically directed to do so in the lab instructions. Your virtual machine has been extensively tested in the configuration which it was distributed. SANS cannot ensure your labs will function properly if the software is updated.