Introducing Nested Virtualization in Windows Server 2016

Nested Virtualization Background

Windows Server 2016 Technical Preview 4 contains a new nested virtualization feature that IT groups have been asking for ever since the first version of Hyper-V. If this is the first time that you have come across this concept, nested virtualization provides the ability of running a virtualization environment inside a virtual machine (VM). You may ask, why would I do that? One of the most common uses for nested virtualization is in a training environment as it reduces the number of physical servers needed to run hypervisors to train users.

In short, nested virtualization allows you to install the Hyper-V role on a physical server, create a VM that executes in the Hyper-V hypervisor, install and run the Hyper-V role in that VM, and create a new VM inside the original VM. Modern day hypervisors like Hyper-V leverage hardware virtualization support from Intel and AMD processors to run virtual machines. However, it is only in this latest version of Windows Server that the Hyper-V hypervisor exposes those critical hardware virtualization features directly to virtual machines.

Deployment Requirements for Nested Virtualization

Before you can deploy nested virtualization, you must configure your environment to meet the minimum requirements that are described here.

For the physical host:

  • Windows Server 2016 Technical Preview 4 with all updates installed
  • Intel processor with Intel VT-x enabled (e.g., AMD-V is not yet supported)
  • 16 GB minimum RAM recommended (RAM for the host and the nested hypervisor)
  • Device Guard disabled
  • Virtualization Based Security (VBS) disabled

Nested VM running Hyper-V

  • Windows Server 2016 Technical Preview 4 with all updates installed
  • Minimum of 4 GB RAM for startup (8 GB recommended)
  • Dynamic Memory disabled
  • MAC spoofing enabled
  • Disk space capacity to host the VMs and files such as ISOs
  • Generation 2 VM (recommended)

Configuring a Hyper-V Host to Support Nested Virtualization

In this section, you learn how to prepare the physical host to support nested virtualization. Follow the procedure below prior to the creation of the VM in which you plan to install the Hyper-V role:

  • Ensure the physical host meets the recommended requirements to run Hyper-V (Intel VT-X, 16 GB RAM, 1 OS disk, 1 data disk for VM storage, 1 Gb NIC)
  • Install Windows Server 2016 Technical Preview on the host (use at least a 8 GB USB stick to create bootable installation media)
  • Configure the physical server with all of the latest updates
  • Install the Hyper-V role with Server Manager or PowerShell (reboot the server after installation is complete)
  • Ensure that one NIC is enabled as a Hyper-V Network Switch
  • Ensure that Device Guard is disabled

Once all of these steps are complete, then you can configure a VM for nested virtualization.

Configuring a VM for Nested Virtualization

Once the physical host is properly configured, you can create a VM to support nested virtualization. Use the following procedure as you provision a new VM on your physical host:

  1. Create a VM using the following example configuration:
    • Name – NestedHost
    • Generation – Generation 2 VM
    • RAM – 8 GB with dynamic memory disabled (minimum recommended)
    • Network – 1 NIC (minimum recommended)
    • OS Storage – 127 GB
    • Data Storage – Configure an additional VHD and size it based on how many VMs you plan to create and run. Also, consider making it a fixed disk.
    • Processors – 2 processors (minimum recommended, based on your workload)
  2. Install Windows Server 2016 Technical Preview 4.
  3. Configure the VM with the same updates as the physical host.
  4. Configure the data disk with a GPT partition using the NTFS format.
  5. Enable the high performance power configuration.
  6. Shutdown the VM once the configuration is complete.

You must now enable nested virtualization and MAC spoofing in the new virtual machine. You can do this manually using PowerShell, or run a publicly available predefined script to configure a VM and enable nested virtualization. If you would like to do this task manually, you can open a Windows PowerShell window with Administrator privileges, and then run the following PowerShell cmdlets to enable nested virtualization and MAC spoofing.

$VM = “NestedHost”

Set-VMProcessor -VMNAME $VM -ExposeVirtualizationExtensions $true

Set-VMNetworkAdapter -VMNAME $VM -MacAddressSpoofing on

If you are not comfortable running the individual PowerShell cmdlets and would rather execute scripts that were created by the product group, then you can navigate to and retrieve them from this link. From that website, you will find two scripts:

  • Enable-NestedVM.ps1 – enables the required settings for nested virtualization
  • Get-NestedVirtStatus.ps1 – verifies that the host and VM are properly configured

In order to verify that the physical host and the VM are properly setup using the script named Get-NestedVirtStatus.ps1, follow these steps:

  1. Open a Windows PowerShell console with Administrator privileges.
  2. Execute the Get-NestedVirtStatus.ps1 script.
  3. Review the report that describes what is enabled and disabled, as well as whether the physical host and the VM support nested virtualization. The format of the report will be similar to the following information:

The virtualization host SERVER2016 supports nested virtualization: YES

Computer                                         : SERVER2016

Manufacturer                                   : Hewlett-Packard

Model                                              : HP XXXXX

ProccessorManufacturer                  : GenuineIntel

Product Name                                  : Windows Server 2016 Technical Preview 4

Installation Type                              : Server

Edition ID                                         : ServerDatacenter

Build Lab                                          : 10586.63.amd64fre.th2_release.160104-1513

HypervisorRunning                          : True

FullHyperVRole                                : True

HostNestedSupport                         : True

HypervisorLoadOptionsPresent       : False

HypervisorLoadOptionsValue          :

IumInstalled                                     : False

VbsRunning                                     : False

VbsRegEnabled                                : False

BuildSupported                                : True

VbsPresent                                       : False

 

Looking for VMs…found 1 VMs.

Validating virtual machines…done.

 

The virtual machine NestedHost supports nested virtualization: YES

 

Name                                               : NestedHost

SupportsNesting                              : True

ExposeVirtualizationExtensions       : True

DynamicMemoryEnabled                 : False

SnapshotEnabled                             : False

State                                                 : Off

If for some reason either the physical host or the VM do not meet the required configuration to support nested virtualization, then you can use the Enable-NestedVM.ps1 script to automatically configure the system.

In order to execute the Enable-NestedVM.ps1 script, follow these steps:

  1. Open a Windows PowerShell console with Administrator privileges.
  2. Execute the script with the VM name as a cmdline parameter.

.\Enable-NestedVM.ps1 -VMNAME “NestedHost”

  1. A report is generated that describes if the VM is configured to support nested virtualization. If the VM is properly configured, you will see the following messages:

PS C:\test> .\Enable-NestedVm.ps1 -vmName “NestedHost”

This script will set the following for NestedHost in order to enable nesting:

None, vm is already setup for nesting

  1. If the VM is not properly configured, you will see the following messages:

PS C:\test> .\Enable-NestedVm.ps1 -vmName “NestedHost”

This script will set the following for NestedHost in order to enable nesting:

Virtualization extensions will be enabled

Optionally enable mac address spoofing

Input Y to accept or N to cancel: Y

WARNING:
Nested virtualization is an unsupported preview feature. Hypervisors other than the Hyper-V hypervisor running in a guest virtual machine are likely to fail. Furthermore, some Hyper-V features are incompatible with nested virtualization, such as dynamic memory, checkpoints, and save/restore.

Mac Address Spoofing isn’t enabled (nested guests won’t have network).

Would you like to enable MAC address spoofing? (Y/N) Y

  1. If the VM RAM setting was configured to less than 4 GB or dynamic memory was enabled, then the report will prompt you to set the minimum memory to 4 GB and disable dynamic memory.

Configuring a VM with the Hyper-V Role

Now that the VM is configured to support nested virtualization, you must install the Hyper-V role in the VM. You can use the following procedure to properly configure the VM:

  1. Open the Hyper-V Manager console, and start the VM named NestedHost.
  2. Log into the NestedHost VM as the local administrator.
  3. Using Server Manager (you can also use PowerShell), install the Hyper-V role as shown in Figure 1.

Image
Figure 1: Installing the Hyper-V Role

  1. Create a virtual switch using the Hyper-V Network Adapter as shown in Figure 2.

Image
Figure 2: Creating a Hyper-V Virtual Switch

  1. Do not enable the Virtual Machine Migration option.
  2. Set the default location for the virtual hard disks and configuration files as shown in Figure 3.

Image
Figure 3: Setting the default storage locations

  1. Select the option to automatically restart the VM after installation.
  2. Click the Install button to start the Hyper-V role installation.
  3. After the VM reboots, log into the NestedHost VM as the local administrator.
  4. In the NestedHost VM, start the Hyper-V Manager console.
  5. Using the Hyper-V Manager console, create a VM called NestedVM and install the Windows Server 2016 Technical Preview 4. You will have to make an ISO of the media available to the NestedHost VM to complete this step.
  6. The nested host also supports the Enhanced Session feature to connect to the VMs that are running on it, as you can see in Figure 4.

Image
Figure 4: A nested VM running on a VM host with the Hyper-V Role

Conclusion

Nested Virtualization is a new technology in Windows Server 2016 Technical Preview 4 that allows you to virtualize a Hyper-V host and run virtual machines on that virtualized host. While nested virtualization is a feature that is very helpful, for example, to deploy training environments in enterprise infrastructures that need to minimize hardware costs, it is not meant at this stage for deployment of production workloads. One of the drawbacks of using this feature is that you will encounter a small performance hit for workloads running within a nested virtualization host for each added level of abstraction above the hardware layer. One of the main advantages is that this technology enables scenarios that you could not construct with previous versions of Hyper-V, and it is a feature that is sure to be welcomed by IT groups that are heavily vested in Windows Server virtualization.

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top