With Hyper-V it is possible to run VMs inside of VMs without needing to install third-party virtualization software. You might not have the need to run an entire Virtual Machine inside of another, but some upcoming security features of Windows 10 require Hyper-V to be enabled so this could be a way to have those security features on a Windows 10 VM that you otherwise would not be able to take advantage of. To begin, we need a physical Hyper-V host running at least Windows 10 1607 (Anniversary Update) or Windows Server 2016. Installing the Hyper-V role on Windows Server 2016:
- Go to Server Manager, and select the Manage menu in the top left.
- Select Add Roles and Features, and choose Role-based or feature-based installation and click Next.
- Select the server you wish to install the Hyper-V role on to.
- In the Server Roles window, select Hyper-V.
- Click Add Features to install the management tools.
- On the Virtual Switches window, choose which network adapter(s) will be used for the VMs to access the physical network.
- On the Virtual Machine Migration section, configure whether or not live migrations are enabled and what authentication to use.
- On the Default Stores section, configure the default storage locations for the Virtual Machine configurations files and VHDs.
- On the Confirmation section, select Install to install the Hyper-V role.
Once the Hyper-V role is installed, Windows will require a reboot. The management tools (if selected to be installed) will be accessible through Server Manager, or you can find Hyper-V Manager in Windows Administrative Tools pinned on the Start Menu. Installing the Hyper-V feature on Windows 10 1607 (Anniversary Update):
- Right click on the Start Button or press WIN + X and go to Programs and Features.
- On the left hand side, select Turn Windows features on or off.
- Select Hyper-V in the Windows Features window and click OK.
Installing the Hyper-V feature on Windows 10 1703 (Creators Update):
- Right click on the Start Button or press WIN + X and go to Apps and Features.
- In the Settings window, select the Programs and Features link under Related settings.
- On the left hand side, select Turn Windows features on or off.
- Select Hyper-V in the Windows Features window and click OK.
Windows will restart and Hyper-V will be installed. Any configuration will need to be done via the Management Tools. Hyper-V Manager is located under Windows Administrative Tools in the Start Menu programs list.
Virtual Hyper-V Host Installation
We need to create a VM to be the virtual Hyper-V host. For this example, I created a VM with 4GB of RAM, 4 vCPUs, and stored the VHD on a spinning HD, but I would recommend more RAM and using an SSD or dedicating physical storage to it if you plan on using this virtual Hyper-V host practically. Like the physical host, the OS will need to be at least Windows 10 1607 (Anniversary Update) or Windows Server 2016, but it doesn’t need to be the same as the host.
Enabling Virtualization For Virtual Machines
When the virtual Hyper-V host is installed, shut it down and start an elevated PowerShell (Run as Administrator) session on the physical Hyper-V host. You’ll need to run the command below to enable the VM to run Hyper-V. Please note: this a per-VM setting and doesn’t affect other VMs on the host.
|
|
Once the above command has been run, you can now install Hyper-V and create nested VM’s on the virtual Hyper-V host.
Networking
We must configure a way for the nested VM to access the network. We have two options: MAC address spoofing or setting up a NAT switch for the nested VMs. On a regular LAN MAC address spoofing should be all that is needed. I deployed Windows 10 1703 to a VM running inside the virtual Hyper-V host, from an MDT server. The VM received an IP address, communicated with the MDT server and joined the domain, without any issues. To enable MAC address spoofing, run the following command in an elevated PowerShell session on the physical Hyper-V host with the target VM being the virtual Hyper-V host.
|
|
Should MAC address spoofing not be suitable for your environment, the other option is to configure a virtual switch with NAT on the virtual Hyper-V host. Open up an elevated PowerShell session and run the following command. The IP addresses below are just examples.
|
|
Now we need to assign the network adapter that we’ve just created an IP address on the internal network. The IP addresses below are just examples.
|
|
This can also be done via the GUI. The above PowerShell command is setting a static IP address on a network adapter named vEthernet (V-Switch-NAT) that you would find in the Network Connections section of Windows 10 1607’s Control Panel. Each VM that is created within the virtual Hyper-V host will need to have an IP address, gateway and DNS information set manually; as we’ve created a new network separated from the network that the virtual Hyper-V host is on. The gateway IP will need to be the IP address assigned to the V-Switch-NAT adapter above. If you have any questions or comments, please leave them below.
-Mike