[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Nested Virtualization of Hyper-V on Xen Not Working

Yes, definitely TooMuchInformation.

  I hope that single hardware test kit VHD download imports into xen, runs, and gives us a starting point and clear work items.  

On Sat, Jul 24, 2021 at 9:47 PM Xentrigued <xentrigued@xxxxxxxxxxx> wrote:

First and foremost, many thanks for your thoughtful and thorough response and also for providing a multitude of genuinely helpful information!


Secondly:  Wow, that’s quite a homework assignment!!


I will absolutely begin to work my way through the resources you cited and will report back once some of those tests have been completed.  You’ve given me an excellent starting point for further inquiry.


To be very honest, I wasn’t sure where to turn next in the event that no member of this august body had anything to say about this.  (It’s kind of intimidating and not unlike going before the Wizard of Oz.)


So again, thank you so much for all of the good information and also for your kindness in reaching out.


From: Rob Townley <rob.townley@xxxxxxxxx>
Sent: Saturday, July 24, 2021 9:33 PM
To: Xentrigued <xentrigued@xxxxxxxxxxx>
Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx
Subject: Re: Nested Virtualization of Hyper-V on Xen Not Working


I encourage you to run the Windows Hardware Lab Kit 11/02/2018 or HLK or maybe try the VHLK.  The VHLK is a free VHD file download of win2016 that has all the tests necessary built-in.  So you could manually download the test kit on your existing Windows VM or attempt the VHD.   "Default login credentials are HLKAdminUser with password Testpassword,1"   


Please post the results.   Citrix 8.1 and 8.2 are listed as validated and so would be very interesting to see any differences in test results running XCP-ng 8.2 and Citrix 8.2.  


Why run the hardware lab kit in a virtualized environment and directly on the underlying hardware?  Because those tests are used to validate for the SVVP.   Microsoft has something similar to their Hardware Compatibility List, aka HCL.   SVVP is Microsoft's Server Virtualization Validation Program.   SVVP validates that Windows Operating Systems and APPS run on top of other hypervisors and once validated will receive technical support.  SVVP has been around for over a decade but has of course changed over the years.   Recently,  it has been making news because Win11 / Win2022 requires a TPM 2.0 chip, but XCP-NG XEN does not yet support that.    If the hypervisor is SVVP certified, then running MS Hyper-V Windows on top of any validated hypervisor would be much more likely to work and possibly supported directly by MS and tsanet.org.  Canonical and RedHat are in tsanet, but would like to see the Linux Foundation or Vates itself. 




On Tue, Jul 20, 2021 at 11:12 PM Xentrigued <xentrigued@xxxxxxxxxxx> wrote:

RATIONALE: Features in recent versions of Windows now REQUIRE Hyper-V
support to work.  In particular, Windows Containers, Sandbox, Docker Desktop
and the Windows Subsystem for Linux version 2 (WSL2).  Running Windows in a
VM as a development and test platform is currently a common requirement for
various user segments and will likely become necessary for production in the
future.  Nested virtualization of Hyper-V currently works on VMware ESXi,
Microsoft Hyper-V and KVM-based hypervisors.  This puts Xen and its
derivatives at a disadvantage when choosing a hypervisor.

WHAT IS NOT WORKING?  Provided the requirements set forth in:
https://wiki.xenproject.org/wiki/Nested_Virtualization_in_Xen have been met,
an hvm guest running Windows 10 PRO Version 21H1 x64 shows that all four
requirements for running Hyper-V are available using the msinfo32.exe or
systeminfo.exe commands.  More granular knowledge of the CPU capabilities
exposed to the guest can be observed using the Sysinternals Coreinfo64.exe
command.  CPUID flags present appear to mirror those on other working nested
hypervisor configurations.

Enabling Windows Features for Hyper-V, Virtual Machine Platform, etc. all
appear to work without error.  However, after the finishing reboot, Hyper-V
is simply not active.  This--despite the fact that vmcompute.exe (Hyper-V
host compute service) is running and there are no errors in the logs.  In
addition, all four Hyper-V prerequisites continue to show as available.

By contrast, after the finishing reboot of an analogous Windows VM running
on ESXi, the four prerequisites are reversed:  hypervisor is now active;
vmx, ept and urg (unrestricted guest) are all off as viewed with the
Coreinfo64.exe -v command.  Furthermore, all functions requiring Hyper-V are
now active and working as expected.

This deficiency has been observed in two test setups running Xen 4.15 from
source and XCP-ng 8.2, both running on Intel with all of the latest,
generally available patches.  We presume that the same behavior is present
on Citrix Hypervisor 8.2 as well.

Clearly, much effort has already been expended to support the Viridian
enlightenments that optimize running Windows on Xen.  It also looks like a
significant amount of effort has been put forth to advance nested
virtualization in general.

Therefore, if it would be helpful, I am willing to perform testing and
provide feedback and logs as appropriate in order to help get this working.

While my day job is managing a heterogeneous collection of systems running
on various hypervisors, I have learned the rudiments of integrating patches
and rebuilding Xen from source so could no doubt be useful in assisting you
with this worthwhile endeavor.



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.