Nested Virtualization for the KVM Backend for VirtualBox

Why Nested Virtualization

Increasingly, virtualization is an expected feature for a wide variety of scenarios. This creates the situation that a system is both likely to run in a virtual environment and that it needs virtualization for its core functions.

An example is HP Sure Click, a solution that isolates security-critical software, such as web browsers and e-mail clients, from the user’s normal environment. HP Sure Click uses virtualization to create so called micro-VMs to safely contain potentially malicious software.

A virtualization solution needs to support nested virtualization to allow software, such as HP Sure Click, to run in a virtual machine as well. With the popularity of virtual desktops, nested virtualization is crucial to offer the same security features to virtual desktop users as are offered for users of normal unvirtualized systems.

Together with fast graphics, nested virtualization is another puzzle piece to offer a modern desktop experience to users.

Available Now

Nested virtualization support for Intel systems is available today in our KVM Backend for VirtualBox. Follow the build instructions in the Github repository. Don’t forget to enable nested virtualization as described in the README to try it out.

Running a Ubuntu VM inside another Ubuntu VM with nested Qemu/KVM with our KVM-backend for VirtualBox.

What’s next?

Besides HP Sure Click in Windows, we have successfully tested Qemu/KVM running Ubuntu Linux inside of Ubuntu Linux and are continuously testing more combinations.

While implementing this feature, we encountered and resolved a complex issue that was causing Windows guests to blue-screen during bootup. The story behind it will be explained in another blog article. Stay tuned!