Gen 2 Virtual Machines Now In Preview For Microsoft Azure

Generation 2 virtual machines (VMs) have been available in Hyper-V since Windows Server 2012 R2 and they provide several important features that weren’t supported by generation 1 VMs, including SCSI disk interfaces, PXE boot using a standard network adapter, UEFI instead of a legacy BIOS, Secure Boot, support for virtual Trusted Platform Modules (vTPMs), disk sizes greater than 2TB, and more.

Gen 2 Virtual Machines Pros and Cons

While the public preview of Azure Confidential Computing, Microsoft’s implementation of trusted execution environments (TEEs), uses gen 2 VMs, this is the first time you can provision your own gen 2 VMs in Azure. Azure gen 2 virtual machines provide several advantages over their gen 1 counterparts, primarily a UEFI-based boot architecture, increased memory and OS disk size limits, Intel Software Guard Extensions (SGX), and virtual persistent memory (vPMEM).

But there are also some caveats. The first is that gen 2 VMs are in preview and are not supported or recommended for use in production environments. Azure gen 2 VMs don’t support all the features provided by Windows Server Hyper-V gen 2 VMs. At least not yet. You don’t get the following features at the time of writing:

• Secure Boot
• Shielded VM
• vTPM
• Virtualization-Based Security (VBS)
• VDHX format

Microsoft says that it will look to add features to Azure gen 2 VMs in the future based on customer feedback. Furthermore, there are some Azure features that you don’t get with gen 2 VMs at the moment:

• Azure Site Recovery
• VM Backup
• Shared Image Gallery
• Azure Disk Encryption

And finally, only premium storage VM sizes are supported by gen 2 VMs.

Provisioning Gen 2 Azure Virtual Machines

You can deploy gen 2 VMs from the Azure management portal or command line using Marketplace images that support UEFI boot, including all Datacenter versions of Windows Server from 2012 to 2019 on the following VM sizes with premium storage:

• Dsv2-series and Dsv3-series
• Esv3-series
• Fsv2-series
• GS-series
• Ls-series and Lsv2-series
• Mv2-series

The Windows Server Marketplace images that support gen 2 VMs are suffixed with ‘-gen2’. For instance, the Windows Server 2019 Datacenter image for gen 2 VMs is called ‘2019-datacenter-gen2’. Gen 2 images aren’t offered by default when creating VMs in the Azure management portal, so you’ll need to search for them in the Marketplace by clicking Browse all public and private images on the Basics tab.

Microsoft says that most current versions of Linux and FreeBSD are also supported but it doesn’t state exactly which versions.

If you select a gen 2 Marketplace image when provisioning a VM, you’ll see the generation setting is automatically selected on the Advanced tab in the management portal.

Enabling New Technologies in Azure

Generation 2 VMs have been a long time coming to Azure. It’s likely that Microsoft is looking at expanding support for gen 2 VMs now to enable features for advanced scenarios that require technologies like Intel SGX, and to improve migration scenarios where in the past organizations wanting to ‘lift and shift’ Hyper-V VMs to the Azure cloud had to use Azure Site Recovery to replicate and convert Hyper-V gen 1 VMs to gen 2 VMs.

For more information on using gen 2 Azure VMs, see Microsoft’s website here.