Quick Bites:

  • Nested virtualization in Azure provides a powerful tool for scalable resource provisioning and diverse use cases
  • In this blog, let’s learn to run VMs inside VMs in Azure using Hyper-V
  • Understand requirements and follow simple defined steps for Hyper-V installation
  • Explore use cases like DEV/TEST, multi-server configurations, and Hyper-V containers
  • Discover benefits, including testing environments, education, application isolation, legacy support, security, and resource optimization

Introduction

One of the great things that today’s modern hypervisor platforms allow us to do is run VMs inside of VMs. This is referred to as “nested virtualization”.

This opens especially interesting use cases when you think of running a hypervisor inside a VM environment, such as running a Windows Server 2016 virtual machine with Hyper-V installed inside a VM that is hosted on a Windows Server Hyper-V physical host.

Protect Your Data with BDRSuite

Cost-Effective Backup Solution for VMs, Servers, Endpoints, Cloud VMs & SaaS applications. Supports On-Premise, Remote, Hybrid and Cloud Backup, including Disaster Recovery, Ransomware Defense & more!

Table of Contents

Hyper-V inside Azure (Nested Virtualization) Requirements
Installing Hyper-V in Azure Nested Virtualization
Azure Nested Virtualization Use Cases
Benefits of Nested Virtualization
Thoughts

Taking the thought of nested virtualization a bit further, today’s organizations are looking at utilizing public cloud environments such as Microsoft Azure to run both production and development workloads. With the release of Windows Server 2016, Microsoft has opened up the possibility of nested virtualization across all fronts, both on-premises and in the Azure public cloud space.

Focusing on the Azure public cloud, what use cases and interesting abilities does running Hyper-V inside of Azure open up to organizations?

Download Banner

What are the requirements for running Hyper-V in Azure?

How does running containers weight into the discussion of nested virtualization in Azure?

Let’s take a look at running Hyper-V in Azure Nested Virtualization and take a look at this aspect of virtualization and how it affects environments both today and tomorrow.

Hyper-V inside Azure (Nested Virtualization) Requirements

As mentioned, with the introduction of Windows Server 2016, nested virtualization is now a supported means of running production workloads. This also opens up the possibility of running nested workloads inside Microsoft Azure.

Since this is a new development, what are the requirements for taking advantage of nested virtualization?

The following are requirements for running Hyper-V hosts inside a guest virtual machine:

  • Hyper-V host and guest must both be either Windows Server 2016 or Windows 10 Anniversary update or later
  • VM configuration level must be 8.0 or higher
  • Only Intel processors are currently supported – running VT-x and EPT technology

Azure specific requirements:

  • Create a Windows Server 2016 VM
  • All v3 virtual machines support nested virtualization

The following SKU Family VMs are capable of nested virtualization. These SKUs are hyper-threaded, nested capable VMs:

  • D_v3
  • Ds_v3
  • E_v3
  • Es_v3
  • F2s_v2-F72s_v2
  • M

Installing Hyper-V in Azure Nested Virtualization

What are the Azure specific steps that need to be completed to install Hyper-V within a Azure virtual machine?

There are (7) short steps that need to be completed to provision a nested virtual machine inside Microsoft Azure:

  • Create an Azure VM capable of nesting (Windows Server 2016, etc)
  • Connect to the Azure VM
  • Install Hyper-V Feature inside the Azure VM
  • Create a NAT’ed vSwitch for outside connectivity
  • Create the guest virtual machine
  • Configure an IP Address on the nested guest virtual machine
  • Test Connectivity

First things first, you need to create an Azure VM. Here you need to create a Windows Server 2016 or Windows 10 Anniversary edition VM.

Azure Nested Virtualization

Creating a Microsoft Azure VM capable of nested virtualization

Choose the size of the VM to be created in Microsoft Azure. Here you want to make sure the virtual machine chosen is large enough to run nested virtual machines. This typically will be a multiple vCPU configuration with a healthy amount of memory to use for the “layer 2” VMs.

Azure Nested Virtualization

Choosing the size of the Nested Virtualization host

After creating the “host” virtual machine in Azure using the supported workstation and sizing configuration, you will need to enable the Hyper-V feature to use it as the nested virtualization host.

Azure Nested Virtualization

Using PowerShell to install the Hyper-V feature in the nested virtualization host

Next, for allowing connectivity to the outside world for the nested virtual machine, you need to create a new virtual switch that will be configured for NAT’ed access. Using PowerShell this can be accomplished using the cmdlet:

  • New VMSwitch -Name “InternalNATSwitch” -SwitchType Internal

Azure Nested Virtualization

Creating a new VMSwitch for NAT’ed connectivity for the nested virtual machine

In order to configure the NAT’ed IP address, you need to query the interface indexes to know which interface to use for the NAT’ed connection to the virtual machine. To do that, you can use the following PowerShell cmdlet:

  • Get-NetAdapter

Azure Nested Virtualization

Finding the ifIndex for created the NAT’ed IP address to be used for nested VM connectivity

Using this information, you create the IP address that will be used for outside connectivity. Using PowerShell:

  • New-NetIPAddress -IPAddress < IP address > -PrefixLength 24 -InterfaceIndex < ifIndex >

Azure Nested Virtualization

Creating the IP Address that will be used for outside connectivity for the nested virtual machine

Since the IP Address has been configured for NAT’ing and attached to the correct interface, you can now create the internal network to be used for NAT’ed traffic. Using PowerShell:

  • New-NetNat -Name -InternalIPInterfaceAddressPrefix < address prefix >

Azure Nested Virtualization

Creating the internal NAT subnet for using for connecting the internal nested virtual machine

After the networking portion is configured on the Hyper-V host, you are ready to begin provisioning the nested virtual machine in Hyper-V. You can use the normal Hyper-V Manager console as you would with any other Hyper-V server at this point. Make sure on the Configure Networking step that you use the NAT’ed switch that was created using the steps above.

Azure Nested Virtualization

Configuring the Internal NAT virtual switch for the nested virtual machine

As you can see below, we have a nested virtual machine provisioned and loading on the Windows Server 2016 VM housed in Azure.

To configure connectivity to the nested virtual machine, you simply have to assign an address within the NAT’ed subnet to the virtual machine network connection.

Azure Nested Virtualization

Assigning a network address to the nested virtual machine that allows connectivity

After assigning the IP address to the nested virtual machine, you should be able to test connectivity to the outside. This can easily be done even without using a browser with PowerShell:

  • Test-NetConnection

Azure Nested Virtualization

Testing Egress connectivity from within the nested virtual machine

The connectivity from the nested virtual machine to the Internet is successful after assigning the IP Address within the NAT’ed virtual switch subnet range.

Azure Nested Virtualization Use Cases

What are the potential use cases for running Azure nested virtualization built on top of Hyper-V?

There are several different scenarios that can readily come to mind including DEV/TEST environments. The nested environment can easily be delegated to developers for easily testing various virtual machine environments. Developers can easily provision their own virtual machines within the nested environment in the context of the Hyper-V server running in Azure.

Another great benefit of nested virtualization is the ability to test multi-server configurations without the need for provisioning the multiple servers as either individual VMs or actual physical servers. Running entire Windows Failover Server cluster environments within a single Hyper-V virtual machine is possible with nested virtualization and all of this can be provisioned in Azure.

The real production use case for nested virtualization comes in the form of containers. With Windows Server containers, the containers themselves share the kernel of the host operating system. However, for additional security, Hyper-V containers allow isolating the containers to the kernel of the parent operating system which is a provisioned virtual machine the containers run inside of located on the Hyper-V host. Hyper-V containers are supported in Azure for production use.

Benefits of Nested Virtualization

  • Testing and Development Environments: Nested virtualization allows developers and testers to create complex testing and development environments within Azure VMs. They can set up nested VMs to mimic real-world scenarios, deploy multiple operating systems, and test different software configurations without the need for physical hardware
  • Training and Education: Nested virtualization is beneficial for training and educational purposes. It enables the creation of virtual labs and environments where students can practice and experiment with various technologies and software stacks. Instructors can set up a nested VM environment to deliver hands-on training without requiring physical infrastructure
  • Application Isolation: Nested virtualization helps to isolate applications and workloads. By running applications inside nested VMs, you can create separate environments with their own operating systems, libraries, and dependencies. This isolation ensures that any issues or changes within one nested VM do not impact the other VMs or the underlying host
  • Legacy Application Support: Nested virtualization can be used to support legacy applications that may require specific operating system versions or configurations. By running the legacy application within a nested VM, you can maintain compatibility while benefiting from the flexibility and scalability of the Azure platform
  • Security and Testing: Nested virtualization can be utilized for security purposes, such as running security tools or performing penetration testing. By running these tools within a nested VM, potential risks and vulnerabilities can be isolated, ensuring that they do not impact the primary Azure infrastructure or compromise other VMs
  • Optimal Resource Utilization: Nested virtualization allows for better utilization of compute resources within Azure. By running multiple VMs within a single VM, you can consolidate workloads and make efficient use of the available resources. This can help optimize costs by reducing the number of VMs required and maximizing resource utilization
  • Thoughts

    Nested virtualization is a great step forward for Microsoft’s Hyper-V platform running in Azure. Azure provides a powerful infrastructure platform that is available from anywhere running on top of Microsoft’s world-class data center infrastructure. Utilizing Azure to run nested VMs is a great way to easily provision resources for DEV/TEST or even production use cases such as Hyper-V containers. Provisioning nested virtual machines running in Azure is easily accomplished with only a few steps, most of which can be done using PowerShell. This provides a great tool for Hyper-V administrators to provision nested resources not only on-premises but also in the Azure public cloud environment. This allows scaling resources and prod/dev/test environments almost infinitely.

    Follow our Twitter and Facebook feeds for new releases, updates, insightful posts and more.

    5/5 - (5 votes)