One-click cyber range for security training

Context

A research university cybersecurity program needed reproducible lab environments for risk assessments, penetration testing, and forensics coursework. Students were spending more time fighting environment setup than doing actual security work, and lab state diverged across cohorts.

Problem

• Lab provisioning was manual — multi-day process per cohort
• Environment drift made coursework non-reproducible across semesters
• No fault tolerance — a single misconfiguration could break a class

Approach

Built a one-click, scalable, automated Cyber Range simulating a full enterprise IT environment:

• Multiple subnets, a DMZ, Active Directory, web / email servers, firewalls, IDS / IPS, and a centralized ELK stack
• Containerization with LXC, KVM, QEMU, Proxmox, and cloud-init for consistent base images
• Ansible-driven configuration management for self-healing, fault-tolerant lab infrastructure
• Applied DevOps and SRE best practices — immutable images, declarative state, automated recovery from failures

Outcome

• Lab provisioning time: days → minutes
• Reproducible labs across semesters and cohorts
• Self-healing infrastructure — student errors no longer broke shared labs
• Used as a teaching platform for risk assessments, pen testing exercises, and forensics labs

Stack

Proxmox, KVM, QEMU, LXC, cloud-init, Ansible, ELK (Elasticsearch / Logstash / Kibana), Suricata IDS, pfSense, Active Directory.