AWS Management & Governance Blog

Manage license compliance during migration of workloads to AWS

When customers migrate workloads to the cloud, they can often substantially reduce costs by using their existing software licenses. In most cases, this is as simple as reallocating licenses from their on-premises infrastructure to Amazon Elastic Compute Cloud (Amazon EC2) instances. Because software audits and true-ups are increasingly routine these days, customers must remain compliant with the rules and terms of their license agreements as they perform a migration. It can be expensive if customers cannot easily demonstrate when they started to use a particular license.

AWS License Manager provides a mechanism to allocate licenses to both your on-premises and cloud-hosted resources and allows you to automate the tracking of how these licenses are consumed.

Note: AWS does not participate in the audit process with software vendors. Customers are responsible for compliance and assume the responsibility of carefully understanding and capturing rules into License Manager based on their licensing agreements.

In addition to tracking license utilization, AWS also provides mechanisms to ensure that when you deploy your software, you’re adhering to the rules of your license agreement. Some vendors require that their software must be run on dedicated hardware. An Amazon EC2 Dedicated Host allows you to use your existing per-socket, per-core, or per-VM software licenses, including Windows Server, Microsoft SQL Server, SUSE, and Linux Enterprise Server. You can launch EC2 instances with the same tools and commands as you would with standard shared-tenancy EC2 instances, but these instances run on hardware that is solely allocated to you. License Manager supports deep integration with Dedicated Hosts. It ensures that as new hosts are launched, licenses are properly allocated, providing the elasticity and scalability of the EC2 default shared tenancy to instances launched inside Dedicated Hosts.

The scenario

In this blog post, I will walk through a hypothetical data center migration to AWS. In this case, our customer is a medium-sized enterprise with a mix of physical and virtual machines running various versions and editions of Windows Server which, in turn, are running a mix of commercial software, such as Microsoft SQL Server and SharePoint. During migration planning, the customer’s AWS account team offers to perform an Optimization and Licensing Assessment (OLA). AWS offers this free service because customers are often overprovisioned with licenses in their on-premises environments. It’s complex and time-consuming to purchase new equipment on demand, so customers generally allocate infrastructure (and therefore licenses) for peak loads that are rarely encountered. An OLA can help customers right-size the instances they provision for their workloads, freeing up licenses.

After the assessment, our customer identifies which of their instances to migrate and decides to bring a set of their Windows Server Datacenter licenses to AWS. When applying licenses that are based on the number of physical cores, you must use EC2 Dedicated Hosts. When tracking license consumption on Dedicated Hosts, the number of cores provided by the host is based on the instance family. For more information, see Amazon EC2 Dedicated Hosts Pricing. Some Microsoft licenses might not be eligible for this process. For more information, see the AWS Pricing Calculator.

The migration

Based on the results of the OLA assessment, our customer allocates 192 Core licenses of Windows Datacenter 2019 and uses these hosts for their Windows Server instances. In addition to the operating system licenses, there are 16 core licenses for SQL Server 2017 Standard to allocate to support our customer’s application servers.
Because our customer is bringing their Windows licenses to AWS, they cannot use their existing Amazon Machine Images (AMIs) and must import their machines using CloudEndure Migration, AWS Server Migration Service, or VM Import/Export. The choice of migration option is beyond the scope of this blog post, but see the Field Notes: Choosing a Rehost Migration Tool – CloudEndure or AWS SMS blog post.

Our customer chooses AWS Server Migration Service to import their Windows machines. To remain compliant with their Windows Server license terms, they must ensure that the instances that run these imported machines run on Dedicated Hosts. For their SQL Server instances, our customer must ensure that the number of cores and vCPUs used by the database server don’t exceed their licensed count.

Our customer starts by tracking the Windows Server licenses. Microsoft tracks Windows licenses by the number of physical cores on the server where you are installing Windows. To track the 192 Windows Server Datacenter licenses to be migrated to AWS, our customer will create a customer-managed license.

These are the steps our customer follows to track and enforce this requirement:

  1. In the AWS License Manager console, our customer chooses Customer managed licenses. The displayed license configurations allow you to specify the terms and number of licenses for the software you are tracking.
  2. Our customer enters name and optional description for the license.
  3. Under License type, our customer chooses Cores.
  4. In Number of Cores, our customer enters 192.
  5. Our customer selects the Enforce license limit checkbox.
  6. Windows licensing terms specify that licenses cannot be moved between server hardware for a period of 90 days, so in Rules, under Rule type, our customer chooses License affinity to host (in days), and under Rule value, enters 90.
Create license configuration includes fields for name (Windows Server 2019 Datacenter) and description. It also includes fields for license type (Cores), the number of cores (192), and an Enforce license limit checkbox, which in this example is selected.

Defining a customer-managed license for Windows Server

Because our customer used the AWS Server Migration Service to import the AMIs for their servers, they have been registered in the customer’s AWS account for use when launching EC2 instances. Our customer associates these AMIs with the new license configuration. That way, the license configuration tracks when new instances that use this AMI are created.

Associate an AMI with Windows Server Datacenter lists one available AMI.

Associating an AMI with a license configuration

Because the Windows Server licensing terms require Dedicated Hosts to use your own license, our customer creates a host resource group that can be used to configure automatic allocation and deallocation of Dedicated Hosts. It can optionally specify the instance family to be used for the Dedicated Hosts and associate the hosts with a license configuration for tracking the consumption of licenses.

Our customer uses the C5 instance family. In Additional settings, our customer selects the instance family and then saves the host resource group.

Create a host resource group includes fields for the name and description of host resource group. There are also checkboxes (both selected in this example) to allocate hosts automatically and release hosts automatically.

Creating a Host Resource Group

Our customer is now ready to register licenses for other software (in this case, SQL Server licenses). In the AWS License Manager console, our customer chooses Customer managed licenses. Because the customer is licensing SQL Server on virtual machines, for License type, the customer chooses CPU and then enters 16. Our customer then selects Enforce license limit. Note that, if you own enough SQL Server Enterprise licenses to license all of the cores on a Dedicated Host, the most economical option is to use the Core-based licensing in License Manager and associate the licenses with a Host Resource Group rather than use vCPU licensing.

To maximize the performance of SQL Server and limit the number of licenses consumed when licensing by vCPU, disable hyperthreading by specifying the number of threads that are allowed to execute on each core. For example, if our customer chooses a c5.4xlarge instance, which offers up to 16 hyperthreaded vCPUs, and the customer limits the instance to only one thread per CPU, this yields 8 logical cores (and consumes only 8 of 16 licenses). To use this feature, expand Rules and set vCPU Optimization to True.

CPU options in the EC2 Launch Wizard include a Specify CPU options checkbox (selected in this example) and fields for core count, threads per core, and number of VCPUs.

Disabling hyperthreading on an EC2 instance

Our customer is ready to launch the EC2 instances and selects the previously defined host resource group to ensure the instance runs on a Dedicated Host. This results in the automatic allocation of a new host that matches the instance family selected for the instance. The Windows Server license count is decremented by the number of cores on the host.

In Tenancy, Dedicated host - Launch this instance on a Dedicated Host is displayed. The Launch instance into a host resource group is selected. For Host resource group name, BYOL-Windows-2019-Datacenter is displayed.

Selecting a host resource group at instance launch

As the instances are launched, new hosts are allocated as needed until the total number of allocated licenses is reached. If our customer then attempts to launch an instance, they receive an error.

The Launch Failed error message says the license count limit for the launch configuration has been exceeded.

Failure to launch due to a license limit violation

Similarly, when our customer launches SQL Server instances, the number of licenses are tracked due to the association of the SQL Server AMI with their license configuration.

All of these mechanisms allow you to place a hard limit on launching instances running licensed software, actively preventing you from creating an instance that would violate the terms of your agreement. However, some software packages (for example, SQL Server and SharePoint) can be installed after the instance has been created. In these cases, you can configure License Manager to automatically detect and track these packages by extending a license configuration with automated discovery rules. These rules can be configured to detect the presence of Windows, SQL Server, or Oracle database servers by scanning the system inventory. To collect this inventory, AWS Systems Manager Agent (SSM Agent) must be installed on the instance and an AWS Identity and Access Management (IAM) role that grants access to AWS Systems Manager must be attached to the instance. (SSM Agent is already installed on Amazon-provided AMIs and on instances imported by AWS Server Migration Service and CloudEndure Migration.)

Automated discovery rules includes fields you can use to enter product information. This example shows the product name (SQL Server), product type (2017), and resource type (Amazon EC2 and on-premises). The Stop tracking instances when software is uninstalled checkbox is selected.

Defining an automated discovery rule

In some cases, you might need to notify the software vendor that you are reallocating licenses to your AWS resources. The process varies by vendor, so consult your license agreements for details. To help prepare for a vendor audit, License Manager offers built-in integration with AWS CloudTrail to provide visibility and control over when licenses are used in their environments.

Conclusion

Maintaining compliance with your software license agreements as you perform a migration to the cloud can seem like a daunting task. AWS License Manager helps automate this process, freeing up cycles that would otherwise be spent tracking licenses in spreadsheets or databases. In this post, I described how you can use license configurations, host resource groups, and automated discovery rules to ensure that as you move to the cloud, you remain compliant with your license agreements.

About the author

Andy Hopper Andy Hopper is a Principal Specialist Solutions Architect at AWS, and specializes in helping customers migrate and modernize Microsoft .NET and Windows workloads into their AWS environment.