Sergey Nivens - Fotolia


Nested virtualization offers flexibility and cost savings

Although you can run into hypervisor and OS compatibility issues when trying to implement nested virtualization, if you do your due diligence, you'll realize significant benefits.

In and of itself, server virtualization is well-established, but it's still being improved upon with alternate approaches to resource abstraction and even by combining techniques to further optimize virtual environments. One approach to this is nested virtualization, which allows you to run a hypervisor within a VM. Get a handle on the ins and outs of this beneficial technology with these tips.

Why nested virtualization?

Nested virtualization can offer greater flexibility and cost savings because it allows you to use a variety of tools and to run more workloads without needing to purchase additional hardware. Through nested virtualization, you have the ability to use different hypervisors on the same server. In other words, VMs on the host hypervisor can run an alternate hypervisor type, giving you the option to utilize both server virtualization products and application virtualization platforms. When it comes to nesting levels, there are no technical limits, so it's important to clearly label nested VMs and hypervisors. Generally, there is no need to go beyond two levels, but, in the future, that might change with data center hosting or outsourcing scenarios.

Hypervisor compatibility

Changing a hypervisor version at one level can cause the OSes and nested hypervisors above it to become unstable.

While you're guaranteed greater flexibility with nested virtualization, that doesn't mean VMs created by one hypervisor will support all other hypervisor types. Before you implement nested virtualization, you should check vendor documentation to see what guests the host hypervisor will support and to see what hypervisors will work as guests. For example, VMware ESXi will support Microsoft Hyper-V, Citrix XenServer and Linux KVM, although, you do have to manually enable the feature in ESXi. The vendor documentation may even include workarounds for some incompatibilities. Just because a hypervisor type isn't listed in the vendor documentation doesn't mean it isn't supported; in that case, test it in a controlled environment to see what results you'll yield with the combination.

It's important to note that for some older hypervisors, you'll still need processor extensions, and that some combinations can't handle extended page tables. The OS version plays a factor in whether or not the nested virtualization deployment is successful as well. For example, VMware Workstation is known to cause startup problems when using x86 or x64 RHEL versions. However, newer hypervisor and OS versions aren't necessarily better. When you're testing the deployment, ensure that you benchmark everything. Changing a hypervisor version at one level can cause the OSes and nested hypervisors above it to become unstable. Also, if the hypervisor types aren't compatible, there's a good chance the performance of your nested VMs will suffer -- that is, if they even start up.

Hyper-V nested virtualization

As a new feature in Windows Server 2016 Hyper-V, nested virtualization might not add much to production environments, but its benefits are fully realized when creating dev/test environments, during employee training and as a private cloud alternative. By using nested virtualization instead of dedicating a specific physical server to the dev/test environment, you'll save money on hardware. When training new employees or upgrading to a new version of Hyper-V, nested virtualization provides an isolated environment without needing dedicated hardware. When used to create a private cloud, other departments will have the ability to create their own VMs while the admin retains control over resource consumption.

Hyper-V nested virtualization now provides support for containers, which is an intriguing benefit. With less overhead and more flexibility than VMs, containers are used to develop and deploy applications. The drawback of containers is that, because they share resources, such as OS files, directories and running services, they are less secure than isolated VMs. If a container is compromised, all other containers and the underlying OS can be compromised as well. Nesting a container within a VM combines the flexibility of containers with the security of VMs. Also, now that Windows Server 2016 Hyper-V includes nested virtualization and native containers, you no longer have to deploy containers using the Linux OS and Docker.

Next Steps

Select the best hypervisor based on these considerations

Learn about new Hyper-V features

Build and manage Windows Server containers

Dig Deeper on Server virtualization strategies and use cases