Case Study / Blackfin Security

"When we provide live, on-demand security training environments to our students, we need them to operate identically to a datacenter environment. By integrating with Ravello, we gained access to the scalable compute resources of the public cloud, software defined networking, direct VMware importing of systems, and predictable, usage-based pricing. We no longer have to worry about the logistics and costs of bursting to handle large capacity events. Ravello is an ideal fit for us."
Brad Geesaman
CTO, Blackfin Security
Blackfin Hacker Academy

Case Study Highlights

Blackfin Security offers self-paced online security training through ‘The Hacker Academy’ and cyber warfare threat simulations as a service. Blackfin uses Ravello to handle its lab environments for Hacker Academy students as well as to host immersive threat simulation events.

By directly leveraging Ravello’s API, Blackfin has been able to provide a much richer user experience to its students, and scale on-demand as Ravello runs on AWS and Google Cloud (Tier 1 cloud providers).

With Ravello, Blackfin has seen an increase in customer engagement measured by an increase in on-demand lab usage, as well as an increase in average training session duration. Further, it has reduced the cost of training delivery because of 83% reduction in provisioning time to import and publish updated training VMs into live service by 83% and also saved Blackfin over 75% in monthly costs relative to the boutique cloud providers.

Blackfin Security is a leading provider of online security training, immersive threat simulation training, security awareness training, and phishing assessments to a large number of companies – ranging from mid-sized to Fortune 500. Blackfin was started with the goal to bring a “hands-on” approach to online security training. The Hacker Academy, an online, self-paced subscription-based security training portal, combines self-paced technical courses with live, virtual labs to put the skills to practice. Blackfin Security also offers onsite or on-demand threat simulation events – similar to “War-games” style Capture-the-Flag (CTF) – for individuals and organizations looking to safely assess their understanding of live threats in a realistic virtual environment.

The Hacker Academy Lab & Immersive Threat Simulation Environments

The Hacker Academy’s online virtual labs typically comprise 2-4 Virtual Machines (totaling to 4 VCPUs, 8GB RAM), with labs for the advanced courses needing more resources. The labs consist of a Kali Linux system (a Debian based Linux distribution that is specifically designed for digital forensics and penetration testing) and one or more purpose-built systems designed and configured for each lab objective. Students can quickly launch their own private lab environment and get right to practicing their web, server, and network attacks.

In order to handle Immersive Threat Simulation events ranging from 10 to 1,500+ participants, Blackfin Security uses Ravello’s API to programmatically generate comprehensive distributed environments in minutes. The environments consist of 10 to 350 VMs running a range of operating systems, VPNs, firewalls, and intrusion detection systems – with load distributed to ensure the optimal user experience. By leveraging Ravello’s ability to run environments in multiple geographic locations, Blackfin can bring the event even closer to the participants around the world.

Blackfin application architecture

Blackfin Security’s Requirements

To provide live virtual training and immersive threat simulation environments, Blackfin had some very special needs:

  • No CapEx investments – Blackfin often experiences highly variable workloads depending on the time of day and number of students currently using the virtual labs. Blackfin wanted to avoid maintaining a fixed-capacity datacenter and cost-effectively leverage the utility of the cloud.
  • Scale on-demand – To accommodate spikes in demand, Blackfin needed a platform that was able to scale high as demand required without impacting the user experience.
  • Zero change deployment – Blackfin’s courseware library and threat simulation environments are comprised of hundreds of VMware based Virtual Machines (VMs) with unique networking and topology requirements. It was extremely important to be able to deploy these systems in the public cloud without any changes.
  • System Development Fidelity – To eliminate undesired differences, it was extremely important that the systems behaved identical in production Ravello environment used by the students, to the course developer’s local VMware environment. Everything from the network topology, network addressing, to the actual VM configuration had to be maintained without modification.
  • Launch environments ‘on-demand’ – Blackfin needed the ability to launch customized virtual training lab and threat simulation environments via an API and control all aspects of the launch, the configuration, duration, and console access.
  • Consistent user experience – Blackfin wanted to simplify their students’ user experience when interacting with their virtual environments by making them appear as an integrated feature of The Hacker Academy’s course workflow instead of redirecting the student to another website.
  • Usage-based costs – To reduce the overall operating expense, Blackfin was looking for a strictly usage-based pricing model.

Challenges Encountered with other Solutions

Before Ravello’s solution was launched, Blackfin leveraged other cloud-based solutions to handle their virtual environment needs. With AWS VPC, they quickly realized that they would need to make significant changes to networking and configuration for their existing VMware VMs to be able to run natively. With other providers, Blackfin found itself losing control of the user experience as the students were redirected to a third-party website with a very different look and feel while the VM was starting up. In addition, they ran into quota-based billing that was not suited for their highly variable usage.

Ravello – A Perfect Match for Blackfin Security’s Requirements

When Ravello was launched as a public beta, Blackfin Security tried Ravello and found it to be an ideal match for Blackfin’s requirements. Over time, Blackfin has transitioned all its virtual lab environments to Ravello. Here is how Ravello delivered on Blackfin’s requirements:

Blackfin’s Requirement How moving to Ravello helped Blackfin?
No CapEx investments Ravello’s solution allowed Blackfin Security to deploy their virtual training labs on Google Cloud and AWS, eliminating the need to build their own Data Center.
Scale on-demand With Ravello, Blackfin was able to spin up as many environments as needed to absorb the peak loads. Since Ravello runs on AWS and Google Cloud (Tier 1 cloud providers), there is never any shortage of capacity, quota, and overage concerns. Additionally, with the application blueprint feature, Blackfin was able to take a snapshot of each of the virtual lab environments, and clone to deploy new instances of the environment through Ravello’s API as needed.
Zero change deployment Ravello’s High performance nested hypervisor (HVX) and Software Defined Networking (SDN) ensured that VMware VMs in Blackfin’s environment could run on Google Cloud and AWS without needing any modifications.
System development fidelity Ravello’s SDN & Blueprint features ensured that Blackfin’s production training lab mirrored the course developer’s local VMware environment - there was no loss in fidelity (same configuration, setup, networking and storage).
Launch environments ‘on-demand’ With Ravello’s API support, Blackfin was able to integrate the process of creating new instances of virtual training lab at student’s click, and shutting down instances once the training objectives were completed.
Consistent user experience With Ravello’s API integration into Blackfin’s environment, Blackfin was able to keep the user on Blackfin’s portal until the virtual lab was up and running. Furthermore, Blackfin was able to provide a richer user experience through a progress-bar that indicated the time left before virtual training lab was deployed and available for use.
Usage-based costs Ravello is Software as a Service (SaaS) offering and Blackfin only gets charged based on actual service usage.

The Hacker Academy’s Integration with Ravello - Goal: Consistent User Experience

Blackfin is able to provide a consistent user experience to its students through API integration with Ravello. Here is an example -

1. Student goes through the self paced online video of the course, and takes a quiz soon after Self paced online video

2. Student reads the instructions for the virtual lab Instructions for virtual lab

3. Student starts the virtual lab. This results in API call to Ravello create an instance of this lab from saved Blueprint and publish to the Cloud Provider (AWS or Google Cloud) Start the virtual lab

4. Progress bar shows that publish to cloud is in progress. Once ready, it changes to ‘Access’. The status for the progress bar and Access is powered using Ravello APIs. Publish to cloud progress

5. Upon clicking ‘Access’, the student is able to access the virtual lab environment through Ravello’s console Access virtual lab environment

6. Hacker Academy Administrator can control the virtual lab for the student through Ravello’s rich user interface Control virtual lab

Results with Ravello

Blackfin Security has benefited in several ways since moving to Ravello for its virtual training labs. The tight integration between Hacker Academy and Ravello through APIs has led to a richer user experience for students, resulting in a higher level of student engagement. This is evidenced by an increase in the number of virtual lab launches, and also an increase in average session duration across its user-base.

Deployment of virtual training labs using Ravello has also reduced operational overhead for Blackfin Security. Before deploying on Ravello, Blackfin would spend 6+ hours on an average to ‘pack’ and ‘publish’ a new virtual training lab. By switching to Ravello, they have been able to reduce it to less than an hour. Further, cloning through blueprints has made it easier for Blackfin to make incremental changes to the virtual labs and deploy them to production.

Finally, with Ravello’s usage based pricing, Blackfin has saved over 75% relative to boutique cloud providers while increasing their ability to scale as needed with consistent pricing. In some cases, because their previous cloud providers charged for fixed capacity and overage rates, Ravello saved them up to 90%.

Encouraged by this success, Blackfin has expanded its immersive threat simulation offering to also be available on Ravello, as Ravello can handle running both small and very large, highly complex, on-demand threat scenarios, while offering same benefits as it did to The Hacker Academy individual training lab environments.

About Ravello Systems

Ravello is the industry's leading nested virtualization and software defined networking service. It enables enterprises to encapsulate their complex VMware workloads and clone them in AWS without making any changes. Now enterprises can spin up development, test, UAT and staging environments on demand and significantly increase agility. Ravello is built by the same team that developed the KVM hypervisor in Linux.

Body Class: