Tuesday, September 19, 2017

Azure Nested Virtualization

One of the things that Azure VMs currently don’t seem to allow is the ability to login to machines using just Azure AD credentials. So, how to overcome this issue but remain totally cloud based?

The solution is to use nested virtualisation in Azure which Microsoft recently announced here:

Nested Virtualization in Azure

Nested virtualization is only available on specific machines (See above link for details). One of these is the E_V3 series, which are currently not available in every region.

image image

Just for comparison, I looked at my usual ‘go to’ machine (a DS2_v2) and the supported E2S_V3. As you can see from the above the E2S_V3 is far better value, being cheaper and having more RAM.

This made me think that perhaps I should convert some of my stand alone test VMs into guest VMs in a nested arrangement. As long as I only use these machines together the compute cost would only be for the single host VM on which the multiple guests are running rather than multiple individual Azure VMs. Hmm…something to consider down the track.

image

So I ran up a E2S_V3 out of the West US 2 datacenter with Windows Server 2016 datacenter in the standard manner.

Once the server I up I simply went in and added the Hyper V role as you would with any Windows Server.

image

The feature installed and when complete I rebooted the server as required.

image

After the reboot I had access to the Hyper V Manager as you can see above, as with any Windows Server.

image

I now needed to create a new Hyper V Virtual Switch that would support NAT that my guests could connect to and then get access to the Internet.

To do this I needed to run 3 lines of PowerShell:

New-VMSwitch -SwitchName “NATSwitch” -SwitchType Internal

New-NetIPAddress -IPAddress 192.168.0.1 -PrefixLength 24 -InterfaceAlias “vEthernet (NATSwitch)”

New-NetNAT -Name “NATNetwork” -InternalIPInterfaceAddressPrefix 192.168.0.0/24

You can alter the IP addresses to suit.

image

Once this is complete if I now look in my Hyper V Manager I see a new virtual switch as shown above. I’ll use this to connect the network card of my VMs to.

At this point I’ll need to assign the IP addresses to my virtual machines manually. I can configure an appropriate DHCP server if I want but I’ll leave that for a future article.

image

So now I just create a VM on this server as I would normally. In this case I chose a Windows 10 Preview edition.

image

When complete I need to set a static IP until I get the DHCP server operating.

image

Voila, a nested VM in Azure connected to the Internet and ready for further testing.

I can’t tell you how much flexibility this is going to provide me. Not only can I now login to machines using Azure AD account but I can run up things like Windows 10S and (shock, horror) maybe even get SBS working as a guest. Now that would be really cool to achieve and I have added that to my ‘to do’ list. Watch for and article real soon!

Till then, all I can say is that Azure Nested Virtualization is super cool and really super cheap! Love the cloud!