Hyper-V Nested Virtualization

Nested Virtualization in Windows Server 2016 and Windows 10

I already wrote a blog post bout Nested Virtualization in Windows 10 some weeks ago. With Technical Preview 4 of Windows Server 2016 Microsoft also introduced Nested Virtualization in Windows Server Hyper-V. Nested Virtualization allows you to run a Hypervisor inside a Virtual Machine running on a Hypervisor. This is a great case for demo and lab environment and also if you want to run Virtual Hyper-V servers in Microsoft Azure IaaS Virtual Machines (we will see if Microsoft will support this in Azure in the future).

Requirements

  • At least 4 GB RAM available for the virtualized Hyper-V host.
  • To run at least Windows Server 2016 Technical Preview 4 or Windows 10 build 10565 on both the physical Hyper-V host and the virtualized host. Running the same build in both the physical and virtualized environments generally improves performance.
  • A processor with Intel VT-x (nested virtualization is available only for Intel processors at this time).
  • Other Hypervisors will not work

How to set it up

To enable Nested Virtualization in Hyper-V, Microsoft created a script you can use which I already documented in my first blog post about Nested Virtualization. But of course you can do this also manual doing the following steps:

  • disable Dynamic Memory on Virtual Machine
  • enable Virtualization Extensions on the vCPU
  • enable MAC Address Spoofing
  • set Memory of the Virtual Machine to a minimum of 4GB RAM

To set the Virtualization Extension for the vCPU you can use PowerShell:

Limitations

With Nested Virtualization there are coming some limitations:

  • Once nested virtualization is enabled in a virtual machine, the following features are no longer compatible with that VM.
    These actions will either fail, or cause the virtual machine not to start if it is hosting other virtual machines:

    • Dynamic memory must be OFF. This will prevent the VM from booting.
    • Runtime memory resize will fail.
    • Applying checkpoints to a running VM will fail.
    • Live migration will fail — in other words, a VM which hosts other VMs cannot be live migrated.
    • Save/restore will fail.
  • Hosts with Device Guard enabled cannot expose virtualization extensions to guests.
  • Hosts with Virtualization Based Security (VBS) enabled cannot expose virtualization extensions to guests. You must first disable VBS in order to preview nested virtualization.

For more information check out the Microsoft page about Hyper-V Nested Virtualization.