Author: Dean Suzuki (Last Updated: 4/1/20)
Many customers are interested in bringing their Microsoft Windows licenses (Bring Your Own License, BYOL) to the cloud. In many cases to do this action, the instances need to run on AWS Dedicated Hosts to be compliant with Microsoft licensing. For more details, please see: https://aws.amazon.com/windows/faq/
In this hands-on lab, you will learn:
How to use License Manager to help manage your Microsoft licenses.
How to leverage Host Resource Groups to help manage Dedicated Hosts.
This lab relies upon:
To bring your own license to AWS, you need to create the Windows image and import it into AWS. AWS Service Migration Service (SMS, see here) or VM Import/Export tool (see here) can be used to import your Windows image into AWS. You cannot use an Amazon Machine Image (AMI) since they use the Amazon Windows licenses. In this section, a BYOL image has been shared with your AWS account. You will create a copy of the image in your AWS account.
In the EC2 console on the left hand navigation, go to Instances.
Select Launch Instance.
On Step 1, select My AMI’s and below that under Ownership, select Shared with me.
You should see a BYOL-Windows-Image that has been shared with your account. Press Select.
On Step 2, select M4.large. Press Next.
On Step 3, press Next.
On Step 4, press Next.
On Step 5: Add Tags, press Add Tag. For Key, enter Name. For Value, enter BYOL-Image. Press Next.
On Step 6: Configure Security Group on the Source field, change Custom to My IP. Press Review and Launch.
On Step 7, press Launch.
For Key Pair, choose an existing key pair if you have a key pair from an earlier lab or create a new key pair if you do not have a key pair. Be sure to remember where you download the key pair if you create a new key pair. Click Launch Instance.
Click View Instances.
Wait for the instance state to turn to running and Status 2/2 checks to complete. It should take a couple minutes to complete.
Once the instance comes online, select it and go to Actions > Instance State > Stop.
Once the instance stops, select it and go to Actions > Image > Create Image.
On the Create Image screen for Image name, enter BYOL-Windows-Image. Press Create Image button.
In the EC2 console on the left hand navigation, click AMIs. You should see your newly created AMI.
In this process, you created a local copy of the Windows BYOL image in your AWS account.
In this section, you will learn how to create a licensing rule in License Manager to help you keep track of your Windows licenses that you are using in AWS.
Login to the AWS Console and go to the License Manager console by searching for License Manager in the search.
Click Start using AWS License Manager (if it shows).
Check “I grant AWS License Manager … “ which will allow License Manager to create the IAM policies that it needs to operates. Press Grant permissions.
Select Create license configuration.
On the Create license configuration screen,
a. For License configuration name, Windows-Server-BYOL-License
b. For Description, enter a description for the rule (e.g. Used to keep track of Windows Datacenter licenses)
c. For License type, select Cores. Notice the types that are available.
d. For Number of Cores, enter 300. In this example, we are assuming that you own 300 cores of Windows server licenses.
e. For Enforce license limit, leave it unchecked. Note, that if you checked this box, then if someone tries to launch an instance and it would exceed the amount of licenses that you had, then AWS would block the launch of that instance.
f. For Rules – optional, expand the options and review the different additional rule constraints that you can apply. For example, some Microsoft licensing requires a minimum core count. You are not going to set any of these options in the lab, but we wanted to make you aware of these options.
For Production information – optional, review the available options. These fields enable License Manager to automatically apply this licensing rule to instances that match this product name. We are not going to set any of these options in the lab, but wanted to highlight the field.
Next, you are going to associate the Windows BYOL AMI that you reviewed in Section 1 with this licensing rule that you just created.
By associating the AMI with the licensing rule, anytime a new instance is created using the AMI, the licensing rule will keep track of the license usage. If we enabled the enforce option, the licensing rule could also block any new instances from being created, if the creation would exceed the amount of licenses owned.
To simplify the management and usage of dedicated hosts, AWS created a function called host resource group. A host resource group is a collection of Dedicated Hosts that you can manage as a single entity. As you launch instances, License Manager allocates the hosts and launches instances on them based on the settings that you configured. As you terminate instances, if all the instances on a dedicated host are terminated, then AWS will automatically release the dedicated host.
Also, if you are using an AWS Organization, then AWS Resource Access Manager allows you to share host resource groups across AWS accounts. This improves the utilization of dedicated hosts and could reduce costs since now you can share the usage of dedicated hosts across AWS accounts.
See the Host Resource Group documentation for more information (here).
In this section, you will create a host resource group.
In the License Manager console on the left hand navigation, select Host resource groups.
Select Create host resource group button.
In the Create host resource group screen,
a. For Host resource group name: Windows-BYOL-HRG
b. For EC2 Dedicated Host management settings, review the settings. We are not changing any of them. Please note that there is an option to Share host resource group with all my member accounts. This capability allows you to share dedicated hosts across accounts. See here for more information.
For Associated license configurations, select the “Windows-Server-BYOL-License” that you created earlier.
In this section, you will create a new instance using the Windows BYOL AMI that you created earlier. Then you will notice that AWS allocates a dedicated host to run the instance on.
First, you are going to check if any dedicated hosts are currently running in the account.
In the AWS Console, go to the EC2 console.
In the left navigation, select Dedicated Hosts.
You will notice that there are no dedicated hosts created running in the account. Next, you will create an instance.
In the left navigation of the EC2 console, click Instances.
Click Launch instance.
On the Step 1 screen on the left navigation, select My AMIs.
Select the BYOL-Windows-Image and press Select.
On the Step 2 screen, search for m4.large and select the instance. Press Next.
On the Step 3 screen,
a. For Tenancy, select Dedicated host – Launch this instance on a dedicated host.
b. For Host resource group, click Launch instance into a host resource group.
c. For Host resource group name, select the host resource group that you created earlier (e.g. Windows-BYOL-HRG)
d. For the remaining parameters, leave at default.
e. Press Next.
On the Step 4 Add Storage screen, press Next.
On the Step 5 Add Tags screen,
a. Press Add Tag
b. For Key, enter Name.
c. For value, enter WindowsBYOL1.
d. This will set the instance’s name in the console.
e. Press Next.
On the Step 6 Security group screen, change Source to My IP.
Press Review and Launch.
On Step 7, press Launch.
Select Choose an existing key pair and select the one that you used earlier.
Press Launch Instances.
Click View Instances.
Wait for the instance state to turn to running and Status 2/2 checks to complete. It should take a couple minutes to complete. Note the instance id of your new instance.
In the left navigation, select Dedicated Hosts. Notice that AWS has allocated a dedicated host.
Click on the dedicated host link under Host id.
In the dedicated host details, note the number of physical cores that the new host is using (48) and the vCPU utilization which is the vCPU that your new instance is using (2)
In the Running Instances area, note that your newly created instance is running on the dedicated host.
Open the console in a new tab License Manager and click License configurations in the left navigation.
Notice on the Windows-Server-BYOL-License configuration rule that the licenses consumed are 48 of 300. License Manager is keeping track of the number of Windows licenses that you are using when you allocated the dedicated host.
Go back to the EC2 console. You are now going to terminate the EC2 instance and notice how AWS will release the dedicated host.
Select Instances in the left navigation. Select your WindowsBYOL1 instance and go to Actions > Instance State > Terminate.
On the Terminate instances confirmation screen, select Yes, Terminate.
Wait for the instance state to go to Instance state. It may take a couple minutes.
Once the instance is terminated, click on Dedicated Hosts in the left navigation. After a couple minutes, you will see that the host has been Released.
In this lab, you have learned how to:
Create a new Windows AMI
Create License Configurations rules in License Manager
Create Host Resource Groups to managed dedicated hosts
Create and terminate instances using the dedicated hosts in a host resource group
Use host resource groups to simplify the management of dedicated hosts