How to Setup Nested Virtualization for Azure VM/VHD

Lots of documents and blogs out there about setting up nested using an Azure Virtual Machine(VM), most of them confusing others do not setup nested correctly for Azure VMs.

This article is meant to simplify the process and get you on your way to your actual issue.

Scenario

You need an Azure nested environment to fix an OS issue on a broken Azure VM or created a custom image in Azure.

Prerequisite

Deploy a Dv3 and Ev3 series VM in Azure that supports nested virtualization, see article about the VM sizes here…

https://i.imgur.com/sXvPYmh.png
Image 1

Process

After Azure VM is deployed, into the Azure VM, open PowerShell as administrator and run command below to install the HyperV and DHCP server roles.

Install-WindowsFeature -Name DHCP,Hyper-V  –IncludeManagementTools
Output

https://i.imgur.com/cX5staN.png
Image 2

Once roles are installed without error restart Azure VM.

Shutdown -R

When Azure VM comes back up, into it, open PowerShell as an administrator and run commands below to configure the HyperV .

$switchName = "InternalNAT"
New-VMSwitch -Name $switchName -SwitchType Internal
New-NetNat –Name $switchName –InternalIPInterfaceAddressPrefix “192.168.0.0/24”
$ifIndex = (Get-NetAdapter | ? {$_.name -like "*$switchName)"}).ifIndex
New-NetIPAddress -IPAddress 192.168.0.1 -InterfaceIndex $ifIndex -PrefixLength 24

Commands above will create a HyperV internal switch, set nat rule and gateway for that switch. Please make sure all commands ran without errors, see sample output here.

If all the commands above are successful run commands below in the same PowerShell window to configure the DHCP Service.

Add-DhcpServerV4Scope -Name "DHCP-$switchName" -StartRange 192.168.0.50 -EndRange 192.168.0.100 -SubnetMask 255.255.255.0
Set-DhcpServerV4OptionValue -Router 192.168.0.1 -DnsServer 168.63.129.16
Restart-service dhcpserver

Commands above will create DHCP a scope for HyperV nat, assign IP, DNS IP for that scope on the DHCP service and restart dhcp service.

Please make sure all commands ran without errors, See sample output here.

If all the commands above are successful you can now create a VM in the nested virtualization environment using the InternalNAT switch.

This will give you a VM in the Azure VM the is setup for DHCP and has internet connection. The correct configuration for a nested environment to manage Azure VMs.

https://i.imgur.com/a1Pm5Ho.png
Image 3


OPTIONALLY

From on the Azure VM you can setup nat mapping so you can access service on the nested VM from the internet, for example RDP.

Create a NSG rule on the Azure VM

https://i.imgur.com/wv4tiPR.png
Image 4

On the Azure VM, open PowerShell as an administrator and run command below to configure nat mapping

Add-NetNatStaticMapping -NatName "InternalNat" -Protocol TCP -ExternalIPAddress 0.0.0.0 -InternalIPAddress 192.168.0.50 -InternalPort 3389 -ExternalPort 50000

Output

https://i.imgur.com/xRyFQnz.png
Image 5

On the nested VM enable RDP it is not yet enabled. Then from internet you should now be able to PortQuery or RDP to nested VM using port 50000

https://i.imgur.com/me40V13.png
Image 6

 

This article was originally published by Microsoft's Entra (Azure AD) Blog. You can find the original article here.