Nested virtualization tends to be one of the more under rated Hyper-V features, but has its place nonetheless. First introduced in Windows Server 2016 and Windows 10 Anniversary Update, the nested virtualization feature allows administrators to run Hyper-V inside of a virtual machine.
Why is Nested Virtualization Useful?
On the surface, nested virtualization seems like something of a novelty, but there are perfectly legitimate use cases. For example, nested virtualization is useful for training purposes. Suppose for a moment that an organization hires a new junior administrator and wants to bring them up to speed on Windows Server 2016 Hyper-V. By using nested virtualization, it is possible to create a sandboxed Hyper-V environment that can be safely used for training purposes, without the need for dedicated physical hardware.
Nested virtualization is also useful for achieving pseudo private cloud functionality. In a true private cloud environment, the IT staff provides authorized users with a self service portal that they can use to create virtual machines for their own use. As convenient as private cloud environments might be for users however, they are not without their challenges. Building a private cloud can be an expensive and tedious process, and maintaining the virtual machine templates that are used within the private cloud can be labor intensive.
If an administrator needs for authorized users to be able to create virtual machines, but also needs to put hardware resource usage caps in place, then using nested virtualization may be a good alternative to building a full blown private cloud. Suppose for example that the IT department wants to allow a particular user to create VMs at will, but wants to ensure that the user does not consume more than 128 GB of physical server RAM. In this type of situation, the IT staff could conceivably create a single Hyper-V virtual machine and provision it with 128 GB of RAM. The IT staff could also enable nested virtualization for the VM, and install Hyper-V. To the user who receives the VM, it essentially looks and acts like a physical server. The user is able to create Hyper-V virtual machines at will within the VM, with no risk of consuming hardware resources beyond those that were allocated to the VM.
Nested Virtualization Requirements
There are relatively few requirements for enabling nested virtualization within a Hyper-V virtual machine. As previously mentioned, the primary requirement is a compatible operating system. Nested virtualization is supported in Windows Server 2016 Hyper-V, and was added to Windows 10 starting with the Anniversary Update. In order to use nested virtualization, both the host and the guest operating system have to be running an operating system that supports nested virtualization.
In addition to the OS version, there are two other requirements for nested virtualization. The first of these requirements is that, the Hyper-V virtual machine must be using configuration version 8 or higher. You can check a VM’s configuration version by opening PowerShell within the host OS and entering the following command:
Get-VM * | Select-Object Name, Version
If the VM is using an older configuration version, you can update it by using the Update-VMVersion cmdlet.
The other requirement for enabling nested virtualization is that the server must have a compatible CPU. Nested virtualization is not supported for use on servers with AMD processors. An Intel CPU with VT-x and EPT technology is required.
Enabling Nested Virtualization
You can enable nested virtualization with a single line of PowerShell code. However, because nested virtualization is enabled on a per-VM basis, you will need to create the VM before you can enable nested virtualization.
Once the VM is in place, make sure that the VM is powered off, and use the following command to enable nested virtualization:
Unless you want the VM to act as a sandboxed environment, you are going to need to enable networking for the nested VMs. The easiest way to achieve this is to use MAC address spoofing. Keep in mind however, that MAC address spoofing is not appropriate for service provider use. In those situations, it is better to use the NAT method, which is described at: https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/user-guide/nested-virtualization
The command used to enable MAC address spoofing is:
| Set-VMNetworkAdapter -MacAddressSpoofing O
What About Other Virtualization Platforms?
One of the big questions that is commonly asked with regard to nested virtualization is whether it is possible to run a third party hypervisor (such as VMware ESXi) inside of a Hyper-V virtual machine. Although there are some who claim to have made this work, the use of third party hypervisors is not supported, and is strongly discouraged by Microsoft.