Nested virtualization is the act of running a hypervisor nested within another hypervisor.
For example, it is possible to run a Nested VMware ESXi 6.0 hypervisor over a VMware Player 7 hypervisor:
We may need to make some changes to the Nested Hypervisor virtual machine configuration file, as described in (VMware: Running Nested VMs – VMware: Running Nested VMs ).
It would be interesting for a guest machine to be able to detect to be running over a Nested Hypervisor.
I haven’t found a direct method (virtual hardware-based) yet. Some network testing and MAC Address and ESXi services correlation could do the trick, when networking is available.
For example, consider the following NMAP scan:
# nmap -vv -sV --version-all 192.168.189.134 -p 443 Starting Nmap 6.47 ( http://nmap.org ) at 2016-01-22 10:45 EST Scanning 192.168.189.134 [1 port] (...) PORT STATE SERVICE VERSION 443/tcp open ssl/http VMware ESXi Server httpd MAC Address: 00:0C:29:BD:16:1F (VMware)
NMAP detects that there is an ESXi Server at IP 192.168.189.134 and that its MAC Address is 00:0C:29:BD:16:1F, inside the VMware virtual MAC address range. This indicates that this machine may well be a Nested ESXi.
More details in the full paper at VMware hypervisor fingerprinting Tool ( & Paper)
- VMware hypervisor fingerprinting Tool ( & Paper)
- VMware: Running Nested VMs – https://communities.vmware.com/docs/DOC-8970
- Detecting Hardware-assisted Hypervisor Rootkits within nested virtualized environments – http://www.dtic.mil/dtic/tr/fulltext/u2/a563168.pdf
- Configure virtual machine for nested ESX/ESXi with PowerCLI – http://enterpriseadmins.org/blog/scripting/configure-virtual-machine-for-nested-esxesxi-with-powercli/