Nested Virtualization
From Whonix
Introduction[edit]
It is possible to run virtual machines (VMs) inside other VMs. That is called nested virtualization: [1]
Nested virtualization refers to virtualization that runs inside an already virtualized environment. In other words, it's the ability to run a hypervisor inside of a virtual machine (VM), which itself runs on a hypervisor.
With nested virtualization, you're effectively nesting a hypervisor within a hypervisor. The hypervisor running the main virtual machine is considered a level 0, or LO hypervisor, and the initial hypervisor running inside the virtual machine is referred to as a level 1 or L1 hypervisor. Further nested virtualization would result in a level 2 (L2) hypervisor inside the nested VM, then a level 3 (L3) hypervisor within that nested VM, and so forth.
Not all hypervisors and operating systems support nested virtualization. Hypervisors that do support nested virtualization include KVM and VMware ESXi hypervisors (called Nested ESXi). Nested ESXi also supports Hyper-V, Xen and KVM guest hypervisors as of ESXi version 6.0.
Qubes[edit]
Running VirtualBox, KVM or Qubes inside Qubes is difficult and is not offically supported by the Qubes developers; this is unrelated to Whonix ™. To learn more about the current state of support, search the qubes-devel [archive] and qubes-users [archive] mailing lists for terms such as VirtualBox, KVM and/or nested virtualization.
KVM[edit]
See Nested KVM Virtualization.
VirtualBox inside VirtualBox[edit]
First change your host key: VirtualBox → Preferences → Input → Host Key. The "outside" and the "inside" Host Key must differ, otherwise you can not leave the "inside" VM anymore.
Using ACPI [2] and IOAPIC [3] [4] for all VMs significantly speeds up the "inside" VM. These settings are in use for Whonix ™ VMs by default.
VirtualBox only partially supports VT-in-VT -- nested AMD-V is functional (although not feature complete), while nested VT-x for Intel CPUs is still a work-in-progress. [5] Therefore the "inside" VM might be slow depending on your host's make and performance. For Intel CPUs, in the "inside" VM, disable VT: VirtualBox → right-click on VM → Settings → System → Acceleration → uncheck "Enable VT-x/AMD-V"
Forum discussion:
https://forums.whonix.org/t/nested-visualization-with-whonix-vbox-windows-7-inside-whonix-ws [archive]
See Also[edit]
Footnotes[edit]
- ↑ https://www.webopedia.com/TERM/N/nested-virtualization.html [archive]
- ↑
vboxmanage "Whonix-Workstation" modifyvm --acpi on
- ↑
VirtualBox→right-click on VM→Settings→System→uncheck "Enable IO APIC" - ↑
vboxmanage "Whonix-Workstation" modifyvm --ioapic on
- ↑ https://www.virtualbox.org/ticket/4032 [archive]
Whonix ™ is Supported by Evolution Host DDoS Protected VPS. Stay private and get your VPS with Bitcoin or Monero.
Have you read our Documentation [archive], Technical Design [archive] and Developer Portal [archive] links yet?
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.
Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)
Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].
Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.
By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint.