Quick Bites:
- Nested virtualization in Azure provides a powerful tool for scalable resource provisioning and diverse use cases
- In this blog, let’s learn to run VMs inside VMs in Azure using Hyper-V
- Understand requirements and follow simple defined steps for Hyper-V installation
- Explore use cases like DEV/TEST, multi-server configurations, and Hyper-V containers
- Discover benefits, including testing environments, education, application isolation, legacy support, security, and resource optimization
Introduction
One of the great things that today’s modern hypervisor platforms allow us to do is run VMs inside of VMs. This is referred to as “nested virtualization”.
This opens especially interesting use cases when you think of running a hypervisor inside a VM environment, such as running a Windows Server 2016 virtual machine with Hyper-V installed inside a VM that is hosted on a Windows Server Hyper-V physical host.
Table of Contents
Hyper-V inside Azure (Nested Virtualization) Requirements
Installing Hyper-V in Azure Nested Virtualization
Azure Nested Virtualization Use Cases
Benefits of Nested Virtualization
Thoughts
Taking the thought of nested virtualization a bit further, today’s organizations are looking at utilizing public cloud environments such as Microsoft Azure to run both production and development workloads. With the release of Windows Server 2016, Microsoft has opened up the possibility of nested virtualization across all fronts, both on-premises and in the Azure public cloud space.
Focusing on the Azure public cloud, what use cases and interesting abilities does running Hyper-V inside of Azure open up to organizations?
What are the requirements for running Hyper-V in Azure?
How does running containers weight into the discussion of nested virtualization in Azure?
Let’s take a look at running Hyper-V in Azure Nested Virtualization and take a look at this aspect of virtualization and how it affects environments both today and tomorrow.
Hyper-V inside Azure (Nested Virtualization) Requirements
As mentioned, with the introduction of Windows Server 2016, nested virtualization is now a supported means of running production workloads. This also opens up the possibility of running nested workloads inside Microsoft Azure.
Since this is a new development, what are the requirements for taking advantage of nested virtualization?
The following are requirements for running Hyper-V hosts inside a guest virtual machine:
- Hyper-V host and guest must both be either Windows Server 2016 or Windows 10 Anniversary update or later
- VM configuration level must be 8.0 or higher
- Only Intel processors are currently supported – running VT-x and EPT technology
Azure specific requirements:
- Create a Windows Server 2016 VM
- All v3 virtual machines support nested virtualization
The following SKU Family VMs are capable of nested virtualization. These SKUs are hyper-threaded, nested capable VMs:
- D_v3
- Ds_v3
- E_v3
- Es_v3
- F2s_v2-F72s_v2
- M
Installing Hyper-V in Azure Nested Virtualization
What are the Azure specific steps that need to be completed to install Hyper-V within a Azure virtual machine?
There are (7) short steps that need to be completed to provision a nested virtual machine inside Microsoft Azure:
- Create an Azure VM capable of nesting (Windows Server 2016, etc)
- Connect to the Azure VM
- Install Hyper-V Feature inside the Azure VM
- Create a NAT’ed vSwitch for outside connectivity
- Create the guest virtual machine
- Configure an IP Address on the nested guest virtual machine
- Test Connectivity
First things first, you need to create an Azure VM. Here you need to create a Windows Server 2016 or Windows 10 Anniversary edition VM.
Choose the size of the VM to be created in Microsoft Azure. Here you want to make sure the virtual machine chosen is large enough to run nested virtual machines. This typically will be a multiple vCPU configuration with a healthy amount of memory to use for the “layer 2” VMs.
After creating the “host” virtual machine in Azure using the supported workstation and sizing configuration, you will need to enable the Hyper-V feature to use it as the nested virtualization host.
Next, for allowing connectivity to the outside world for the nested virtual machine, you need to create a new virtual switch that will be configured for NAT’ed access. Using PowerShell this can be accomplished using the cmdlet:
- New VMSwitch -Name “InternalNATSwitch” -SwitchType Internal
In order to configure the NAT’ed IP address, you need to query the interface indexes to know which interface to use for the NAT’ed connection to the virtual machine. To do that, you can use the following PowerShell cmdlet:
- Get-NetAdapter
Using this information, you create the IP address that will be used for outside connectivity. Using PowerShell:
- New-NetIPAddress -IPAddress < IP address > -PrefixLength 24 -InterfaceIndex < ifIndex >
Since the IP Address has been configured for NAT’ing and attached to the correct interface, you can now create the internal network to be used for NAT’ed traffic. Using PowerShell:
- New-NetNat -Name
-InternalIPInterfaceAddressPrefix < address prefix >
After the networking portion is configured on the Hyper-V host, you are ready to begin provisioning the nested virtual machine in Hyper-V. You can use the normal Hyper-V Manager console as you would with any other Hyper-V server at this point. Make sure on the Configure Networking step that you use the NAT’ed switch that was created using the steps above.
As you can see below, we have a nested virtual machine provisioned and loading on the Windows Server 2016 VM housed in Azure.
To configure connectivity to the nested virtual machine, you simply have to assign an address within the NAT’ed subnet to the virtual machine network connection.
After assigning the IP address to the nested virtual machine, you should be able to test connectivity to the outside. This can easily be done even without using a browser with PowerShell:
- Test-NetConnection
The connectivity from the nested virtual machine to the Internet is successful after assigning the IP Address within the NAT’ed virtual switch subnet range.
Azure Nested Virtualization Use Cases
What are the potential use cases for running Azure nested virtualization built on top of Hyper-V?
There are several different scenarios that can readily come to mind including DEV/TEST environments. The nested environment can easily be delegated to developers for easily testing various virtual machine environments. Developers can easily provision their own virtual machines within the nested environment in the context of the Hyper-V server running in Azure.
Another great benefit of nested virtualization is the ability to test multi-server configurations without the need for provisioning the multiple servers as either individual VMs or actual physical servers. Running entire Windows Failover Server cluster environments within a single Hyper-V virtual machine is possible with nested virtualization and all of this can be provisioned in Azure.
The real production use case for nested virtualization comes in the form of containers. With Windows Server containers, the containers themselves share the kernel of the host operating system. However, for additional security, Hyper-V containers allow isolating the containers to the kernel of the parent operating system which is a provisioned virtual machine the containers run inside of located on the Hyper-V host. Hyper-V containers are supported in Azure for production use.
Benefits of Nested Virtualization
Thoughts
Nested virtualization is a great step forward for Microsoft’s Hyper-V platform running in Azure. Azure provides a powerful infrastructure platform that is available from anywhere running on top of Microsoft’s world-class data center infrastructure. Utilizing Azure to run nested VMs is a great way to easily provision resources for DEV/TEST or even production use cases such as Hyper-V containers. Provisioning nested virtual machines running in Azure is easily accomplished with only a few steps, most of which can be done using PowerShell. This provides a great tool for Hyper-V administrators to provision nested resources not only on-premises but also in the Azure public cloud environment. This allows scaling resources and prod/dev/test environments almost infinitely.
Follow our Twitter and Facebook feeds for new releases, updates, insightful posts and more.