Several changes have emerged in the marketplace at present and continue to do so. The concept of nested virtualization is not new, I know it has been a possibility in the vSphere ESXi stack for quite some time, Microsoft never really showed any interested in this as the only real use cases were lab environments and training. This has changed recently with the advent of cloud and container technologies as we continue to abstract more and more layers of our IT infrastructure.

So what actually is nested virtualization? Well it is simply running a Hypervisor inside a Virtual Machine. Once you do this you have two layers of virtualization and this can be useful for a number of reasons.

  1. Test Environments: This is awesome to be able to test things like System Center Virtual Machine Manager or Hyper-V Clustering without having multiple machines.
  2. Containers: This is a big thing at the moment. So what it is? A container is effectively a mini VM for applications. Instead of the whole Operating System being virtualized, a container focuses on provides an isolated environment for an application to reside in without the overhead of a full virtual machine.  At any rate, Microsoft is providing us with two different types of containers. Windows Containers and Hyper-V Containers which I have explained in this post.

How to Enable and Use Nested Virtualization on Hyper-V in Windows Server 2016 TP4

The following configuration MUST be carried out in order for nesting to work.

Dynamic Memory MUST be disabled on the virtual machine containing the nested instance of Hyper-V

VM must have more than 1 vCPU (I would recommend at least 4 realistically)

MAC address Spoofing must be enabled on the NIC attached to the virtual machine.

The VM that is going to be used for Nested Virtualization must have at least 4096 MB of memory:

Virtualization Extensions need to be exposed to the VM as seen below.

The current setting of the virtualization extensions can be seen by running:

Get-VMProcessor -VMName <Target VM’s name> | FL *

The settig you’re looking for in the output is: ExposeVirtualizationExtensions = True. By default this setting is disabled. To enable it simply run:

Set-VMProcessor -VMName <Target VM’s Name> -ExposeVirtualizationExtensions $true

That’s all there really is too it. Once these steps are followed for the target VM, you can simply install Server 2016 TP4 within the VM, install the Hyper-V Role, and away you go! Nest away!

Known Issues

Below is a list of known issues:

  • Hosts with Device Guard enabled cannot expose virtualization extensions to guests.
  • Hosts with Virtualization Based Security (VBS) enabled cannot expose virtualization extensions to guests. You must first disable VBS in order to preview nested virtualization.
  • Once nested virtualization is enabled in a virtual machine, the following features are no longer compatible with that VM.
    These actions will either fail, or cause the virtual machine not to start if it is hosting other virtual machines:
    • Dynamic memory must be OFF. This will prevent the VM from booting.
    • Runtime memory resize will fail.
    • Applying checkpoints to a running VM will fail.
    • Live migration will fail — in other words, a VM which hosts other VMs cannot be live migrated.
    • Save/restore will fail.