Container inside Container: About Nested Virtualization in Windows

Earlier you could create parallel containers – as many as your main memory would allow and use them for different purposes. Microsoft has now released the feature of nested virtualization with its latest Insider Build numbered 10565. The feature of nested virtualization in Windows allows you to create containers inside containers. Though the feature is not yet perfect, here is what you need to know.

Virtualization using Hyper V

Windows supports Droka – that lets you create simple containers that you can use in parallel or create Hyber V containers that are considered better than simple containers. Though you can create Windows Containers in parallel, often they end up using the same libraries and resources. In this case, one or more of “Bad” containers may end create a jam by holding up resources and not releasing them for other containers to use. That is the only drawback that led to the introduction of Hyper V containers. Hyper V containers create everything separately for each virtual atmosphere. That is, even the OS is recreated and provided to the applications running in that virtual compartment. This means that there are not common virtual resources and hence no conflicts.

Nested virtualizations in Windows are made possible using Hyper V. You may try other things but Microsoft says that currently, the nested virtualization will work only with Hyper V containers. So you have to be careful to create one container and then create another inside the first container. If you try to use any other hypervisor or try to create another Hyper V container in parallel to what you’ve already created, it might not work. It raises a question in my mind though – are parallel containers not possible in Windows then? I will talk about it in the next section as well.

Nested Virtualization – What is it and how to implement it?

As said earlier, you can create a Hyper V container. This container will make sure that other hypervisors are not allowed to see it. That is, only the container will appear as the CPU and the actual CPU might not be visible to other hypervisors so that you cannot even create another container in parallel. The doubt, in this case, is whether you can create two or more Hyper V containers in parallel or you get to create containers only inside the first container that you created. Microsoft’s blog says that once you create a Hyper V container, it won’t allow other hypervisors to install any more Hyper V containers as they won’t be able to see the real CPU. You cannot create more containers outside the container you already created? Then, when you run other virtualizers, they will think that the container is the actual CPU and create a virtual container inside that container. That is nested virtualization – where you have containers inside containers – that too, each one completely independent of another: no shared libraries or drivers. Sounds good except for that one doubt of parallel containers. Here is the image I borrowed from Microsoft to demonstrate the working of nested virtualization

Coming to the implementation of the nested virtualization, there are a variety of factors to be checked. Some examples are: There are a host of issues at this point that Microsoft may take care of in later phases. But to try the nested virtualization, it has developed a PowerShell script that you can invoke from GitHub. Read: How to enable or disable Nested Virtualization for VMs in Hyper-V

Does Windows 11/10 support nested virtualization?

Yes, Windows 11 and Windows 10 support nested virtualization. For your information, it is not a software-based functionality and rather, it is a hardware feature. Having said that, your computer hardware must support SLAT or Second Level Address Translation. Otherwise, you cannot use nested virtualization on your computer.

How do I enable nested virtualization in Windows 11/10?

If you use Hyper-V to create a virtual machine, you may not need to enable or turn on any additional setting. On the other hand, if you use Virtual Box or VMware to create a virtual machine, you can find the respective setting. You need to turn them on before running the virtual machine so that you can create and use another virtual machine inside the virtual OS. To find out how to create Nested Virtualization Containers in Windows 10, and more, refer to this MSDN blog post.