Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET
Microsoft Azure

Gen 2 Virtual Machines Now In Preview For Microsoft Azure

Generation 2 virtual machines (VMs) have been available in Hyper-V since Windows Server 2012 R2 and they provide several important features that weren’t supported by generation 1 VMs, including SCSI disk interfaces, PXE boot using a standard network adapter, UEFI instead of a legacy BIOS, Secure Boot, support for virtual Trusted Platform Modules (vTPMs), disk sizes greater than 2TB, and more.

Gen 2 Virtual Machines Pros and Cons

While the public preview of Azure Confidential Computing, Microsoft’s implementation of trusted execution environments (TEEs), uses gen 2 VMs, this is the first time you can provision your own gen 2 VMs in Azure. Azure gen 2 virtual machines provide several advantages over their gen 1 counterparts, primarily a UEFI-based boot architecture, increased memory and OS disk size limits, Intel Software Guard Extensions (SGX), and virtual persistent memory (vPMEM).

But there are also some caveats. The first is that gen 2 VMs are in preview and are not supported or recommended for use in production environments. Azure gen 2 VMs don’t support all the features provided by Windows Server Hyper-V gen 2 VMs. At least not yet. You don’t get the following features at the time of writing:

Sponsored Content

Say Goodbye to Traditional PC Lifecycle Management

Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.

  • Secure Boot
  • Shielded VM
  • vTPM
  • Virtualization-Based Security (VBS)
  • VDHX format

Microsoft says that it will look to add features to Azure gen 2 VMs in the future based on customer feedback. Furthermore, there are some Azure features that you don’t get with gen 2 VMs at the moment:

  • Azure Site Recovery
  • VM Backup
  • Shared Image Gallery
  • Azure Disk Encryption

And finally, only premium storage VM sizes are supported by gen 2 VMs.

Provisioning Gen 2 Azure Virtual Machines

You can deploy gen 2 VMs from the Azure management portal or command line using Marketplace images that support UEFI boot, including all Datacenter versions of Windows Server from 2012 to 2019 on the following VM sizes with premium storage:

  • Dsv2-series and Dsv3-series
  • Esv3-series
  • Fsv2-series
  • GS-series
  • Ls-series and Lsv2-series
  • Mv2-series

The Windows Server Marketplace images that support gen 2 VMs are suffixed with ‘-gen2’. For instance, the Windows Server 2019 Datacenter image for gen 2 VMs is called ‘2019-datacenter-gen2’. Gen 2 images aren’t offered by default when creating VMs in the Azure management portal, so you’ll need to search for them in the Marketplace by clicking Browse all public and private images on the Basics tab.

Gen 2 Virtual Machines Preview in Microsoft Azure (Image Credit: Russell Smith)
Gen 2 Virtual Machines Preview in Microsoft Azure (Image Credit: Russell Smith)

Microsoft says that most current versions of Linux and FreeBSD are also supported but it doesn’t state exactly which versions.

If you select a gen 2 Marketplace image when provisioning a VM, you’ll see the generation setting is automatically selected on the Advanced tab in the management portal.

Gen 2 Virtual Machines Preview in Microsoft Azure (Image Credit: Russell Smith)
Gen 2 Virtual Machines Preview in Microsoft Azure (Image Credit: Russell Smith)

Enabling New Technologies in Azure

Generation 2 VMs have been a long time coming to Azure. It’s likely that Microsoft is looking at expanding support for gen 2 VMs now to enable features for advanced scenarios that require technologies like Intel SGX, and to improve migration scenarios where in the past organizations wanting to ‘lift and shift’ Hyper-V VMs to the Azure cloud had to use Azure Site Recovery to replicate and convert Hyper-V gen 1 VMs to gen 2 VMs.

For more information on using gen 2 Azure VMs, see Microsoft’s website here.


Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

IT consultant, Contributing Editor @PetriFeed, and trainer @Pluralsight. All about Microsoft, Office 365, Azure, and Windows Server.
Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: