The author of article is Mikhail Komarov, MVP — Cloud and Datacenter Management
Good afternoon! The purpose of today's article — to tell about implementation of the enclosed virtualization on the Hyper-V platform. It is no secret that Hyper-V did not support the enclosed virtualization unlike other vendors. With an output of assembly of Windows Server 2016 Technical Preview 4 (TP4) which is intended for persons interested to try new functionality the situation changed. Demonstrations of the enclosed virtualization can be seen in record of the report "One report, one notebook, one data-center" of action of Microsoft TechDay 2015.
All demonstrations were carried out on HP Blade Gen 8, with the basic Intel Xeon E5 2670 processor and the random access memory capacity of 32 GB.
The choice of this system was caused by desire to show how low can be a threshold of entry in technology of virtualization. Generally the normal system to today's measures when the majority of the house has Intel Core i3 above, and random access memory capacity starts from 8GB. It means that you if necessary will be able to use the enclosed virtualization.
Let's remind classical option of virtualization. If at us the physical host with support of technology of virtualization is of a chipset and the processor and the necessary options included in BIOS at the level, then we receive the following picture:
At zero level there is a physical host here, and at the first level — the thin layer of the software called by a hypervisor. Also at the first level there is a section with a root operating system and sections for virtual computers. Let's illustrate with use of the utility of CoreInfo from Mark Russinovich behavior of the parameters of the processor connected with virtualization. The first several lines of work of the utility CoreInfo are given in the table.
Before inclusion of a role of Hyper-V in an operating system the processor parameter connected with virtualization was transferred. It is visible on two lines in the left part of the table. The first parameter — lack of a hypervisor, the second – the flag responsible for virtualization. After inclusion of a role of a hypervisor we will look at properties of the processor in the root section again and we will see the following: the hypervisor is included, and the flag connected with virtualization is not broadcast in the section of a root operating system. Also we will pay attention to Microprocessor signature value which in our case 0000710 and is connected with the physical processor.
Let's pass to the enclosed virtualization.
From drawing it is visible that it is necessary to forward the flag connected with virtualization in guest OS. That is, generally, we have to report to a hypervisor at the first level that it is necessary to include support of virtualization in the separated processor for the virtual computer. For this purpose it is necessary to start a script which changes some properties of the virtual computer. One of the main properties which changes a script, this behavior of the processor of the virtual computer.//Set-VMProcessor - $vmName VMName - $true ExposeVirtualizationExtensions//. About other parameters we will talk a bit later. Let's illustrate behavior of the parameters of the processor connected with virtualization on the virtual computer. In the table the first several lines of work of the utility CoreInfo are displayed.
From the table it is visible that the virtual computer "understands" that it works from under a hypervisor. But before start of a script the flag connected with virtualization is not transferred. Further fulfilled a script which changed properties of our virtual computer and its processor and the flag connected with virtualization appeared. Further we included Hyper-V role, after that there was a thin layer of virtualization and our operating system moved to the root section, the flag of virtualization disappeared. Also we will pay attention to Microprocessor signature value which in our case became FFFFFFFF that indicates virtualization of the processor. Further we created the virtual computer in the virtual computer and for purity of experiment started the utility of CoreInfo.
In general, the expected result — presence of a hypervisor and lack of a flag of virtualization at the first stage and presence of a flag of virtualization on the second. As a result we have here such solution.
Settings and restrictions
Now we will talk about some restrictions of this technology in TP4 for the included enclosed virtualization at the first virtual machine level:
- Support is implemented only for Intel processors with support of EPT (SLAT) so far.
- The dynamic memory has to be disconnected.
- Size variation of memory leads to errors.
- Pictures on the working virtual computer are not admissible.
- Live migration leads to errors.
- Saving, recovery can lead to errors.
- It is necessary to include MAC spoofing in properties of the network adapter.
The step-by-step instruction looks so:
- We set assembly on a physical host, with the included virtualization parameters.
- We create the virtual computer in which we will include virtualization. It is desirable to select to this machine of not less 4GB of random access memory, otherwise it is necessary to correct a script. The virtual computer has to be switched off!
- We start a script on a physical host, entering a name of earlier created virtual computer. The link to a script is in the end of article.
- We include Hyper-V role in the virtual computer.
- We create the new virtual computer, using Hyper-V manager in earlier created virtual computer.
As a result we have a solution which will allow to do many things on one physical host. For example, the cluster collected from Hyper-V of hosts that will reduce quantity of the used equipment as the house, and in educational classes.
Windows Server Technical Preview
The announcement of support to the enclosed virtualization from product group (English)
Link to the utility of CoreInfo
Link to a script to GitHub
Thanks for attention,
MVP — Cloud and Datacenter Management
This article is a translation of the original post at habrahabr.ru/post/273791/
If you have any questions regarding the material covered in the article above, please, contact the original author of the post.
If you have any complaints about this article or you want this article to be deleted, please, drop an email here: email@example.com.
We believe that the knowledge, which is available at the most popular Russian IT blog habrahabr.ru, should be accessed by everyone, even though it is poorly translated.
Shared knowledge makes the world better.