What is Virtualization for Windows 10?

One of the features included in Windows 10 is the ability to create virtual machines. A virtual machine is a packaged operating system that can run on top of a “host” operating system. Virtualization allows the same host to run multiple “guest” operating systems, and easily move virtual machines between hosts.

Windows 10 virtualization is managed by Microsoft’s own hypervisor, called Hyper-V. This is the hypervisor used to run the entire Azure cloud stack, so it is robust and secure enough for even the largest enterprise deployments. Hyper-V Windows virtualization enables:

  • Running software that requires an earlier version of Windows or a non-Windows operating system, on top of a Windows machine.
  • Testing software with several operating systems, without having access to a device that has them installed.
  • Export virtual machines and import them into any Hyper-V based system, including the Microsoft Azure cloud.
  • Running virtual desktop infrastructure (VDI) Windows workloads on Windows 10 machines.

Learn how enterprise IT and security teams can protect sensitive assets from endpoint attacks. Get the ultimate CISO's guide, here. Hyper-V on Windows 10

Hyper-V performs hardware virtualization. This means that all virtual machines typically run on virtual hardware—you can define virtual disks, virtual switches, and other virtual devices and add them to virtual machines.

Hyper-V is a Type 1 hypervisor, which runs directly on physical hardware. It differs from other virtualization solutions like VMware vSphere and VirtualBox, which are Type 2 hypervisors that run on top of an operating system.

System Requirements

Hyper-V is available for 64-bit editions of Windows 10 Pro, Enterprise and Education (not the Home version).

Here is a list of important hardware considerations related to implementing Hyper-V on computers running Windows 10:

  • Processor—each virtual machine is assigned up to 240 virtual processors per virtual machine. The main factor in this case is the active operating system. To use CPU resources efficiently, you need to determine how many virtual processors (processor cores) each virtual machine needs.
  • Memory—to ensure high performance, you need to allocate enough RAM resources for Hyper-V hosts and virtual machines. You can use the Dynamic Memory feature to resize virtual machine memory automatically. You must have at least 4 GB of RAM available for the Hyper-V host and the virtual machines running on it (more RAM is required the more VMs you run, or the more intensive your workloads).
  • Storage—adequate I/O bandwidth is required to run virtualized workloads without interruption. This requires high performance storage controllers and hard drives. In addition, to optimize I/O between multiple disk drives, RAID should be configured correctly.
  • CPU cache—a large CPU cache is very useful when running virtual environments with heavy workloads. The processor cache is very fast, virtual machines can access critical data or applications more quickly than from main memory.


Hyper-V Limitations

When planning your Windows 10 virtualized deployment, consider the following limitations of Hyper-V:

  • Applications—Applications strongly dependent on specific hardware may not run properly on virtual machines. In addition, latency-sensitive applications may have issues when running in a virtualized environment.
  • Complexity—running Hyper-V requires expertise, and involves advanced tasks like enabling Intel VTx, managing networks and vSwitches, and tuning the resources allocated to each VM (cores, memory, and dynamic memory allocation).
  • Management—there is no central management interface to create and manage Windows 10 virtual machines. Users have to do this manually, or admins can automate creation of VMs using scripting.
  • Security—virtual storage is not encrypted out-of-the-box, meaning that attackers who compromise the host can access the content of any virtual machines. The Windows Remote Desktop Protocol (RDP) is not protected against screen/keyboard capturing or injecting. Hyper-V does not provide network segregation or any firewall capabilities out of the box.
  • Patching—users and administrators now have to manage multiple operating systems, including patching and maintenance.
  • Automation—Hyper-V does not automate virtual desktop processes such as automatically joining a user to Azure Active Directory (Azure AD).
 

New call-to-action

Hyper-V on Windows 10 Windows Server

Some features of Hyper-V are different in Windows 10 compared to Windows Server.

Hyper-V on Windows 10 does not support live migration of VMs between hosts, replicas, Virtual Fiber Channel, shared virtual hard disk files (VHDX), and SR-IOV networking. These features are only supported on Windows Server.

Hyper-V on Windows Server does not support Quick Create, NAT switches and VM gallery.

In addition, the Hyper-V memory management model is different on each system. On Windows Server, Hyper-V allocates all memory to virtualized workloads. On Windows 10, Hyper-V assumes the machine is running other software in addition to the virtual machine, and allows memory to be allocated to non-virtualized workloads.

Running Containers on Windows with Hyper-V Virtualization

Microsoft recently introduced container technology, allowing developers to create and run Windows and Linux containers on Windows 10 devices.

Containers can run as a separate process in Windows (just like traditional Linux containers). However, the limitation is that the containerized application shares the operating system kernel. This means the container must run the same operating system as the host.

Hyper-V provides a feature called container isolation, which lets you run each container in a customized virtual machine, and get access to any operating system kernel, even Linux. This allows Windows and Linux containers to run simultaneously in the same machine.

These isolated containers are similar to traditional virtual machines. However, they are optimized to conserve resources. For example, Linux Containers on Windows 10 (LCOW) runs a virtual machine with a minimal Linux kernel that has just enough capabilities to support the container. Isolated containers can also dramatically improve security, because they offer hardware-level isolation between containers.

For more details, read on in-depth blog post on Windows Containers

How to Enable Virtualization on Windows 10

To enable Hyper-V virtualization on a Windows 10 machine, follow these steps:

  1. Make sure Intel VT-x is enabled in your BIOS settings. This enables your CPU to function as multiple virtual cores.
  2. In the Windows command line, run systeminfo in CMD and ensure that Hyper-V Requirements are all set to Yes. If not, ensure the machine meets all the system requirements.
  3. Install Hyper-V by opening PowerShell and running the following command (all in one line). Ensure you are logged in as administrator of the machine. Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All
  4. Reboot the machine, and from the start menu, select Hyper-V Quick Create.
  5. Select an operating system, or provide your own operating system image by clicking Local Installation Source, and selecting a VHDX or other image file.
  6. Make sure to deselect Secure Boot if you are running a Linux VM.
  7. Click Create Virtual Machine.

Manage Virtual Machines in Windows 10

There are two main features you should be aware of to manage Windows 10 VMs in Hyper-V.

Enhanced Session Mode

You can enable Enhanced Session Mode in Hyper-V to allow the hypervisor to connect to virtual machines using the remote desktop protocol (RDP). This provides the following benefits:

  • Lets you resize a VM screen and make use of high DPI monitors.
  • Allow VMs to use a shared clipboard, and transfer files from the local system with drag and drop.
  • Allows local devices to be shared with the VM, including audio devices, USB storage, printers, and disk drives.


Using Checkpoints

Hyper-V lets you create a snapshot of your virtual machine, called a checkpoint. Make sure to create checkpoints before changing configurations, performing an update, or installing software applications. This will allow you to revert to a known good state before you made the change.

Hyper-V supports two types of checkpoints:

  • Standard—copies the entire VM with its current memory state. This is not a complete backup, and may cause consistency issues, especially in Active Directory.
  • Production—uses Windows Volume Shadow Copy Service (VSS), or on Linux VMs, File System Freeze (FSF), to create a snapshot that is data consistent. This type of checkpoint does not capture the memory state of the virtual machine.
 

CISO's guide 2022