如何在 Azure VM 中启用嵌套虚拟化How to enable nested virtualization in an Azure VM

多个 Azure 虚拟机系列支持嵌套虚拟化。Nested virtualization is supported in several Azure virtual machine families. 此功能可在支持开发、测试、培训和演示环境等方面提供极大的灵活性。This capability provides great flexibility in supporting scenarios such as development, testing, training, and demonstration environments.

本文逐步介绍如何在 Azure VM 上启用 Hyper-V,并配置到该来宾虚拟机的 Internet 连接。This article steps through enabling Hyper-V on an Azure VM and configuring Internet connectivity to that guest virtual machine.

创建支持嵌套的 Azure VMCreate a nesting capable Azure VM

创建新的 Windows Server 2016 Azure VM。Create a new Windows Server 2016 Azure VM. 有关支持嵌套的虚拟机大小的完整列表,请查看 Azure 计算单位一文。For a complete list of virtual machine sizes that support nesting, check out the Azure Compute Unit article.

请记住选择足够大的 VM 大小来支持来宾虚拟机的需求。Remember to choose a VM size large enough to support the demands of a guest virtual machine. 在此示例中,我们将使用 D3_v3 大小的 Azure VM。In this example, we are using a D3_v3 size Azure VM.

可以在此处查看 Dv3 或 Ev3 系列虚拟机的区域可用性。You can view the regional availability of Dv3 or Ev3 series virtual machines here.

备注

有关创建新虚拟机的详细说明,请参阅使用 Azure PowerShell 模块创建和管理 Windows VMFor detailed instructions on creating a new virtual machine, see Create and Manage Windows VMs with the Azure PowerShell module

连接到 Azure VMConnect to your Azure VM

创建与虚拟机的远程桌面连接。Create a remote desktop connection to the virtual machine.

  1. 单击虚拟机属性上的“连接” 按钮。Click the Connect button on the virtual machine properties. 此时会创建和下载远程桌面协议文件(.rdp 文件)。A Remote Desktop Protocol file (.rdp file) is created and downloaded.

  2. 若要连接到 VM,请打开下载的 RDP 文件。To connect to your VM, open the downloaded RDP file. 出现提示时,请单击“连接”。If prompted, click Connect. 在 Mac 上,需要一个 RDP 客户端,例如 Mac 应用商店提供的这个远程桌面客户端On a Mac, you need an RDP client such as this Remote Desktop Client from the Mac App Store.

  3. 输入在创建虚拟机时指定的用户名和密码,并单击“确定”。Enter the user name and password you specified when creating the virtual machine, then click Ok.

  4. 你可能会在登录过程中收到证书警告。You may receive a certificate warning during the sign-in process. 单击“是”或“继续”继续进行连接。Click Yes or Continue to proceed with the connection.

启用 Azure VM 上的 HYPER-V 功能Enable the Hyper-V feature on the Azure VM

你可以手动配置这些设置,或者使用我们提供的 PowerShell 脚本来自动完成配置。You can configure these settings manually or we have provided a PowerShell script to automate the configuration.

选项 1:使用 PowerShell 脚本配置嵌套虚拟化Option 1: Use a PowerShell script to configure nested virtualization

GitHub 上提供了用于在 Windows Server 2016 主机上启用嵌套虚拟化的 PowerShell 脚本。A PowerShell script to enable nested virtualization on a Windows Server 2016 host is available on GitHub. 该脚本将首先检查先决条件,然后在 Azure VM 上配置嵌套虚拟化。The script checks pre-requisites and then configures nested virtualization on the Azure VM. 必须重启 Azure VM 才能完成配置。A restart of the Azure VM is necessary to complete the configuration. 此脚本在其他环境中也可以运行,但不能保证。This script may work in other environments but is not guaranteed. 有关在 Azure 上运行嵌套虚拟化的现场视频演示,请查看 Azure 博客文章!Check out the Azure blog post with a live video demonstration on nested virtualization running on Azure! https://aka.ms/AzureNVblog 。https://aka.ms/AzureNVblog.

选项 2:手动配置嵌套虚拟化Option 2: Configure nested virtualization manually

  1. 在 Azure VM 上,以管理员身份打开 PowerShell。On the Azure VM, open PowerShell as an Administrator.

  2. 启用 HYPER-V 功能和管理工具。Enable the Hyper-V feature and Management Tools.

    Install-WindowsFeature -Name Hyper-V -IncludeManagementTools -Restart
    

    警告

    此命令将重启 Azure VM。This command restarts the Azure VM. 在重启过程中将失去 RDP 连接。You will lose your RDP connection during the restart process.

  3. Azure VM 重启后,请使用 RDP 重新连接 VM。After the Azure VM restarts, reconnect to your VM using RDP.

设置来宾虚拟机的 Internet 连接Set up internet connectivity for the guest virtual machine

为来宾虚拟机创建新虚拟网络适配器,并配置 NAT 网关以启用 Internet 连接。Create a new virtual network adapter for the guest virtual machine and configure a NAT Gateway to enable Internet connectivity.

创建 NAT 虚拟网络交换机Create a NAT virtual network switch

  1. 在 Azure VM 上,以管理员身份打开 PowerShell。On the Azure VM, open PowerShell as an Administrator.

  2. 创建内部交换机。Create an internal switch.

    New-VMSwitch -Name "InternalNAT" -SwitchType Internal
    
  3. 查看交换机的属性,并记下新适配器的 ifIndex。View the properties of the switch and note the ifIndex for the new adapter.

    Get-NetAdapter
    

    NetAdapter

    备注

    记下你刚创建的虚拟交换机的“ifIndex”。Take note of the "ifIndex" for the virtual switch you just created.

  4. 为 NAT 网关创建 IP 地址。Create an IP address for the NAT Gateway.

若要配置网关,需要一些有关你网络的信息:In order to configure the gateway, you need some information about your network:

  • IPAddress - NAT 网关 IP 指定要用作虚拟网络子网的默认网关地址的 IPv4 或 IPv6 地址。IPAddress - The NAT Gateway IP specifies the IPv4 or IPv6 address to use as the default gateway address for the virtual network subnet. 常规形式为 a.b.c.1(例如,“192.168.0.1”)。The generic form is a.b.c.1 (for example, "192.168.0.1"). 尽管最后一个位置不一定是 .1,但通常是 1(基于前缀长度)。While the final position doesn't have to be .1, it usually is (based on prefix length). 通常情况下,应使用 RFC 1918 专用网络地址空间。Typically you should use an RFC 1918 private network address space.

  • PrefixLength - 子网前缀长度定义本地子网大小(子网掩码)。PrefixLength - The subnet prefix length defines the local subnet size (subnet mask). 子网前缀长度将介于 0 到 32 之间的一个整数值。The subnet prefix length will be an integer value between 0 and 32. 0 将映射整个 Internet,32 则只允许一个映射的 IP。0 would map the entire internet, 32 would only allow one mapped IP. 常用值范围从 24 到 12,具体要取决于多少 IP 需要附加到 NAT。Common values range from 24 to 12 depending on how many IPs need to be attached to the NAT. 常用 PrefixLength 为 24 -- 这是子网掩码 255.255.255.0。A common PrefixLength is 24 -- this is a subnet mask of 255.255.255.0.

  • InterfaceIndex - ifIndex 是上一步中创建的虚拟交换机的接口索引。InterfaceIndex - ifIndex is the interface index of the virtual switch created in the previous step.

    New-NetIPAddress -IPAddress 192.168.0.1 -PrefixLength 24 -InterfaceIndex 13
    

创建 NAT 网络Create the NAT network

若要配置网关,将需要提供有关网络和 NAT 网关的信息:In order to configure the gateway, you will need to provide information about the network and NAT Gateway:

  • Name - 这是 NAT 网络的名称。Name - This is the name of the NAT network.
  • InternalIPInterfaceAddressPrefix - NAT 子网前缀描述了上述 NAT 网关 IP 前缀,以及上述 NAT 子网前缀长度。InternalIPInterfaceAddressPrefix - The NAT subnet prefix describes both the NAT Gateway IP prefix from above as well as the NAT Subnet Prefix Length from above. 常规形式将为 a.b.c.0/NAT 子网前缀长度。The generic form will be a.b.c.0/NAT Subnet Prefix Length.

在 PowerShell 中,创建一个新的 NAT 网络。In PowerShell, create a new NAT network.

New-NetNat -Name "InternalNat" -InternalIPInterfaceAddressPrefix 192.168.0.0/24

创建来宾虚拟机Create the guest virtual machine

重要

Azure 来宾代理在嵌套 VM 上不受支持,并且可能会在主机和嵌套 VM 上导致问题。The Azure guest agent is not supported on nested VMs, and may cause issues on both the host and nested VMs. 请勿在嵌套 VM 上安装 Azure 代理,也不要使用映像创建已安装 Azure 来宾代理的嵌套 VM。Don't install the Azure agent on nested VMs, and don't use an image for creating the nested VMs that already has the Azure guest agent installed.

  1. 打开 Hyper-V 管理器并创建新的虚拟机。Open Hyper-V Manager and create a new virtual machine. 配置虚拟机以使用你创建的新内部网络。Configure the virtual machine to use the new Internal network you created.

    NetworkConfig

  2. 在来宾虚拟机上安装操作系统。Install an operating system on the guest virtual machine.

    备注

    你需要将操作系统的安装媒体安装到 VM 上。You need installation media for an operating system to install on the VM. 在这种情况下,我们将使用 Windows 10 企业版。In this case we are using Windows 10 Enterprise.

向来宾虚拟机分配 IP 地址Assign an IP address to the guest virtual machine

你可以通过手动设置来宾虚拟机上的静态 IP 地址向来宾虚拟机分配 IP 地址,也可以在 Azure VM 上配置 DHCP 来动态分配 IP 地址。You can assign an IP address to the guest virtual machine either by manually setting a static IP address on the guest virtual machine or configuring DHCP on the Azure VM to assign the IP address dynamically.

选项 1:配置 DHCP 以将 IP 地址动态分配给来宾虚拟机Option 1: Configure DHCP to dynamically assign an IP address to the guest virtual machine

按照下面的步骤在主机虚拟机上配置 DHCP,以实现动态地址分配。Follow the steps below to configure DHCP on the host virtual machine for dynamic address assignment.

在 Azure VM 上安装 DHCP 服务器Install DHCP Server on the Azure VM

  1. 打开服务器管理器。Open Server Manager. 在仪表板中,单击“添加角色和功能” 。On the Dashboard, click Add roles and features. 随即会出现“添加角色和功能”向导。The Add Roles and Features Wizard appears.

  2. 在向导中,单击“下一步” ,直到出现“服务器角色”页。In wizard, click Next until the Server Roles page.

  3. 单击以选择“DHCP 服务器” 复选框,然后依次单击“添加功能” 和“下一步” ,直至完成向导。Click to select the DHCP Server checkbox, click Add Features, and then click Next until you complete the wizard.

  4. 单击“安装” 。Click Install.

配置新的 DHCP 作用域Configure a new DHCP scope

  1. 打开 DHCP 管理器。Open DHCP Manager.

  2. 在导航窗格中,展开服务器名称,右键单击“IPv4” ,然后单击“新作用域” 。In the navigation pane, expand the server name, right-click IPv4, and click New Scope. “新作用域”向导出现后,单击“下一步” 。The New Scope Wizard appears, click Next.

  3. 输入作用域的名称和说明,然后单击“下一步” 。Enter a Name and Description for the scope and click Next.

  4. 为 DHCP 服务器定义 IP 范围(例如,192.168.0.100 到 192.168.0.200)。Define an IP Range for your DHCP Server (for example, 192.168.0.100 to 192.168.0.200).

  5. 单击“下一步” 直到出现“默认网关”页。Click Next until the Default Gateway page. 输入之前创建的 IP 地址(例如,192.168.0.1)作为默认网关,然后单击“添加” 。Enter the IP Address you created earlier (for example, 192.168.0.1) as the Default Gateway, then click Add.

  6. 单击“下一步” 直到完成向导,保留所有默认值,然后单击“完成” 。Click Next until the wizard completes, leaving all default values, then click Finish.

选项 2:在来宾虚拟机上手动设置静态 IP 地址Option 2: Manually set a static IP address on the guest virtual machine

如果未配置 DHCP 以向来宾虚拟机动态分配 IP 地址,请按照以下步骤设置静态 IP 地址。If you did not configure DHCP to dynamically assign an IP address to the guest virtual machine, follow these steps to set a static IP address.

  1. 在 Azure VM 上,以管理员身份打开 PowerShell。On the Azure VM, open PowerShell as an Administrator.

  2. 右键单击来宾虚拟机,然后单击“连接”。Right-click the guest virtual machine and click Connect.

  3. 登录到来宾虚拟机。Sign in to the guest virtual machine.

  4. 在来宾虚拟机中,打开“网络和共享中心”。On the guest virtual machine, open the Network and Sharing Center.

  5. 为上一节中创建的 NAT 网络范围内的地址配置网络适配器。Configure the network adapter for an address within the range of the NAT network you created in the previous section.

在此示例中,将使用 192.168.0.0/24 范围内的地址。In this example you will use an address in the 192.168.0.0/24 range.

在来宾虚拟机中测试连接Test connectivity in guest virtual machine

在来宾虚拟机中,打开浏览器并导航到网页。In the guest virtual machine, open your browser and navigate to a web page. GuestVM

有关如何在来宾 VM 和 Azure VM 之间启用透明连接的说明,请参阅此文档For instructions on how to enable transparent connectivity between Guest VMs and Azure VMs, please reference this document.