This is another one of my blog-post series, this time taking a dive into generation 2 VMs, a new feature in Hyper-V in Windows 8.1 that I’ve been working on as Program Manager for throughout the release. In the end, it turned into a small novel rather than a few short posts, but I hope you find them valuable. Especially when you get to the part 10!
Part 1: Introduction to generation 2 virtual machines Part 2: Networking and boot order Part 3: Storage Part 4: Keyboard for Windows 8 & Windows Server 2012 Part 5: Kernel debugging Part 6: Secure Boot Part 7: FAQ Part 8: Manually migrating generation 1 virtual machines to generation 2 Part 9: Installing from ISO Part 10: Utility for converting generation 1 virtual machines to generation 2 (Convert-VMGeneration)
The main reason for introducing generation 2 VMs is a strategic bet by the Hyper-V team to have a platform upon which we can build upon in future releases, while introducing a number of improvements in this release as well.
If you look at previous virtualization solutions from Microsoft, including Virtual PC, Virtual Server, and all earlier releases of Hyper-V, from a VM perspective, the underlying hardware is relatively old, emulating an Intel 440BX chipset. Interestingly (perhaps!), I only recently discovered that the codename for this chipset was ‘Seattle’. Kind of appropriate with Redmond being the easterly younger-brother city to Seattle, and where I now call home!
Of course, we have introduced many features to make guest operating systems run well in a virtual environment, such as software based I/O and kernel enlightenments. There are plenty of posts and documents which explain that in more detail though, so I won’t go into depth in these posts.
The reason for using emulated devices is that most operating systems can run on that hardware. And that was important to be successful as a virtualization platform. However, it meant compromises had to be made.
Generation 2 VMs have a revised set of virtual hardware which move away from previous limitations, unleashing new possibilities in the future. We still have full compatibility by keeping the previous hardware intact in the form of “generation 1” virtual machines.
In Hyper-V Manager, we have added an additional step in the New Virtual Machine wizard:
In PowerShell, you use the “Generation” parameter to New-VM. If the parameter is not specified, a generation 1 VM will be created.
PS C:\> New-VM -VMName Generation2 -Generation 2
Name State CPUUsage(%) MemoryAssigned(M) Uptime Status ---- ----- ----------- ----------------- ------ ------ Generation2 Off 0 0 00:00:00 Operating normally
Once a VM has been created, in Hyper-V Manager, the generation is shown on the summary tab when a VM is selected:
To determine the generation of a VM using PowerShell, the ‘Generation’ property is exposed on the VMObject returned by Get-VM
PS C:\> Get-VM -VMName Generation2 | fl Name,Generation
Name : Generation2 Generation : 2
The generation is also exposed in the VirtualSystemSubType field in the Msvm_VirtualSystemSettingData class. The values are “Microsoft:Hyper-V:SubType:1” for a generation 1 VM, or “Microsoft:Hyper-V:SubType:2” for a generation 2 VM.
1. The firmware
First, we took a decision to change the system firmware. Generation 1 VMs use a PCAT BIOS, as have the majority of OEM PCs until recently. While technically there is nothing wrong with BIOS, it has limitations. Especially when you consider in our case it’s written in 16-bit assembler. This makes ongoing enhancements extremely difficult. It is also relatively slow to initialise taking up a significant proportion of virtual machine power on time, and relatively inefficient consuming a fair number of CPU cycles during this initialization.
Instead of BIOS, we went with UEFI firmware, which is actually a logo requirement for OEMs to achieve Windows 8 & 8.1 logo. One of the big advantages of using UEFI is that it is written in a high-level language which makes if far easier to maintain and extend. Our implementation is based on TianoCore, EDK II and is a UEFI 2.3.1 implementation with necessary modifications and bug-fixes.
UEFI has a number of other advantages such as removing the 2.2TB MBR partition limits for the boot volume. I will go into that in a little more detail in a future post.
Our UEFI firmware in Windows 8.1 does not have a CSM (Compatibility Support Module). In terms of how the UEFI forum defines platform types, this makes our implementation “Class 3”. We do not have a 32-bit implementation, which means that only 64-bit Guest Operating systems would be able to run in this environment. I will cover what operating systems are actually supported later.
2. The devices
There are some obvious devices we removed. For example, the legacy network adapter (which is an emulated device based on a DEC/Intel/Tulip 21140). Then we removed the IDE controller. And the floppy controller plus associated DMA controller. And the serial controller (COM ports). These are all things you can directly see in the VM settings.
Then we changed other devices such as removing the legacy i8042 keyboard controller (which has an interesting side effect I will talk about in a future part), PS/2 mouse, S3 Video, the Programmable Interrupt Controller (PIC), the Programmable Interrupt Timer (PIT), the Super I/O device on which floppy support relied. We actually went even further by removing the PCI bus as well. For good measure, we also removed the speaker and the numerical co-processor. We also revised ACPI.
Of course, when you rip this much out, you may initially think ‘could an operating system boot in this environment?’. With just the above changes, the answer would be no. Primarily because the most common ways of booting a generation 1 VM are a disk/VHD attached to an IDE controller, an ISO/DVD drive attached to an IDE controller, or PXE boot from the legacy network adapter. I’m ignoring boot from floppy (.VFD) – I’m sure not many people do this these days!
Given that both IDE and Legacy NIC are no longer present, we had to introduce alternate boot mechanisms, and a new DVD device. We extended the UEFI firmware to be aware of software based devices (ie those using VMBus), and support booting from our software-based SCSI and Network controllers, plus the new software-based DVD device.
To give you a feel of what this means inside device manager, the screenshot is from a Windows Server 2012 virtual machine running on Hyper-V in Windows Server 2012, with up to date Integration Services installed. This is relatively typical of what you would see on any VM you have running today in Hyper-V.
The following is a screenshot from a generation 2 Windows 8.1 virtual machine running on Hyper-V in Windows 8.1
You may be asking at this point, so what? In fact, I’d be surprised if you weren’t asking that question. A big advantage is that the security attack surface of a generation 2 VM is lower than that of a generation 1 VM. It moves us closer towards accountability of compute resource by not consuming so many resources in the parent partition or Hypervisor through emulation. And it makes VM management decisions easier. This last point is where I will pick up in the next part.
A short after-story.... A lot of people incorrectly abbreviate generation 2 virtual machines to ‘gen 2’, or capitalise the G when it’s not at the start of the sentence, or even use just “G2”. Even I am occasionally guilty. The correct terminology is a generation 2 virtual machine. Internally we did have a few other names during development, one of which had some particularly strong negative feedback which will forever stick in my mind! And no, I’m not letting on…
At Microsoft, you can change your picture which shows up on internal email among other places. I was trying to (futile effort) encourage people to stop using the incorrect terminology. Hence I changed my picture to that of a Gentoo penguin with a red circle and cross through it. Well I thought it was a good idea, if a little subtle! Of course I wasn’t thinking it through entirely as I got some comments that I was being derogatory towards Linux which was not the case at all! You live and learn!!
too bad, I've already named my VMM 2012 R2 Temaplate "Server 2012 R2 Datacenter G2" :-)
Thanks for the post, waiting for the other parts...
Actually, it would be nice to be also able to boot Linux in a generation 2 VM, if only for faster boot times and moving fully to GPT disks.
Since you have improved synthetic devices support in the Linux kernel (thank you very much for that!), and Linux can already boot from UEFI, it can't be that far off. Maybe for the next version? :)
Linux support is being worked on. It doesn't require any changes in Hyper-V, rather in the set of LIS components, plus some kernel changes to support the appropriate devices.
John Howard please include Endian Firewall on LIS please.
We need to deploy it on hyper-V.
Can you add support for RemoteFX in G2 ASAP. Allot of us in the University and Collage sector need it for our researchers.
I install Hyper V with windows server 2012 R2, the virtual machines for generation 2 work very slowly (windows8 and Windows server2012 R2), i made one probe creating one virtual machine using Generation one and the diference in performance is better. Any have one Idea that why this problem.
No, this is not expected at all. We have not seen this at all during development. But you give very little information to guess at.
Can you provide details about the configurations for both the VMs - UP or MP, NUMA spanning or not; At recommended minimum RAM for guest OS or constrained?; DM or static memory; Both running simultaneously or individually without any other VMs or applications running to compare like for like; what workload are you running to indicate slow; slow during boot, slow in terms of general responsiveness; slow during running a measured workload?; Slow in I/O or something else? Type of VHD(X) - fixed, differencing, dynamic? Where is the VHDX? On an SMB share or local? VM in a cluster or not? Any external factors which would affect the timing (eg VHDX on a network and network throughput subject to external influence or physical disk maxed out due to other activity)? Actual measurements etc.....
If you can get to a situation of like for like with a single VM running ruling out external factors and actual measurements that demonstrate a performance difference, it might be possible to investigate further.
Please make it less complex
Pretty disappointing that this functionality doesn't already exist with the released product. Anyone having to upgrade there environment is now forced to follow a convoluted process to upgrade the virtual hardware or spend money on a 3rd party tool. Not to mention that Gen2 VMs are already limited to Win8/Win2012.
Frank - can you be more specific - which bit is overly complex in your opinion?
@JD - which functionality? To convert between generation 1 and generation2 (my best guess)? This is no different to native - you can't easily take a disk from PCAT/BIOS based system, put it in an EFI based system and expect it to boot. They are so fundamentally different in the way they boot.
But I think you may be confused - there absolutely is no need to move to generation 2 virtual machines when upgrading the parent partition to Windows Server 2012 R2/Windows 8.1. Generation 1 and generation 2 virtual machines are both fully supported and can run simultaneously.
One correction, generation 2 VMs can run Windows 8/Windows Server 2012 and later. Not just Windows 8/2012. In addition, Linux support is being actively worked on and should arrive soon.
As for migration tools, wait just a little longer. You will hopefully be pleasantly surprised at how simple it is, and the cost (free).
Linux support (of the very few main distros that Hyper-V support) is an absolut MUST, the sooner the better, please
we need to be able to install guest OSes from DVD.
So I guess this means we can't move to Gen 2 VMs.
That's progress I guess.
Adrien - is there a particular reason you are using physical media and need to use physical media as opposed to an ISO, network or other image based deployment technique? What operating systems?
When will the option to have Gen2 guests be added to VDI? I just tried to rollout out a Gen2 Windows8.1 collection but Remote Desktop Services says only Gen1 is supported.