Earlier in the year, we announced that we will be building nested virtualization so that people could run Hyper-V Containers in Hyper-V virtual machines.
In preparation for the first public preview of Hyper-V Containers, we are releasing a preview of nested virtualization. This feature allows you to run Hyper-V in a virtual machine (note that this is Hyper-V on Hyper-V only… other hypervisors will fail).
Although Hyper-V Containers have not been released yet, for now you can try out this feature with Hyper-V virtual machines.
Build 10565 — It is a very early preview
Yesterday, we announced the release of build 10565 to Windows Insiders on the Fast ring. This build contains an early preview of nested virtualization.
When I say it is an “early” preview, I mean it – there are plenty of known issues, and there is functionality which we still need to build. We wanted to share this feature with Insiders as soon as possible though, even if that meant things are still rough around the edges.
This post will give a quick overview of what nested virtualization is, and briefly cover how it works. The end of this post will explain how to enable it, so you can try it out. Please read the “known issues” section before trying this feature.
documentation available here: https://msdn.microsoft.com/en-us/virtualization/hyperv_on_windows/user_guide/nesting
What is nested virtualization?
In essence, this feature virtualizes certain hardware features that are required to run a hypervisor in a virtual machine.
Hyper-V relies on hardware virtualization support (e.g. Intel VT-x and AMD-V) to run virtual machines. Typically, once Hyper-V is installed, the hypervisor hides this capability from guest virtual machines, preventing guests virtual machines from installing Hyper-V (and many other hypervisors, for that matter).
Nested virtualization exposes hardware virtualization support to guest virtual machines. This allows you to install Hyper-V in a guest virtual machine, and create more virtual machines “within” that underlying virtual machine.
In the image below, you can see a host machine running a virtual machine, which in turn is running its own guest virtual machine. This is made possible by nested virtualization. Behold, three levels of Cortana!
Under the hood
Consider the diagram below, which shows the “normal” (i.e. non-nested) case. The Hyper-V hypervisor takes full control of virtualization extensions (orange arrow), and does not expose them to the guest OS.
Contrast this with the nested diagram below. In this case, Hyper-V has been configured to expose virtualization extensions to its guest VM. A guest VM can take advantage of this, and install its own hypervisor. It can then run its own guest VMs.
Known issues: important!
Like I said earlier – this is still just a “preview” of this feature. Obviously, this feature should not be used in production environments. Below is a list of known issues:
- Both hypervisors need to be the latest versions of Hyper-V. Other hypervisors will not work. Windows Server 2012R2, or even builds prior to 10565 will not work.
- Once nested virtualization is enabled in a VM, the following features are no longer compatible with that VM. These actions will either fail, or cause the virtual machine not to start if it is hosting other virtual machines:
- Dynamic memory must be OFF. This will prevent the VM from booting.
- Runtime memory resize will fail.
- Applying checkpoints to a running VM will fail.
- Live migration will fail — in other words, a VM which hosts other VMs cannot be live migrated.
- Save/restore will fail.Note: these features still work in the “innermost” guest VM. The restrictions only apply to the first layer VM.
- Once nested virtualization is enabled in a VM, MAC spoofing must be enabled for networking to work in its guests.
- Hosts with Device Guard enabled cannot expose virtualization extensions to guests. You must first disable VBS in order to preview nested virtualization.
- Hosts with Virtualization Based Security (VBS) enabled cannot expose virtualization extensions to guests. You must first disable VBS in order to preview nested virtualization.
- This feature is currently Intel-only. Intel VT-x is required.
- Beware: nested virtualization requires a good amount of memory. I managed to run a VM in a VM with 4 GB of host RAM, but things were tight.
How to enable nested virtualization
Step 1: Create a VM
Step 2: Run the enablement script
Given the configuration requirements (e.g. dynamic memory must be off), we’ve tried to make things easier by providing a PowerShell script.
This script will check your configuration, change anything which is incorrect (with permission), and enable nested virtualization for a VM. Note that the VM must be off.
Invoke-WebRequest https://raw.githubusercontent.com/Microsoft/Virtualization-Documentation/master/hyperv-tools/Nested/Enable-NestedVm.ps1 -OutFile ~/Enable-NestedVm.ps1
~/Enable-NestedVm.ps1 -VmName <VmName>
Step 3: Install Hyper-V in the guest
From here, you can install Hyper-V in the guest VM.
Invoke-Command -VMName “myVM” -ScriptBlock { Enable-WindowsOptionalFeature -FeatureName Microsoft-Hyper-V -Online; Restart-Computer }
Step 4: Create nested VMs
Give us feedback!
If you discover any issues, or have any suggestions, please consider submitting feedback with the Windows Feedback app, through the virtualization forums, or through GitHub.
We are also very interested to hear how people are using nested virtualization. Please tell us about your scenario by dropping us a line at VirtualPCGuy@microsoft.com.
Go build VMs in VMs!
Cheers, Theo Thompson
Updated: https://msdn.microsoft.com/en-us/virtualization/hyperv_on_windows/user_guide/nesting is where you go to find the most up-to-date documentation.
It would be nice if step 3 was possible via powershell. Is it maybe possible with remoting?
You can actually enable it from the host (given that you have admin creds for the guest VM). Here is an example using PowerShell direct:
$localCred = new-object -typename System.Management.Automation.PSCredential `
-argumentlist "Administrator", (ConvertTo-SecureString "P@ssw0rd" -AsPlainText -Force)
Invoke-Command -VMName "myVM" -Credential $localCred -ScriptBlock { Enable-WindowsOptionalFeature -FeatureName Microsoft-Hyper-V -Online; Restart-Computer }
You mention it won’t work in other Hypervisors.. Will this change for GA?
詳しくはこちらのブログ Windows Insider Preview: Nested Virtualization を見ていただきたのですが、どうしてもお伝えしておきたくブログを書きました。 ※ 書きたいことがたまっているので
Does this work with the Windows 10 Mobile emulators and Visual Studio?
Yo dawg, I heard you like virtual machines, so we put virtual machine inside a virtual machine…
Cross-post from CharbelNemnom.com ———————————————- Hello folks, I would
Буквально сразу после анонса Windows 10 Insider Preview Build 10565 команда виртуализации Microsoft в
Regarding other hypervisors, does this also mean that containers will not work on other hypervisors as well? :/
To add a more specific query to Robert McLaws’ question: when this technology eventually becomes available in Azure (in some future server version of Windows), will I be able to install the mobile emulators into a VM in Azure? (Today you can’t – the emulators
refuse to install because they are VMs, and you can’t host a VM in an Azure VM.) The inability to do this is a frequent cause of pain for me, but I worry slightly that the core scenario appears to be all about containers inside VMs, rather than VMs in VMs.
Totally with you on this Ian – not being able to run the emulators is really disappointing given it’s a 100% Microsoft branded environment and tooling. If you’ve found a work around for the emulators, I’d love to hear it.
I’ve added a comment to this similar thread:
https://social.msdn.microsoft.com/Forums/en-US/ee654842-5007-4456-96ab-a682ec18591d/nested-virtualization-inside-azure?forum=WAVirtualMachinesforWindows&prof=required
Буквально сразу после анонса Windows 10 Insider Preview Build 10565 команда виртуализации Microsoft в
yo dawg i herd you like virtualization so we put hypervisor in yo hypervisor so you can virtualize while u virtualize
How many levels of Virtualization can one do? Standard boards available here support up to 32 GB of RAM. What else does it depend on other than RAM and CPU ?
Also, you mentioned "MAC Spoofing" must be ON.. where? Just on the outermost host? or each nested host ?
what are the key use cases for nested virtualization?
I would suspect this would be good in lab environment and for testing applications across multiple operating systems. Aside from test and lab I personally wouldn’t see a need for nested VM’s. There could be other possibilities I am sure but nothing off
the top of my head.
@Sujay Sarma – You need to enable mac address spoofing on the L1 root to get network connectivity in the L2 guests
When is next Server 2016 Preview? Insider program is only for client.
Az Eredet című film alapötletét másolja le a rendszer friss kiadásának egy kísérleti újítása
My greatest concern at this stage is the lack of RemoteFX drivers for windows 7, 8.1, client and server guests. I always wanted to virtualise my main install but this is still keeping me back. Also, can we allocate more than 1GB of VRAM to guests?
Winception
This OS turns out to be even greater
a good use case would be guest failover clustering
You’re delaying Windows Mobile 10 development for create this???
@Dhana, some usage cases that spring to mind:
One use case is development environments, as Ian mentioned – the ability to host a development machine in the cloud that can do everything a local machine can do is valuable. Another perhaps more obvious use case is for IT training and certification, where
it’s common to use VMs to deploy classroom images and Hyper-V training is difficult without a complex custom setup. The docker virtualization scenario is another common potential scenario, where you may have multiple docker farms running on a few larger VMs.
Finally, directly migrating an existing server that contains some self-contained Hyper-V workloads to the cloud or a datacenter, rather than having to separate them out first.
Can the nested Hyper-V host be managed by SCVMM, as usual ?
Really, what use is this if you can’t run other hypervisors? We have an aging VMWare hypervisor with a few hosts that cannot be migrated and must be left on for legacy software/OS reasons – running NT4 if you can believe it. It will not migrate off of
this platform as it isn’t supported. We have moved all the rest of our virtualized infrastructure to Hyper-V. It would be nice to be able to install a VMWare hypervosor in this scenario and move our machines there.
As a dev and not an admin, I'm curious: what is this useful for?
It would be nice to have this Feature also on AMD-V, please
Can we get a server build with this so I can install System Centre Virtual Machine Manager? so I can test the software?
Looking forward to this feature being enabled for AMD machines!
Trying to understand and do the math. Will an Azure A4 (8 dedicated cores, 14 GB dedicated RAM and 605 GB of disk) be able to host 3 Azure A3 replicas with 4 shared cores each, and 7 GB of shared RAM each.
One A4 cost 2 times an A3, but will in this case allow me to run 3 A3's (almost) with shared resources for 2/3 or the cost
Ok, it depends on specific applications but just to get an understanding from experienced IT pros here…
212 Microsoft Team blogs searched, 69 blogs have new articles. 226 new articles found searching from
Hey Microsoft, why users are still facing these silly errors? Why are you not doing anything about this?
Am I missing something, or did someone forget to tell Parallels this isn't supposed to work?
Hey I try to enable this With the ram of 4096 MB however it gave me error and did not let me do it. I had to increase the ram of the VM to 4500MB and that worked. Still I am enable to install Hyper-v inside the VM. Any suggestion. ??
I was able to install Hyper-V inside the VM using powershell command inside the Vm "Enable-WindowsOptionalFeature -FeatureName Microsoft-Hyper-V -Online; Restart-Computer"
Il keep testing this for nested Clustering and will be posting few more question here.
Happy testing 🙂
It would be nice if step 3 was possible via powershell. Is it maybe possible with remoting..
http://gagner10000euros.com">gagner de l'argent sur internet
Would be nice to know what application this feature is targeting. I can see the administration of such a embedded on embedded scenario being so complex and easily spin out of control
Also in Server 1016 TH4 now.
http://blogs.technet.com/b/server-cloud/archive/2015/11/19/make-innovation-easier-with-windows-server-2016-and-system-center-2016-technical-preview-4.aspx
This script seems to be have been removed…
https://raw.githubusercontent.com/Microsoft/Virtualization-Documentation/master/hyperv-tools/Nested/Enable-NestedVm.ps
Another way to enable nested hyper-v virtualization via powershell:
Set-VMProcessor -VMName -ExposeVirtualizationExtensions $true
I can’t copy paste… correct link: https://raw.githubusercontent.com/Microsoft/Virtualization-Documentation/master/hyperv-tools/Nested/Enable-NestedVm.ps1
You can also test Nested Virtualization in Windows Server 2016 and Windows 10 with VMware workstation 12:
http://www.sysadmit.com/2016/02/vmware-workstation-instalar-hyper-v.html
How about a 2012 R2 RDS virtualized server on which you need remote apps ? you have to install hyper-v role/functionality, don’t you ?
Hey Sarah,
when is nested virtualization possible with AMD-V?
Would be very nice.
Thanks
Michael
enable nested virtualization use nice.
thanks for your great effort and support.