Amazon Web Services has enabled nested virtualization for a handful of EC2 instances.
Nested virtualization involves running a hypervisor inside another hypervisor. It is not an entirely bonkers idea because it offers the chance to create a test or simulation environment for the collection of linked VMs that makes up many enterprise IT setups. The technique can also be useful in production for containerised workloads, which often see tools like Kubernetes and Docker run in a VM, and every container running in its own VM.
Amazon suggests its new feature might come in handy “running emulators for mobile applications, simulating in-vehicle hardware for automobiles, and running Windows Subsystem for Linux on Windows workstations.”
AWS has allowed nested virtual machines on its bare metal instances for some time. In a Tuesday announcement revealed nested virtualization is now possible on its C8i, M8i, and R8i instances.
The thread – pardon the pun – linking the three instance types is their use of Xeon 6 processors, which Intel imbued with a new version of its Trust Domain Extensions (TDX) tech to improve isolation between a guest OS and hypervisor.
All EC2 instances run Amazon’s own Nitro hypervisor, which the cloud giant uses to parcel out its hardware into its various instance types. Nitro is invisible to users.
“To support nested virtualization, the Nitro System passes the processor extensions, such as Intel VT-x, to instances to facilitate running nested virtual machines,” states a user guide to the new offering. “The nested virtualization architecture consists of three layers: the physical AWS infrastructure and Nitro hypervisor (L0), your EC2 instance running a hypervisor (L1), and one or more virtual machines created within that instance (L2).”
AWS says it “currently” supports either Microsoft’s Hyper-V or the open source KVM as L1 hypervisors.
That leaves the door open to allow use of VMware’s ESXi, which is the most popular hypervisor for enterprise users, albeit one that its owner Broadcom is reluctant to license unless sold as part of its Cloud Foundation (VCF) private cloud suite. Maybe AWS can find a way to make that happen. The Register fancies Broadcom’s focus on VCF means the Amazon Elastic VMware Service will remain the only way to combine Cloudzilla and Virtzilla for the foreseeable future.
AWS is a little late to the nested virtualization party, as Azure and Google Cloud Platform already offer the feature. Google, however, only supports KVM. ®
