How to enable nested virtualization in Azure

We have already mentioned new Azure VM series Dv3 and Ev3 which enable running VMs inside Azure VMs or just nested virtualization. Today we are going to get it configured and to run our first nested VM in Azure.

But before we start, let’s review some Dv3 and Ev3 facts:

  • they introduce Hyper-Threading Technology running on the Intel® Broadwell E5-2673 v4 2.3GHz processor and Intel® Haswell 2.4 GHz E5-2673 v3
  • they made shift from physical core to virtual CPUs (thanks to HT technology) to support larger VM sizes
  • they are the first Azure VMs running on Windows Server 2016 hosts
  • Dv3 VMs are up to 64 vCPUs and 256 GB RAM
  • Ev3 VMs are up to 64 vCPUs and 432 Gb RAM
  • they are currently available only for certain regions (West Europe, US East, US West 2, Asia Pacific Southeast)
  • they already come with ExposeVirtualizationExtensions enabled. we don’t need to enable CPU extensions as we have to do for on-premises WS2016 hosts

To get started with “nesting” you need to create one or more Dv3/Ev3 VMs in Azure within compatible region. For quick demo purposes, I created D2S_V3  VM with Windows Server 2016 DC , standard managed disk with no data disks attached.

TIP: actually you can , for instance, create 2 or more VMs , add data disks and configure storage spaces between them to achieve higher IO performance.

Then you need to install Hyper-V role and restart VM to apply changes

Install-WindowsFeature Hyper-V -IncludeManagementTools -Restart

nested virtualization azure 1

Verify that Hyper-V role is installed and add internal switch. New adapter “vEthernet (switchname)” will be created under network connections list (ncpa.cpl)

Define a new IP address for this adapter (I’m using 192.168.0.0/24 subnet).  This network will be used as a NAT gateway for new VMs in order to allow internet access from nested VMs.

#Check Hyper-V role state
Get-WindowsFeature Hyper-V|ft InstallState, PostConfigurationNeeded

#Add new internal switch
New-VMSwitch -SwitchName "NSW01" -SwitchType Internal

# IP Configuration for vNIC
New-NetIPAddress -InterfaceAlias "vEthernet (NSW01)" -IPAddress 192.168.0.23 -PrefixLength 24

nested virtualization azure 2

Configure NAT rule to provide “access” to our nested VMs

New-NetNat -Name Nat_VM -InternalIPInterfaceAddressPrefix 192.168.0.0/24

image

Now our nested VMs can assign IP addresses from 192.168.0.0/24 subnet  (manual assignment). If you want to have dynamic IP assignment – create add. VM and configure DHCP.

When network configuration is done, add you first nested VM, run and check it’s status:

New-VM -Name Nested01 -MemoryStartupBytes 2GB -SwitchName NSW01 -Generation 2 -NewVHDSizeBytes 70GB -NewVHDPath C:\VMs\Nested01\OS.VHDX

nested virtualization azure 4

Using my Azure File share I installed WS2016 Essentials inside of Nested01 VM and configured IP address from subnet above. As you can see, after IP configuration my nested VM can access Internet via created NAT gateway previously (see ping output).

New-NetIPAddress -InterfaceAlias “Ethernet” -IPAddress 192.168.0.20 -DefaultGateway 192.168.0.23 -PrefixLength 24

Set-DnsClientServerAddress -InterfaceAlias Ethernet -ServerAddresses 8.8.8.8

nested virtualization azure 5

Final result (yeap, Simpsons again and again)

Homer – my Hyper-V host (Azure Dv3 VM)

Bart – nested VM (WS2016 Essentials)

nested virtualization azure 5

Cool? Go ahead and test Azure Stack using it’s deployment kit . I’ll cover it in my next posts. Keep in touch and happy Azure VMs nesting!

Nano Server future and Windows Server servicing channels

Nano Server has been presenting as an ideal Windows Server option for general infrastructure roles including Hyper-V and Storage since the RTM release. It’s been changed. Nano Server won’t be supported as an image for infrastructure-related roles deployed on physical/virtual machines and can be used only as container image.  So, now we need to step back and use Server Core again for roles like Hyper-V or Storage Spaces Direct.

It was confirmed yesterday by Erin Chapple, General Manager of Windows Server:

This next release will focus on making Nano Server the very best container image possible. From these changes, customers will now see the Nano Server images shrink in size by more than 50 percent, further decreasing startup times and improving container density. As part of this effort to focus on containers, we will be removing the functionality for infrastructure-related roles. Instead of using Nano Server for these scenarios, we recommend deploying the Server Core installation option, which includes all the roles and features you would need.

There are also some changes in the servicing model for Windows Server and System Center. There will be two primary release channels available to Windows Server customers, the Long-term Servicing Channel, and the new Semi-annual Channel in order to align with similar release and servicing models for Windows 10 and Office 365 ProPlus

In Long-term Servicing model, where a new major version of Windows Server is released every 2-3 years, users are entitled to 5 years of mainstream support, 5 years of extended support, and optionally 6 more years with Premium Assurance. This channel is appropriate for systems that require a longer servicing option and functional stability.

The new Semi-annual channel for Windows Server, Server Core and System Center will have new releases available twice a year, in spring and fall. Each release in this channel will be supported for 18 months from the initial release. Most of the features introduced in the Semi-annual Channel will be rolled up into the next Long-term Servicing Channel release of Windows Server. The editions, functionality, and supporting content might vary from release to release depending on customer feedback.

The Semi-annual Channel will be available to volume-licensed customers with Software Assurance, as well as via the Azure Marketplace or other cloud/hosting service providers and loyalty programs such as MSDN.

Both the Long-term Servicing Channel and the Semi-annual Channel releases will be supported with security updates and non-security updates distributed by servicing tools like WU, WSUS or SCCM

windows server servicing models

Windows Server has also become a member of Windows Insider Program. Pre-release builds of Windows Server will be available for download via the Windows Insider Program and the Windows Insider Program for Business. To join this program follow these steps