Thomas Prescher, Julian Stecklina · 2 min read

Nested Virtualization for the KVM Backend for VirtualBox

We're excited to share a new milestone for our KVM Backend for VirtualBox: nested virtualization is now supported. This means you can run virtual machines within other VMs, opening up new possibilities for testing and development environments. With nested virtualization, you can now run even more complex configurations, including HP Sure Click, enabling heightened security within virtualized environments.

Why Nested Virtualization

Increasingly, virtualization is an expected feature for a wide variety of scenarios. This creates the situation that a system is both likely to run in a virtual environment and that it needs virtualization for its core functions.

An example is HP Sure Click, a solution that isolates security-critical software, such as web browsers and e-mail clients, from the user’s normal environment. HP Sure Click uses virtualization to create so called micro-VMs to safely contain potentially malicious software.

A virtualization solution needs to support nested virtualization to allow software, such as HP Sure Click, to run in a virtual machine as well. With the popularity of virtual desktops, nested virtualization is crucial to offer the same security features to virtual desktop users as are offered for users of normal unvirtualized systems.

Together with fast graphics, nested virtualization is another puzzle piece to offer a modern desktop experience to users.

Available Now

Nested virtualization support for Intel systems is available today in our KVM Backend for VirtualBox. Follow the build instructions in the Github repository. Don’t forget to enable nested virtualization as described in the README to try it out.

Running a Ubuntu VM inside another Ubuntu VM with nested Qemu/KVM with our KVM-backend for VirtualBox.

What’s next?

Besides HP Sure Click in Windows, we have successfully tested Qemu/KVM running Ubuntu Linux inside of Ubuntu Linux and are continuously testing more combinations.

While implementing this feature, we encountered and resolved a complex issue that was causing Windows guests to blue-screen during bootup. The story behind it will be explained in another blog article. Stay tuned!