Walkthrough: Configuring Hyper-V For Support Of Nested Virtual Machines

With Hyper-V it is possible to run VMs inside of VMs without needing to install third-party virtualization software. You might not have the need to run an entire Virtual Machine inside of another, but some upcoming security features of Windows 10 require Hyper-V to be enabled so this could be a way to have those security features on a Windows 10 VM that you otherwise would not be able to take advantage of.

To begin, we need a physical Hyper-V host running at least Windows 10 1607 (Anniversary Update) or Windows Server 2016.

Installing the Hyper-V role on Windows Server 2016:

  • Go to Server Manager, and select the Manage menu in the top left.
  • Select Add Roles and Features, and choose Role-based or feature-based installation and click Next.
  • Select the server you wish to install the Hyper-V role on to.
  • In the Server Roles window, select Hyper-V.
  • Click Add Features to install the management tools.
  • On the Virtual Switches window, choose which network adapter(s) will be used for the VMs to access the physical network.
  • On the Virtual Machine Migration section, configure whether or not live migrations are enabled and what authentication to use.
  • On the Default Stores section, configure the default storage locations for the Virtual Machine configurations files and VHDs.
  • On the Confirmation section, select Install to install the Hyper-V role.

Once the Hyper-V role is installed, Windows will require a reboot. The management tools (if selected to be installed) will be accessible through Server Manager, or you can find Hyper-V Manager in Windows Administrative Tools pinned on the Start Menu.

Installing the Hyper-V feature on Windows 10 1607 (Anniversary Update):

  • Right click on the Start Button or press WIN + X and go to Programs and Features.
  • On the left hand side, select Turn Windows features on or off.
  • Select Hyper-V in the Windows Features window and click OK.

Installing the Hyper-V feature on Windows 10 1703 (Creators Update):

  • Right click on the Start Button or press WIN + X and go to Apps and Features.
  • In the Settings window, select the Programs and Features link under Related settings.
  • On the left hand side, select Turn Windows features on or off.
  • Select Hyper-V in the Windows Features window and click OK.

Windows will restart and Hyper-V will be installed. Any configuration will need to be done via the Management Tools. Hyper-V Manager is located under Windows Administrative Tools in the Start Menu programs list.

Virtual Hyper-V Host Installation

We need to create a VM to be the virtual Hyper-V host. For this example, I created a VM with 4GB of RAM, 4 vCPUs, and stored the VHD on a spinning HD, but I would recommend more RAM and using an SSD or dedicating physical storage to it if you plan on using this virtual Hyper-V host practically. Like the physical host, the OS will need to be at least Windows 10 1607 (Anniversary Update) or Windows Server 2016, but it doesn’t need to be the same as the host.

Enabling Virtualization For Virtual Machines

When the virtual Hyper-V host is installed, shut it down and start an elevated PowerShell (Run as Administrator) session on the physical Hyper-V host. You’ll need to run the command below to enable the VM to run Hyper-V. Please note: this a per-VM setting and doesn’t affect other VMs on the host.

Set-VMProcessor -VMName virtual-hyperv-host -ExposeVirtualizationExtensions $true

Once the above command has been run, you can now install Hyper-V and create nested VM’s on the virtual Hyper-V host.

Networking

We must configure a way for the nested VM to access the network. We have two options: MAC address spoofing or setting up a NAT switch for the nested VMs.

On a regular LAN MAC address spoofing should be all that is needed. I deployed Windows 10 1703 to a VM running inside the virtual Hyper-V host, from an MDT server. The VM received an IP address, communicated with the MDT server and joined the domain, without any issues.

To enable MAC address spoofing, run the following command in an elevated PowerShell session on the physical Hyper-V host with the target VM being the virtual Hyper-V host.

Get-VMNetworkAdapter -VMName virtual-hyperv-host | Set-VMNetworkAdapter -MacAddressSpoofing On

Should MAC address spoofing not be suitable for your environment, the other option is to configure a virtual switch with NAT on the virtual Hyper-V host.

Open up an elevated PowerShell session and run the following command. The IP addresses below are just examples.

New-VMSwitch -Name V-Switch-NAT -SwitchType Internal
New-NetNat –Name LocalNAT –InternalIPInterfaceAddressPrefix 192.168.100.0/24

Now we need to assign the network adapter that we’ve just created an IP address on the internal network. The IP addresses below are just examples.

Get-NetAdapter "vEthernet (V-Switch-NAT)" | New-NetIPAddress -IPAddress 192.168.100.1 -AddressFamily IPv4 -PrefixLength 24

This can also be done via the GUI. The above PowerShell command is setting a static IP address on a network adapter named vEthernet (V-Switch-NAT) that you would find in the Network Connections section of Windows 10 1607’s Control Panel.

Each VM that is created within the virtual Hyper-V host will need to have an IP address, gateway and DNS information set manually; as we’ve created a new network separated from the network that the virtual Hyper-V host is on. The gateway IP will need to be the IP address assigned to the V-Switch-NAT adapter above.

I hope this has helped you out in some way. If you’d like to get in touch with me, please leave a comment or tweet me.

-Mike

Follow Mike on Twitter – @Digressive

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s