NAKIVO > Blog > Hyper-V

Hyper-V Nested Virtualization Explained

July 4, 2023

Hyper-V nested virtualization is a feature that was first released with Windows Server 2016 and Windows 10, and available on workstations as well as servers. The application area for the Microsoft Hyper-V hypervisor was expanded with the introduction of this feature. This blog post explains what nested virtualization is, as well as the use cases, requirements, and limitations of nested virtualization in Microsoft Hyper-V.

Contents

  • What Is Nested Virtualization?
  • Requirements and Limitations
  • How to Enable Hyper-V Nested Virtualization and Create a Nested VM
  • Protection of VMs with NAKIVO Backup & Replication

What Is Nested Virtualization?

Nested virtualization in Microsoft Hyper-V is a feature that allows you to create virtual machines (VMs) within other Hyper-V VMs running on a Hyper-V host. These VMs running inside VMs are called nested VMs. Note that nested virtualization can also be configured in VMware environments.

A schema of nested virtualization in Hyper-V

Use cases

The following are some of the use cases for nested virtualization in virtual environments:

  • Creating isolated environments. You can use this feature to create nested virtual machines that are connected to each other via an isolated virtual network. Thus, you can create a fully isolated environment, which has no impact on your regular virtual machines and network.
  • Training/testing/development. Training is useful for familiarizing new users or administrators with software (or for familiarizing existing users or administrators with new software). However, training in production environments can lead to instability or even failure. With nested virtualization, you can simulate the production environment on nested VMs without any impact on the real production environment.

    Besides training for administrators, QA specialists (testers) and developers may need this type of environment for testing or development purposes. The benefit is that you can use nested VMs in existing virtual environments for these purposes without the need to buy additional dedicated hardware.

  • Building a private cloud. Deploying a real private cloud with a self-service portal for users can be expensive and labor-intensive. With nested virtualization, you can deploy a pseudo-private cloud with identical functionality to that type of cloud. For example, you could create a VM with Hyper-V Server installed and provision 256 GB of RAM.

    Users can create and configure nested VMs inside the VM with Hyper-V installed depending on their needs, but they cannot exceed the memory limit and consume more than 256 GB of RAM. You can add memory and virtual network adapters to VMs on which Hyper-V is installed with the hot-add feature without any downtime.

Requirements and Limitations

You should meet the following requirements to implement nested virtualization in Hyper-V:

  • The host operating system must be Windows Server 2016 or Windows 10 (Anniversary update) or later.
  • The Hyper-V VM must be version 8 or higher.
  • The physical server must have a compatible CPU that supports the appropriate virtualization features.
    • Only Intel processors with VT-x and EPT technology support nested virtualization in Windows Server 2016, Windows Server 2019, and Windows 10.
    • If you have AMD processors with AMD-V virtualization features, you must use Windows Server 2022 or Windows 11 to have support for Hyper-V nested virtualization.
    • The newest Windows versions support both AMD and Intel processors.
  • There must be enough physical memory to run the VMs.
  • The VM should not be using Dynamic Memory.
  • While not a requirement, it is recommended that you use SSD disks to improve VM performance, as low disk speeds significantly reduce performance.

Some limitations apply to the VMs hosting nested VMs (nested VMs can be referred to as “innermost guests”):

  • Checkpoints cannot be applied to a running VM.
  • Live migration fails for the VM.
  • Runtime memory resize does not function.

Note: The features associated with these three limitations above can be used for the innermost guests.

What is nested VT-x/AMD-V?

Intel VT-x and AMD-V are instruction sets for processors, which enable hardware virtualization. When you use nested virtualization, you need to enable one of these features for the virtual machine used for nesting. Only then can a VM use the processor’s hardware virtualization features to run nested VMs.

How to Enable Hyper-V Nested Virtualization and Create a Nested VM

This section covers the actions for configuring Hyper-V nested virtualization in Windows Server 2019. The configuration process is the same for Windows Server 2016 and Windows Server 2022.

Configuring the Hyper-V host

First, you need to configure the Hyper-V host:

  1. Prepare a physical server with a compatible CPU, enough memory, and the appropriate storage capacity.
  2. Verify that CPU virtualization features such as Intel VT-x are enabled in BIOS.
  3. Install Hyper-V Server 2019, Windows Server 2019, or the Windows 10 operating system.
  4. Add the Hyper-V server role if you are using a full-featured Windows operating system (or enable Hyper-V in Windows 10). You can also use the graphical user interface (GUI) and Server Manager.

Deploying a guest VM

Next, you need to create a virtual machine and install a guest operating system:

  1. Create a Hyper-V VM in Windows Server or create a VM in Windows 10.
  2. Install an operating system that supports nested virtualization for Hyper-V on the guest VM, that is, install Windows 10 Anniversary Update or later or Windows Server 2016 or later.

Windows Server 2016 is used for the purposes of this walkthrough. You can use newer Windows versions.

Configuring the guest VM

By default, support for hardware virtualization is disabled for a guest VM. The operating system displays an error if you try to add the Hyper-V role for the VM.

This error message is displayed when hardware virtualization is disabled for a guest VM

You can enable hardware virtualization for a guest hypervisor only by using PowerShell. Note that the guest VM must be powered off in order to apply the following commands.

  1. First check whether hardware virtualization is enabled for the guest VM. Execute the following command on the host OS (which is installed on the physical machine):

    Get-VMProcessor -VMName vm_name | fl *

    Insert the name of your VM instead of vm_name. The name of the VM is Server2016 in our example. WIN2018 is the computer name representing the physical machine on which Windows is installed along with the Hyper-V role.

Hyper-V nested virtualization - checking if hardware virtualization is enabled for a VM

  1. To enable hardware virtualization inside the guest VM, stop the VM before and apply the following command:

    Set-VMProcessor -VMName vm_name -ExposeVirtualizationExtensions $true

    If everything is okay, there should be no message displayed after entering the command. If the VM is running, the following error message is displayed:

Hyper-V enable nested virtualization - enabling processor virtualization features for a VM

VM network connection

Now, you need to configure the network settings for your VM. There are two ways to connect nested VMs to the network: MAC spoofing and NAT.

  • If the network for the nested VMs is configured by providing access to a real Local Area Network (LAN), then one network adapter on the host machine would carry multiple MAC addresses – which could potentially cause network issues. That’s why the MAC address spoofing option must be activated (this option is disabled by default).
  • If a pseudo-private cloud is deployed, MAC address spoofing cannot be used for VM networking, and you should configure NAT in this case.

Note: Both methods are covered below, but we will use the NAT method to configure our VM to use Hyper-V nested virtualization.

Configuring MAC address spoofing

If using MAC address spoofing, enable it on the network adapter of the virtual Hyper-V host:

  • On the physical machine with Hyper-V Server installed, enter the following command to enable MAC address spoofing:

    Get-VMNetworkAdapter -VMname vm_name | Set-VMNetworkAdapter -MacAddressSpoofing On

    Insert the name of your VM instead of vm_name. In our case, it’s Server2016, as mentioned above.

Enabling MAC address spoofing for a VM in PowerShell for Hyper-V nested virtualization

  • If you prefer the GUI, go to VM Settings > Network adapter > Advanced features and select the Enable MAC address spoofing checkbox, and click OK.
  • Enabling MAC address spoofing for a VM to use the network with Hyper-V nested virtualization

Configuring NAT

NAT can be enabled only by using PowerShell. While the previous commands were executed on the host OS, the following commands must be executed on the guest OS.

To enable NAT for VM network connection:

  1. First, create a new virtual switch.

    New-VMSwitch -Name “SwitchName” -SwitchType Internal

    Use your switch name instead of SwitchName. We are using NAT-Switch in this walkthrough.

Creating a new virtual switch to connect VMs through NAT for using networking with Hyper-V nested virtualization

  1. Define the subnet behind NAT and enable NAT. The network address must not coincide with IP addresses in your existing network. In this example, the network name is NAT-net and the network address is 192.168.2.0/24

    New-NetNat -Name “network_name” -InternalIPInterfaceAddressPrefix ‘ip-address/netmask’

Defining a network address for the network used for NAT

  1. Then assign the IP address for the interface on which NAT is enabled.

    Generate a list of the available adapters to check their names with the following command:

    Get-NetAdapter | ft -Autosize

Displaying a list of virtual switches and checking the name of the recently created virtual switch

In this example, the name of the virtual network adapter that is connected to the virtual switch created earlier is vEthernet (NAT-Switch).

  1. You should now define the IP address for this virtual network adapter, which must belong to the created network. Nested VMs will use the IP address of this network interface as a gateway. In our example, this IP address is 192.168.2.1 – it belongs to the network 192.168.2.0/24

    Get-NetAdapter “adapter_name” | New-NetIPAddress -IPAddress ip_address -AddressFamily IPv4 -PrefixLength mask_number

Setting the IP address for the network interface used for NAT

Configuring a nested VM

You can now create and configure a nested VM. In this walkthrough, a VM with Windows Server 2016 is used as the nested VM.

  1. Select the virtual switch (which you have recently created) in the network settings of the VM in Hyper-V Manager.

Selecting the virtual switch created to connect the VMs through NAT

  1. Configure the TCP/IP settings in the Network Adapter Properties of the nested VM. If there are no DHCP servers in the virtual network, assign the IP address, subnet mask, default gateway, and DNS server manually.

Hyper-V nested virtualization networking - setting the IP address for the nested VM

Note: Check your firewall settings, because firewalls can block network connections.

Your nested VM now has a configured network and is ready to run.

Running a nested VM - Hyper-V nested virtualization networking works fine

Protection of VMs with NAKIVO Backup & Replication

All VMs, including nested VMs, should be backed up to ensure the reliability of your Hyper-V virtual environment. NAKIVO Backup & Replication delivers reliable Hyper-V backup with fast image-based incremental backups that leverage the native Hyper-V Resilient Change Tracking (RCT) technology. Using backups, you can recover application objects/files, instantly boot VMs or recover Hyper-V VMs as VMware vSphere VMs, among other recovery options.

Hyper-V backup with the NAKIVO solution

People also read

Picture
A How-To Guide on Setting Up Hyper-V VLANs
Picture
Deploying Hyper-V VDI: A How-To Guide
Picture
How Hyper-V High Availability Works