How to Configure Windows Server 2016 Hyper-V Nested Virtualisation
Nested virtualisation is a feature introduced in Windows Server 2016 that allows a Hyper-V virtual machine to act as a Hyper-V host itself. In other words, you can run Hyper-V inside a Hyper-V VM. This capability is invaluable for lab environments, developer testing, training scenarios, containerised workloads such as Windows Containers with Hyper-V isolation, and enabling technologies like Device Guard or Credential Guard inside virtual machines. This tutorial covers the hardware requirements, how to enable nested virtualisation, and how to configure the virtual network for the nested VMs.
Requirements and Limitations
Nested virtualisation requires specific hardware and software conditions. The physical host must run Windows Server 2016 or Windows 10 Anniversary Update (version 1607) or later with the Hyper-V role. The physical processor must be an Intel processor that supports virtualisation extensions (VT-x and EPT). As of the initial Windows Server 2016 release, AMD processors are not supported for nested virtualisation. The guest VM (the one that will run Hyper-V) must also run Windows Server 2016 or Windows 10 Anniversary Update or later.
The guest VM must be a Generation 2 virtual machine. Generation 1 VMs do not support nested virtualisation. Additionally, the host machine must not be itself a virtual machine that lacks hardware virtualisation passthrough, though Azure and some other platforms do support nested virtualisation at their infrastructure level.
Step 1: Verify Host Hardware Virtualisation Support
On the physical Hyper-V host, confirm that hardware virtualisation is available and enabled:
Get-WmiObject -Class Win32_Processor | Select-Object Name, VirtualizationFirmwareEnabled, VMMonitorModeExtensionsBoth VirtualizationFirmwareEnabled and VMMonitorModeExtensions should return True. If not, enable Intel VT-x/VT-d in the system BIOS/UEFI.
Step 2: Shut Down the Target Virtual Machine
Nested virtualisation configuration changes require that the VM be in an off state. Shut down the VM before proceeding:
Stop-VM -VMName "NestedHyperVLab" -ForceStep 3: Enable Nested Virtualisation on the VM
Use the Set-VMProcessor cmdlet on the physical host to expose virtualisation extensions to the guest VM. This is the core command that enables nested virtualisation:
Set-VMProcessor -VMName "NestedHyperVLab" -ExposeVirtualizationExtensions $trueVerify the setting was applied:
Get-VMProcessor -VMName "NestedHyperVLab" | Select-Object VMName, ExposeVirtualizationExtensionsStep 4: Configure Memory for the Guest VM
If the guest VM uses dynamic memory, you must disable it before Hyper-V can be installed inside the VM. Nested Hyper-V requires static memory allocation because dynamic memory and nested virtualisation are incompatible.
Set-VMMemory -VMName "NestedHyperVLab" -DynamicMemoryEnabled $false -StartupBytes 4GBAllocate enough memory to the outer VM to accommodate both the guest operating system overhead and the memory requirements of the nested VMs you plan to run inside. A minimum of 4 GB is recommended for basic testing; 8 GB or more is preferable for practical lab use.
Step 5: Configure Networking for Nested VMs (MAC Spoofing)
Nested VMs need network connectivity. Because the nested VMs will generate their own MAC addresses that are different from the outer VM’s MAC address, you must enable MAC address spoofing on the outer VM’s virtual network adapter. Without this, the Hyper-V switch on the physical host will drop packets from the nested VMs.
Set-VMNetworkAdapter -VMName "NestedHyperVLab" -MacAddressSpoofing OnVerify the setting:
Get-VMNetworkAdapter -VMName "NestedHyperVLab" | Select-Object VMName, MacAddressSpoofingStep 6: Start the Guest VM and Install Hyper-V
Start the outer VM and connect to it via Hyper-V Manager or Enhanced Session mode. Inside the guest operating system, install the Hyper-V role:
Install-WindowsFeature -Name Hyper-V -IncludeManagementTools -RestartAfter the restart, Hyper-V will be operational inside the VM. You can now create virtual switches and nested VMs within the guest just as you would on a physical host.
Step 7: Create a Virtual Switch Inside the Nested Hyper-V Host
Inside the guest VM (the nested Hyper-V host), create an external virtual switch that connects to the guest’s physical-looking network adapter so nested VMs can access the network:
New-VMSwitch -Name "NestedExternalSwitch" -NetAdapterName "Ethernet" -AllowManagementOS $trueIf you only need nested VMs to communicate with each other and the nested host, an internal switch is sufficient:
New-VMSwitch -Name "NestedInternalSwitch" -SwitchType InternalStep 8: Configure Nested Virtualisation for Windows Containers
Nested virtualisation is also required when running Windows Containers with Hyper-V isolation mode inside a VM. After enabling nested virtualisation and installing the Hyper-V role, install the Containers feature inside the guest:
Install-WindowsFeature -Name ContainersThen install Docker using the official PowerShell provider:
Install-Module -Name DockerMsftProvider -Repository PSGallery -Force
Install-Package -Name docker -ProviderName DockerMsftProvider -Force
Restart-ComputerAfter restart, you can run containers with Hyper-V isolation inside the nested VM:
docker run --isolation=hyperv mcr.microsoft.com/windows/nanoserver:1809 cmd /c echo "Nested container working"Performance Considerations
Nested virtualisation introduces additional overhead because each virtual CPU instruction from the nested guest must traverse two layers of hypervisor translation. For production workloads this overhead is generally not acceptable, but for lab, training, and development purposes it is entirely practical. Allocate sufficient CPU resources to the outer VM using Set-VMProcessor with a generous ProcessorCount, and ensure the physical host is not overcommitted. Use SSD-backed storage to mitigate the additional latency from nested disk I/O.
Set-VMProcessor -VMName "NestedHyperVLab" -Count 4Nested virtualisation on Windows Server 2016 makes complex multi-VM lab environments accessible from a single physical machine, dramatically reducing infrastructure costs and complexity for testing and development purposes. By following the steps above, you can create a fully functional Hyper-V environment inside a Hyper-V VM with network connectivity and container support.
