Chapter 17. Installing and managing Windows virtual machines

To use Microsoft Windows as the guest operating system in your virtual machines (VMs) on a RHEL 8 host, Red Hat recommends taking extra steps to ensure these VMs run correctly.

For this purpose, the following sections provide information on installing and optimizing Windows VMs on the host, as well as installing and configuring drivers in these VMs.

17.1. Installing Windows virtual machines

The following provides information on how to create a fully-virtualized Windows machine on a RHEL 8 host, launch the graphical Windows installer inside the virtual machine (VM), and optimize the installed Windows guest operating system (OS).

You can create a VM and install it using the virt-install command or the RHEL 8 web console.

Prerequisites

Procedure

  1. Create the VM. For instructions, see Section 2.2, “Creating virtual machines”.

    • If using the virt-install utility to create the VM, add the following options to the command:

      • The storage medium with the KVM virtio drivers. For example: 

        --disk path=/usr/share/virtio-win/virtio-win.iso,device=disk,bus=virtio

      • The Windows version you will install. For example, for Windows 10: 

        --os-variant win10

        For a list of available Windows versions and the appropriate option, use the following command: 

        # osinfo-query os
    • If using the web console to create the VM, specify your version of Windows in the Operating System field of the Create New Virtual Machine window. After the VM is created and the guest OS is installed, attach the storage medium with virtio drivers to the VM using the Disks interface. For instructions, see Section 11.3.7.3, “Attaching existing disks to virtual machines using the web console”.

  2. Install the Windows OS in the VM.

    For information on how to install a Windows operating system, refer to the relevant Microsoft installation documentation.

  3. Configure KVM virtio drivers in the Windows guest OS. For details, see Section 17.2.1, “Installing KVM paravirtualized drivers for Windows virtual machines”.

Additional resources

17.2. Optimizing Windows virtual machines

When using Microsoft Windows as a guest operating system in a virtual machine (VM) hosted in RHEL 8, the performance of the guest may be negatively impacted.

Therefore, Red Hat recommends optimizing your Windows VMs by doing any combination of the following:

17.2.1. Installing KVM paravirtualized drivers for Windows virtual machines

The primary method of improving the performance of your Windows virtual machines (VMs) is to install KVM paravirtualized (virtio) drivers for Windows on the guest operating system (OS).

To do so:

  1. Prepare the install media on the host machine. For more information, see Section 17.2.1.2, “Preparing virtio driver installation media on a host machine”.
  2. Attach the install media to an existing Windows VM, or attach it when creating a new Windows VM.
  3. Install the virtio drivers on the Windows guest OS. For more information, see Section 17.2.1.3, “Installing virtio drivers on a Windows guest”.

17.2.1.1. How Windows virtio drivers work

Paravirtualized drivers enhance the performance of virtual machines (VMs) by decreasing I/O latency and increasing throughput to almost bare-metal levels. Red Hat recommends that you use paravirtualized drivers for VMs that run I/O-heavy tasks and applications.

virtio drivers are KVM’s paravirtualized device drivers, available for Windows VMs running on KVM hosts. These drivers are provided by the virtio-win package, which includes drivers for:

  • Block (storage) devices
  • Network interface controllers
  • Video controllers
  • Memory ballooning device
  • Paravirtual serial port device
  • Entropy source device
  • Paravirtual panic device
  • Input devices, such as mice, keyboards, or tablets
  • A small set of emulated devices
Note

For additional information about emulated, virtio, and assigned devices, refer to Chapter 10, Managing virtual devices.

Using KVM virtio drivers, the following Microsoft Windows versions are expected to run similarly to physical systems:

17.2.1.2. Preparing virtio driver installation media on a host machine

To install KVM virtio drivers on a Windows virtual machine (VM), you must first prepare the installation media for the virtio driver on the host machine. To do so, install the virtio-win package on the host machine and use the .iso file it provides as storage for the VM.

Prerequisites

  • Ensure that virtualization is enabled in your RHEL 8 host system.

Procedure

  1. Download the drivers

    1. Browse to Download Red Hat Enterprise Linux.
    2. Select the Product Variant relevant for your system architecture. For example, for Intel 64 and AMD64, select Red Hat Enterprise Linux for x86_64.
    3. Ensure the Version is 8.
    4. In the Packages, search for virtio-win.

    5. Click Download Latest.

      The RPM file downloads.

  2. Install the virtio-win package from the download directory. For example: 

    # yum install ~/Downloads/virtio-win-1.9.9-3.el8.noarch.rpm
[...]
Installed:
  virtio-win-1.9.9-3.el8.noarch

    If the installation succeeds, the virtio-win driver files are prepared in the /usr/share/virtio-win/ directory. These include ISO files and a drivers directory with the driver files in directories, one for each architecture and supported Windows version. 

    # ls /usr/share/virtio-win/
drivers/  guest-agent/  virtio-win-1.9.9.iso  virtio-win.iso

  3. Attach the virtio-win.iso file to the Windows VM. To do so, do one of the following:

    • Use the file as a disk when creating a new Windows VM.

    • Add the file as a CD-ROM to an existing Windows VM. For example: 

      # virt-xml WindowsVM --add-device --disk virtio-win.iso,device=cdrom
Domain 'WindowsVM' defined successfully.

Additional resources

17.2.1.3. Installing virtio drivers on a Windows guest

To install KVM virtio drivers on a Windows guest operating system (OS), you must add a storage device that contains the drivers - either when creating the virtual machine (VM) or afterwards - and install the drivers in the Windows guest OS.

Prerequisites

Procedure

  1. In the Windows guest OS, open the File Explorer application.
  2. Click This PC.
  3. In the Devices and drives pane, open the virtio-win medium.

  4. Based on the architecture of the VM’s vCPU, run one of the installers on the medium.

    • If using a 32-bit vCPU, run the virtio-win-gt-x86 installer.
    • If using a 64-bit vCPU, run the virtio-win-gt-x64 installer.
    virtio win installer 1

  5. In the Virtio-win-guest-tools setup wizard that opens, follow the displayed instructions until you reach the Custom Setup step.

    virtio win installer 2
  6. In the Custom Setup window, select the device drivers you want to install. The recommended driver set is selected automatically, and the descriptions of the drivers are displayed on the right of the list.
  7. Click next, then click Install.
  8. After the installation completes, click Finish.
  9. Reboot the VM to complete the driver installation.

Verification

  1. In This PC, open the system disk. This is typically (C:).

  2. In the Program Files directory, open the Virtio-Win directory.

    If the Virtio-Win directory is present and contains a sub-directory for each of the selected drivers, the installation was successful.

    virtio win installer 3

Additional resources

17.2.2. Enabling Hyper-V enlightenments

Hyper-V enlightenments provide a method for KVM to emulate the Microsoft Hyper-V hypervisor. This improves the performance of Windows virtual machines.

The following sections provide information about the supported Hyper-V enlightenments and how to enable them.

17.2.2.1. Enabling Hyper-V enlightenments on a Windows virtual machine

Hyper-V enlightenments provide better performance in a Windows virtual machine (VM) running in a RHEL 8 host. For instructions on how to enable them, see the following.

Procedure

  1. Use the virsh edit command to open the XML configuration of the VM. For example: 

    # virsh edit windows-vm

  2. Add the following lines to the XML: 

    <hyperv>
  <relaxed state='on'/>
  <vapic state='on'/>
  <spinlocks state='on' retries='8191'/>
  <vpindex state='on'/>
  <runtime state='on' />
  <synic state='on'/>
  <stimer state='on'/>
  <frequencies state='on'/>
</hyperv>

  3. Change the clock section of the configuration as follows: 

    <clock offset='localtime'>
  <timer name='hypervclock' present='yes'/>
</clock>
  4. Save and exit the XML configuration.
  5. If the VM is running, restart it.

Verification

  • Use the virsh dumpxml command to display the XML configuration of the running VM. If it includes the following segments, the Hyper-V enlightenments are enabled on the VM. 

    <hyperv>
  <relaxed state='on'/>
  <vapic state='on'/>
  <spinlocks state='on' retries='8191'/>
  <vpindex state='on'/>
  <runtime state='on' />
  <synic state='on'/>
  <stimer state='on'/>
  <frequencies state='on'/>
</hyperv>

<clock offset='localtime'>
  <timer name='hypervclock' present='yes'/>
</clock>

17.2.2.2. Configurable Hyper-V enlightenments

You can configure certain Hyper-V features to optimize Windows VMs. The following table provides information about these configurable Hyper-V features and their values.

Table 17.1. Configurable Hyper-V features

EnlightenmentDescriptionValues

evmcs

Implements paravirtualized protocol between L0 (KVM) and L1 (Hyper-V) hypervisors, which enables faster L2 exits to the hypervisor. This feature is exclusive to Intel processors.

on, off

frequencies

Enables Hyper-V frequency Machine Specific Registers (MSRs).

on, off

ipi

Enables paravirtualized inter processor interrupts (IPI) support.

on, off

no-nonarch-coresharing

Notifies the guest OS that virtual processors will never share a physical core unless they are reported as sibling SMT threads. This information is required by Windows and Hyper-V guests to properly mitigate simultaneous multithreading (SMT) related CPU vulnerabilities.

on, off, auto

reenlightenment

Notifies when there is a time stamp counter (TSC) frequency change which only occurs during migration. It also allows the guest to keep using the old frequency until it is ready to switch to the new one.

on, off

relaxed

Disables a Windows sanity check that commonly results in a BSOD when the VM is running on a heavily loaded host. This is similar to the Linux kernel option no_timer_check, which is automatically enabled when Linux is running on KVM.

on, off

reset

Enables Hyper-V reset.

on, off

runtime

Sets processor time spent on running the guest code, and on behalf of the guest code.

on, off

spinlock

  • Used by a VM’s operating system to notify Hyper-V that the calling virtual processor is attempting to acquire a resource that is potentially held by another virtual processor within the same partition.
  • Used by Hyper-V to indicate to the virtual machine’s operating system the number of times a spinlock acquisition should be attempted before indicating an excessive spin situation to Hyper-V.

on, off

stimer

Enables synthetic timers for virtual processors. Note that certain Windows versions revert to using HPET (or even RTC when HPET is unavailable) when this enlightenment is not provided, which can lead to significant CPU consumption, even when the virtual CPU is idle.

on, off

stimer-direct

Enables synthetic timers when an expiration event is delivered via a normal interrupt.

on, off.

synic

Together with stimer, activates the synthetic timer. Windows 8 uses this feature in periodic mode.

on, off

time

Enables the following Hyper-V-specific clock sources available to the VM,

  • MSR-based 82 Hyper-V clock source (HV_X64_MSR_TIME_REF_COUNT, 0x40000020)
  • Reference TSC 83 page which is enabled via MSR (HV_X64_MSR_REFERENCE_TSC, 0x40000021)

on, off

tlbflush

Flushes the TLB of the virtual processors.

on, off

vapic

Enables virtual APIC, which provides accelerated MSR access to the high-usage, memory-mapped Advanced Programmable Interrupt Controller (APIC) registers.

on, off

vendor_id

Sets the Hyper-V vendor id.

  • on, off
  • Id value - string of up to 12 characters

vpindex

Enables virtual processor index.

on, off

17.2.3. Configuring NetKVM driver parameters

After the NetKVM driver is installed, you can configure it to better suit your environment. The parameters listed in this section can be configured using the Windows Device Manager (devmgmt.msc).

Important

Modifying the driver’s parameters causes Windows to reload that driver. This interrupts existing network activity.

Prerequisites

Procedure

  1. Open Windows Device Manager.

    For information on opening Device Manager, refer to the Windows documentation.

  2. Locate the Red Hat VirtIO Ethernet Adapter.

    1. In the Device Manager window, click + next to Network adapters.
    2. Under the list of network adapters, double-click Red Hat VirtIO Ethernet Adapter. The Properties window for the device opens.

  3. View the device parameters.

    In the Properties window, click the Advanced tab.

  4. Modify the device parameters.

    1. Click the parameter you want to modify. Options for that parameter are displayed.

    2. Modify the options as needed.

      For information on the NetKVM parameter options, refer to Section 17.2.4, “NetKVM driver parameters”.

    3. Click OK to save the changes.

17.2.4. NetKVM driver parameters

The following table provides information on the configurable NetKVM driver logging parameters.

Table 17.2. Logging parameters

ParameterDescription 2

Logging.Enable

A Boolean value that determines whether logging is enabled. The default value is Enabled.

Logging.Level

An integer that defines the logging level. As the integer increases, so does the verbosity of the log.

  • The default value is 0 (errors only).
  • 1-2 adds configuration messages.
  • 3-4 adds packet flow information.
  • 5-6 adds interrupt and DPC level trace information.
Note

High logging levels will slow down your virtual machine.

The following table provides information on the configurable NetKVM driver initial parameters.

Table 17.3. Initial parameters

ParameterDescription

Assign MAC

A string that defines the locally-administered MAC address for the paravirtualized NIC. This is not set by default.

Init.ConnectionRate(Mb)

An integer that represents the connection rate in megabits per second. The default value for Windows 2008 and later is 10G (10,000 megabits per second).

Init.Do802.1PQ

A Boolean value that enables Priority/VLAN tag population and removal support. The default value is Enabled.

Init.MTUSize

An integer that defines the maximum transmission unit (MTU). The default value is 1500. Any value from 500 to 65500 is acceptable.

Init.MaxTxBuffers

An integer that represents the number of TX ring descriptors that will be allocated.

The default value is 1024.

Valid values are: 16, 32, 64, 128, 256, 512, and 1024.

Init.MaxRxBuffers

An integer that represents the number of RX ring descriptors that will be allocated.

The default value is 256.

Valid values are: 16, 32, 64, 128, 256, 512, and 1024.

Offload.Tx.Checksum

Specifies the TX checksum offloading mode.

In Red Hat Enterprise Linux 8, the valid values for this parameter are:

* All (the default) which enables IP, TCP, and UDP checksum offloading for both IPv4 and IPv6

* TCP/UDP(v4,v6) which enables TCP and UDP checksum offloading for both IPv4 and IPv6

* TCP/UDP(v4) which enables TCP and UDP checksum offloading for IPv4 only

* TCP(v4) which enables only TCP checksum offloading for IPv4 only

17.2.5. Optimizing background processes on Windows virtual machines

To optimize the performance of a virtual machine (VM) running a Windows OS, you can configure or disable a variety of Windows processes.

Warning

Certain processes might not work as expected if you change their configuration.

Procedure

You can optimize your Windows VMs by performing any combination of the following:

  • Remove unused devices, such as USBs or CD-ROMs, and disable the ports.

  • Disable automatic Windows Update. For more information on how to do so, see Configure Group Policy Settings for Automatic Updates or Configure Windows Update for Business.

    Note that Windows Update is essential for installing latest updates and hotfixes from Microsoft. As such, Red Hat does not recommend disabling Windows Updates

  • Disable background services, such as SuperFetch and Windows Search. For more information about stopping services, see Disabling system services or Stop-Service.

  • Disable useplatformclock. To do so, run the following command, 

    # bcdedit /set useplatformclock No
  • Review and disable unnecessary scheduled tasks, such as scheduled disk defragmentation. For more information on how to do so, see Disable Scheduled Tasks.
  • Make sure the disks are not encrypted.
  • Reduce periodic activity of server applications. You can do so by editing the respective timers. For more information, see Multimedia Timers.
  • Close the Server Manager application on the VM.
  • Disable the antivirus software. Note that disabling the antivirus might compromise the security of the VM.
  • Disable the screen saver.
  • Keep the Windows OS on the sign-in screen when not in use.