The use of Microsoft software is subject to Microsoft's terms. You are responsible for complying with Microsoft licensing. This document is only a guide for your convenience and you are not entitled to rely on its descriptions and it does not constitute legal advice. If you have questions about your licensing or rights to Microsoft software, please consult your legal team, Microsoft, or your Microsoft reseller. This page was last updated on March 30, 2017 and is up to date with current Microsoft Product Terms.
On previously published Windows Server AMIs I followed the steps as documented here to enable enhanced networking. Do I still need to do this for Windows Server 2012 R2 AMIs?
Amazon Web Services and Microsoft have worked together for many years, starting with AWS launching Windows Server based instances in 2008. AWS is a Gold Certified member of the Microsoft Partner Network and licensed to sell Microsoft software under the Services Provider License Agreement (SPLA). AWS is also an authorized license mobility partner. Over the years, AWS and Microsoft have collaborated to make Windows and its associated workloads available in the AWS cloud. Microsoft and AWS have mutual customers running Windows workloads on AWS today, including Dole Foods, Hess Corporation, and Lionsgate. In addition, AWS has released Microsoft-specific technologies that allow users to manage and optimize Windows applications in AWS – such as AWS tools for Windows PowerShell, AWS Management Pack for Microsoft System Center, and AWS Diagnostics for Microsoft Windows Server.
AWS supports Microsoft software running on AWS. AWS customers have successfully deployed every Microsoft application available in the AWS cloud, including (but not limited to) Microsoft Office, Windows Server, SQL Server, Exchange, SharePoint, Skype for Business, Dynamics, and Remote Desktop Services.
AWS is a member of the Microsoft Partner Network, licensed to resell Microsoft software via the SPLA, and a Microsoft Gold Certified Hosting Partner. AWS is an authorized license mobility partner. AWS also has an active Premier Support agreement with Microsoft.
Customer issues with AWS services should be submitted to AWS. Issues with Microsoft applications running on an AWS instance should be submitted to Microsoft support. AWS Support does not submit support cases to Microsoft on behalf of AWS customers with individual customer issues. In some cases AWS will engage with the customer and Microsoft on open Microsoft support tickets to help drive resolution.
If you have an existing Microsoft Support agreement, you can contact Microsoft Support directly, under that agreement. Also, if Microsoft determines that they need to perform infrastructure level debugging, you or Microsoft Support can contact AWS Support to help resolve the issue.
You can run many types of Microsoft software on AWS, including but not limited to Microsoft Office, Windows Server, SQL Server, Exchange, SharePoint, Lync, Skype for Business, Microsoft Dynamics products, System Center, BizTalk, and Remote Desktop Services. You can pay for Windows Server and SQL Server licenses directly from AWS to run on Amazon EC2 or Amazon RDS instances. You also have the flexibility to bring Microsoft volume licenses that you have previously purchased and deploy them on Amazon EC2 or Amazon RDS instances. Licenses that are eligible for license mobility and covered by active Software Assurance can be deployed on AWS multi-tenant environments. Licenses that are not eligible for license mobility can be deployed on AWS Dedicated Hosts or Dedicated Instances.
On Amazon EC2, you can choose to run instances that include the relevant license fees in their cost (“license included”) or to utilize license you have already purchased from Microsoft. For Microsoft software, EC2 allows you to pay for instances that include Windows Server and SQL Server licenses. For all other Microsoft software, customers can bring their own license, subject to Microsoft’s terms.
BYOL, or “bring your own license,” is the process you can use to deploy software that you’ve previously licensed on physically dedicated AWS hardware. If you BYOL, you do not pay for instances with licensing included in the cost. Instead you pay the same rate as EC2 instances with Amazon Linux pricing. When you BYOL, you are responsible for managing your own licenses, but Amazon EC2 has features that help you maintain license compliance throughout the lifecycle of your licenses, such as Instance Affinity and targeted placement available through Amazon EC2 Dedicated Hosts.
License Mobility is a benefit available to Microsoft Volume Licensing customers with eligible server applications covered by active Microsoft Software Assurance (SA). License Mobility allows customers to move eligible Microsoft software to third party cloud providers such as AWS for use on EC2 instances with default tenancy. It is important to note that you may not need license mobility if you are using your own licenses on EC2 Dedicated Hosts or EC2 Dedicated Instances For additional details, see the Microsoft License Mobility page on the AWS site.
This information is included in the Microsoft Product Terms. Each product has an individual Software Assurance section that indicates License Mobility eligibility.
No, if you are bringing your own licenses into EC2 Dedicated Hosts or EC2 Dedicated Instances then Software Assurance is not required subject to Microsoft’s terms. If you are moving licensed software onto EC2 instances with a default tenancy, Software Assurance is required. You need to have Software Assurance in order to participate in License Mobility.
No, you must import and license your own media. To get started, you can use the ImportImage API (from AWS CLI or AWS Tool for Windows PowerShell) to import your own media (VHD, VMDK, OVA). If you are importing from VMware vCenter, you can also use AWS Server Migration Service. After the media has been imported, you will see your images in the “My AMIs” console, or you can describe these images using the DescribeImages API.
Yes, when you launch an instance of your own image, your OS will prompt you to activate the image against your KMS.
Please read your licensing terms and conditions and select the AWS model that meets your needs. Generally speaking, there are various products and each have differing levels of BYOL support:
|BYOL Licensing Scenarios|
|License Type||EC2 Dedicated Hosts||EC2 Dedicated Instances||EC2 Multi-Tenant|
|SQL Server||✓||✓ Only on Windows Server license included EC2 Dedicated Instances
||✓ Only if you have licenses with License Mobility and are running on license included Windows Server EC2 instances
|Windows 7, 8, and 10||✓||✓||NA|
|Other||✓ Subject to Microsoft's Terms
||✓ Only on Windows Server license included EC2 Dedicated Instances
||✓ Only if you have licenses with License Mobility and are running on Windows Server EC2 Instances
✓ = scenario is supported
Under your agreements with Microsoft, you may have a special case to use your licenses in a way that is different than described in the BYOL Licensing Scenario table. If your agreements permit a special case where you have additional rights to use your licenses, please contact your account manager or AWS customer support. For additional questions about Microsoft licensing terms contact Microsoft or your Microsoft reseller.
In order to BYOL of Microsoft software into AWS, you need to use the ImportImage tool made available by the EC2 VM Import/Export service. Do not use the ImportInstance tool as it does not support Microsoft BYOL scenarios.
Amazon EC2 offers two purchasing options that provide you with dedicated infrastructure: Dedicated Hosts and Dedicated Instances. It is important to note that all BYOL scenarios are supported through the use of Dedicated Hosts, while only certain scenarios are supported by Dedicated Instances. Also, if you bring existing licenses to Dedicated Hosts or Dedicated Instances, then you are using hardware that is fully dedicated to your use and the outsourcing language within the Microsoft Product Terms applies.
For BYOL license scenarios that are server bound (e.g., Windows Server, SQL Server) and require you to license against the number of sockets or physical cores on a dedicated server, you should use Dedicated Hosts.
For licensing scenarios that are VM, CAL, or user bound and do not require you to license against the number of sockets or physical cores on a dedicated server but require you to run on dedicated infrastructure (e.g., Windows Desktop, SQL Server, Remote Desktop Services, Microsoft Office, and MSDN) you can use Dedicated Instances.
For more information on Dedicated Hosts, visit the Dedicated Hosts detail page.
For more information on Dedicated Instances, visit the Dedicated Instances detail page.
Instance Affinity (only available through the use of Amazon EC2 Dedicated Hosts) and Dedicated Host targeting helps you to monitor this requirement. When you enable Affinity between an instance and a Dedicated Host, that particular instance will only run on a specific Dedicated Host. Using Dedicated Host targeting, you can launch instances onto a specific Dedicated Host, giving you full control over how your licenses are used. For more information on these features, visit the Dedicated Hosts detail page.
License Mobility through Software Assurance allows customers to bring eligible Microsoft software licenses into AWS for use on EC2 instances with default tenancy. The AWS License Mobility Page is a great place to start the process. If you are planning to take advantage of License Mobility in AWS, you will need to fill out the appropriate License Mobility forms. With License Mobility, you can use these images on EC2 Windows Server license-included instances running on EC2 instances with default tenancy. Windows Server licenses must be purchased from AWS in this scenario.
VM Import/Export enables you to easily import virtual machine images from your existing environment to Amazon EC2 instances. This service allows you to leverage your existing investments in the virtual machines that you have built to meet your IT security, configuration management, and compliance requirements by bringing those virtual machines into Amazon EC2 as ready-to-use instances. If you are planning to use your own Microsoft licenses, use the ImportImage tool made available by the VM Import/Export service to import your own Microsoft media.
The VM Import/Export service is available at no additional charge beyond standard usage charges for Amazon EC2 and Amazon S3.
EC2 Dedicated instances and EC2 Dedicated Hosts provide instance capacity on physical servers that are fully dedicated for your use. Alternatively, EC2 offers instances with a tenancy of ‘default’ which run on physical servers that may host multiple isolated instances from different customers.
Dedicated infrastructure provides servers that are physically isolated for use by a single customer. Amazon EC2 has two dedicated infrastructure options: Dedicated Hosts and Dedicated Instances. If you bring existing licenses to Dedicated Hosts or Dedicated Instances, then you are using hardware that is fully dedicated to your use. In that case, the outsourcing language within the Microsoft Product Terms applies. When you want to use instances on a Dedicated Host, launch instances with a tenancy of ‘host’. When you want to use Dedicated Instances, launch instances with a tenancy of ‘dedicated’.
A Dedicated Host is a physical EC2 server fully dedicated to your use. With Dedicated Hosts, you have more control over instance placement and gain visibility into the number of sockets and cores installed on a host. You can use these features to leverage your own per-socket or per-core software licenses, including Windows Server and SQL Server, and SUSE Enterprise Server. Software Assurance is not required when you bring licenses to a Dedicated Host. Visit the Dedicated Host detail page for more information.
Dedicated instances are Amazon EC2 instances that run on hardware that is dedicated to a single customer. For more information on Dedicated Instances, visit the Dedicated Instance page.
Both offerings provide instances that are dedicated to your use. However, Dedicated Hosts provide additional control over your instances and visibility into Host level resources and tooling that allows you to manage software that consumes licenses on a per-core or per-socket basis, such as Windows Server and SQL Server. In addition, AWS Config will keep a record of how your instances use these Dedicated Host resources which will allow you to create your own license usage reports.
In order to take full advantage of EC2 it is recommended that customers first consider bringing eligible licenses through License Mobility. Default tenancy EC2 allows customers to scale capacity up and down according to changing needs. This allows customers to pay only for what they use. SQL is the most common product brought to AWS through License Mobility.
Amazon EC2 Dedicated Hosts are ideal for products that are not eligible for License Mobility or for which active Software Assurance is not in place. Dedicated Hosts are most cost effective when the host is highly utilized and in a steady, non-variable state. A Dedicated Host will support all BYOL scenarios outlined in this FAQ and provide customers with more control and visibility over how their instances are placed, which is useful for minimizing risk and licensing costs in a BYOL scenario. Additionally, Dedicated Hosts support per-socket, per-core, VM, and CAL based licenses. Windows is the most common product brought to Dedicated Hosts.
Yes, you can deploy Windows Server on AWS by purchasing Amazon Machine Images (AMIs) with Windows Server pre-installed. If you buy Windows instances from AWS, whether your instances have a tenancy of dedicated or default, the Windows Server license is included in the cost.
With EC2 license-included instances, EC2 manages licensing compliance, you only pay for what you use, you do not need to pay for Software Assurance, and you have the flexibility to upgrade your software when it is made available without additional cost. Also, there is no need to buy additional Windows Server CALs as access is included in the price, along with two remote connections for admin purposes only. If you require more than two connections or need those remote connections for purposes other than admin you may need to bring in Remote Desktop Services CALs.
Yes you can. After you’ve imported your own Windows Server machine images using the ImportImage tool, you need to launch instances from these machine images on EC2 Dedicated Hosts in order to effectively manage instances and report usage. Microsoft typically requires that you track usage of your licenses against physical resources such as sockets and cores and Dedicated Hosts helps you to do this. Visit the Dedicated Hosts detail page for more information on how to use your own Windows Server licenses on Amazon EC2 Dedicated Hosts.
A Dedicated Host is a physical EC2 server fully dedicated for your use. With Dedicated Hosts, you have more control over instance placement and gain visibility into the number of sockets and cores installed on a host. You can use these features to bring in your own software licenses bound to VMs, sockets, or cores, including Windows Server, SQL Server, and SUSE Enterprise Server. Software Assurance is not required when bring licenses to a Dedicated Host. For more information on Dedicated Hosts, visit the Dedicated Hosts detail page.
The Microsoft Product Terms, which govern the use of all on-premise Microsoft software, provide the following statement in the “Universal License Terms” section.
Outsourcing Software Management
Customer may install and use licensed copies of the software on Servers and other devices that are under the day-to-day management and control of third parties, provided all such Servers and other devices are and remain fully dedicated to Customer’s use. Customer is responsible for all of the obligations under its volume licensing agreement regardless of the physical location of the hardware upon which the software is used.
How do I import and use my own Windows Server license?
You can bring in your own licensed copy of Windows Server media using the ImageImport tool made available by the EC2 VM Import/Export service. Once these images are imported, you can find them under the “my AMIs” section in the AWS Management Console or by using the DescribeImages API. You can then launch instances from your BYOL machine images onto Dedicated Hosts.
Visit this link for more information on how to bring your own machine images into AWS.
Keep in mind that when you choose to bring in your existing Windows Server licenses, you cannot utilize Windows Server AMIs that you purchase from AWS through license-included instances. You must bring in your own licenses using your own software media.
Using AWS Config as the data source and Dedicated Hosts as the platform to run BYOL instances, you can track BYOL usage against physical resources such as sockets and cores. Before you begin launching BYOL instances onto your Dedicated Hosts, ensure AWS Config has been enabled to record Dedicated Host changes. AWS Config keeps track of the configuration changes that occur on a Dedicated Host, including the instances and corresponding IDs of AMIs that ran on a Dedicated Host. These changes are paired with Host level data, such as the Host ID and the number of sockets and physical cores installed on a Dedicated Host. AWS Config will also keep track of instance tags. We recommend that you tag your instances with a meaningful identifier if you would like a human-readable way to identify BYOL instances in the AWS Config output. Visit this page for more information on AWS Config.
How do I determine the number of licenses of Windows Server to bring in?
Visit the Dedicated Hosts detail page for information on the number of instances available per Dedicated Host. On this page you will also find the number of sockets and cores installed on each EC2 Dedicated Host. The instance, socket, and core counts vary by the instance type configuration of the Dedicated Host.
No, if you are using Dedicated Hosts to use your own Windows Server licenses, you do not need to have Software Assurance (SA). Also, if you purchase Windows Server instances from AWS, then there is no need for you to have Software Assurance to cover those Windows Server licenses.
No, as specified in the Microsoft Product Terms, Windows Server, Windows client, and Microsoft Office are not eligible for License Mobility. Since License Mobility enables the use of licenses on EC2 instances with a default tenancy, License Mobility is not required for licenses used on EC2 Dedicated Hosts. If you choose to use Dedicated Hosts for BYOL scenarios, then you can bring in your own licenses for Windows Server, Windows client, and Microsoft Office without the need for License Mobility.
You should use your own Windows Server licenses on Dedicated Hosts and you can do this by running instances with a tenancy of ‘host’. You should not use your own Windows Server license on EC2 instances with a default tenancy unless you have approval from Microsoft to do so. If you have negotiated custom terms with Microsoft and have this permission, please contact AWS support or reach out to your account manager.
AWS manages the licensing for you; all you need to do is pay for the instances you use. There is also no need to buy additional Windows Server CALs, as access is included in the price. Each instance comes with two remote connections for admin purposes only. If you require more than two connections, or need those connections for purposes other than admin, you may have to bring in additional Remote Desktop Services CALs for use on AWS.
No, you cannot relicense existing Windows Server EC2 instances or migrate existing Windows Server EC2 instances over to BYOL VMs. However, if you need to migrate from license-included to BYOL and have applications or OS configurations that need to be migrated, we suggest that you reach out to our partners, such as CloudEndure or AppZero, who may be able to assist with these types of migrations.
Yes, you can buy instances with SQL Server licenses included from AWS to run on either Amazon EC2 or Amazon Relational Database Service (RDS). SQL Server Web Edition, Standard Edition, and Enterprise Edition are available for you to license on both Amazon EC2 and Amazon RDS.
Yes, you can bring in your own licenses (BYOL) on EC2 Dedicated Hosts, EC2 Dedicated Instances with license included Windows Server, or EC2 instances with a default tenancy with License Mobility.
- EC2 instances with a default tenancy
Microsoft’s License Mobility through Software Assurance allows qualifying customers to bring in eligible Microsoft software onto AWS for use on EC2 instances with a default tenancy. The AWS License Mobility Page is a great place to start the process. You will need to fill out the appropriate License Mobility forms and file them with Microsoft to ensure that the licenses are able to be brought to AWS. You can use your own SQL Server licenses on top of license-included EC2 Windows Server default tenancy or RDS default tenancy instances.
The use of Dedicated Hosts allows you use a per-core or per-socket SQL Server licensing model, and you do not need to have access to License Mobility through Software Assurance, which can save you money on licensing costs if you are bringing your own license. If you choose to license your SQL Server licenses against the sockets or cores on a physical machine, you need to use these licenses on Dedicated Hosts. Visit the Dedicated Hosts detail page for more information on how to use your own SQL Server licenses on Amazon EC2 Dedicated Hosts. You can also choose to use EC2 license-included Windows Server Dedicated Instances, where you pay for SQL Server licenses on a VM basis.
Yes, license Mobility is a benefit available to Microsoft Volume Licensing customers with eligible server applications (including SQL Server) covered by active Microsoft Software Assurance (SA) contracts. License Mobility allows customers to move eligible Microsoft software to third party cloud providers such as AWS for the end use on EC2 instances with a default tenancy. It is important to note that you may not need license mobility if you are using your own licenses on EC2 Dedicated Hosts or EC2 Dedicated Instances. For additional details, see the Microsoft License Mobility page on the AWS site. Qualifying customers with Software Assurance can bring in their own licenses of SQL Server for use on Amazon EC2 and Amazon RDS instances with a default tenancy.
There are various factors to consider when licensing disaster recovery for SQL Server. The information below pertains only to the SQL Server licenses and not the Windows Server licenses. In all cases you must license Windows Server. For more information on SQL and failover server scenarios, visit this Microsoft SQL Server licensing guide.
- Purchasing licenses with Amazon Machine Images (AMIs)
If you buy SQL Server licenses from AWS, then you have to pay for failover servers. Microsoft requires that each instance of the server be licensed and that includes disaster recovery failover servers.
- Bringing existing licenses to Amazon EC2 Dedicated Hosts
When you use EC2 Dedicated Hosts or EC2 Dedicated Instances, the outsourcing language within the Microsoft Product Terms applies. In the case of SQL Server, this means that you may not have to license your failover servers (for SQL Server only – you will still require to license Windows Server) as long as the licenses have Software Assurance and are passive servers running on EC2 Dedicated Hosts or EC2 Dedicated Instances.
- Bringing existing licenses with License Mobility
If you bring in pre-2014 SQL Server licenses via License Mobility, then you must bring in or purchase licenses for the failover servers as well. If you bring in SQL versions 2014 or later, license mobility with software assurance allows for fail over and the passive SQL server does not require an additional license.
If you are licensing SQL Server under Microsoft’s License Mobility through Software Assurance, the number of licenses required varies based on the instance type, version of SQL Server, and the Microsoft licensing model you choose. To assist you with your virtual core licensing calculations under the Microsoft Product Terms, we provide a table here that shows the number of virtual representations of hardware threads based on instance type.
If you are using Dedicated Hosts, EC2 provides you with the number of physical cores installed on the Dedicated Host. Using this information, you can calculate the number of SQL Server licenses that you need to bring in. For additional information, we recommend referencing Microsoft documentation, such as the licensing guide for SQL server 2014 (see here).
Per Microsoft licensing language, SQL Web may be used only to support public and Internet accessible web pages, web sites, web applications and web services. It may not be used to support line of business applications (e.g., Customer Relationship Management, Enterprise Resource Management and other similar applications).
You can determine the core count per server by dividing the number of physical cores on the Dedicated Host by the socket count. This information can be found on the Dedicated Host detail page. You can find the processor types on the EC2 Instance Type detail page.
Using AWS Config as the data source you can track configuration changes against physical resources such as sockets and cores. Before you begin launching BYOL instances onto AWS, ensure AWS Config has been enabled to record any changes. AWS Config keeps track of the changes that occur, including the instances and corresponding AMI IDs that ran. These changes are paired with Host level data, such as the Host ID and the number of sockets and physical cores installed. AWS Config will also keep track of instance tags. We recommend that you tag your instances with a meaningful identifier if you would like a human-readable way to identify BYOL instances in your AWS Config logs. Visit this page for more information on AWS Config.
Yes, you can use MSDN licenses on AWS if you bring your own licenses. Microsoft does not allow the use of MSDN on multi-tenant AWS servers. However, if you use Dedicated Instances or Dedicated Hosts and your MSDN licenses are governed by the Microsoft Product Terms, then you can bring your MSDN licenses to AWS. Dedicated hardware is fully dedicated to your use and Microsoft views this as outsourcing which activates different language in the Product Terms.
No, AWS does not sell MSDN licenses.
No, Microsoft does not allow MSDN licenses to be utilized on AWS instances with a default tenancy.
Yes, you can use these licenses on either Dedicated Hosts or Dedicated Instances.
No, MSDN is not included in Microsoft’s License Mobility program.
No. AWS does not sell any Windows Client operating system licenses on any of our services.
Yes. If you use Dedicated Instances or Dedicated Hosts, then you can bring in your own Windows Client licenses for use on AWS. You may require Software Assurance or Virtual Desktop Access (VDA) in order to utilize the Windows client operating systems such as Windows 7 or Windows 8 on AWS. We recommend you read this Microsoft licensing brief for more information.
No, as specified in the Microsoft Product Terms, License Mobility does not apply to Windows Client, Windows Server, or Microsoft Office. Since License Mobility enables the use of specific licenses on EC2 instances with a default tenancy, License Mobility is not required to deploy licenses on EC2 Dedicated Hosts or EC2 Dedicated Instances. If you choose to use Dedicated Hosts and BYOL, then you can bring in your own licenses for Windows Client, Windows Server, and Microsoft Office without needing License Mobility.
Yes, you can BYOL of Microsoft Office for use on EC2 Dedicated Hosts or EC2 Dedicated Instances. If you bring existing licenses to EC2 Dedicated Hosts or EC2 Dedicated Instances, then you are using hardware that is fully dedicated to your use. In that case, the outsourcing language within the Microsoft Product Terms applies. This allows you to bring in Office licenses for use on your own Windows client licenses.
No, Microsoft does not include Microsoft Office in Microsoft’s License Mobility program.
No. AWS sells only Windows Server and SQL Server licenses today for use on Amazon EC2.
Yes. We have many customers that have successfully brought in and deployed licenses on AWS. These deployments include, but are not limited to, Exchange, SharePoint, Lync, Remote Desktop Services, Office, Dynamics products, BizTalk, and System Center.
Customers can choose to use shared EC2 instances and utilize License Mobility or they can purchase EC2 Dedicated Hosts and utilize physically dedicated hardware.
- EC2 instances with a default tenancy
License Mobility through Software Assurance allows qualifying customers to bring in eligible Microsoft software onto AWS default tenancy servers. The AWS License Mobility Page is a great place to start the process. You will need to fill out the appropriate License Mobility forms and file them with Microsoft to ensure that the licenses are able to be imported into AWS.
If you bring existing licenses to EC2 Dedicated Hosts, then you are using hardware that is physically dedicated to your use. In that case, the outsourcing language within the Microsoft Product Terms applies. Visit the Dedicated Hosts detail page for more information on Dedicated Hosts.
Yes. License Mobility is a benefit available to Microsoft Volume Licensing customers with eligible server applications covered by active Microsoft Software Assurance (SA). License Mobility allows customers to move eligible Microsoft software to third party cloud providers such as AWS for the end use on EC2 instances with a default tenancy. It is important to note that you may not need license mobility if you are using your own licenses on EC2 Dedicated Hosts or EC2 Dedicated Instances. For additional details, see the Microsoft License Mobility page on the AWS site. Qualifying customers with Software Assurance can bring in their own licenses of user based products as long as they comply with the terms of the License Mobility program.
Amazon EC2 instances come with two Remote Desktop Services (aka Terminal Services) licenses for administration purposes. If additional Remote Desktop Services licenses are needed, they should be purchased from Microsoft or a Microsoft license reseller. Remote Desktop Services licenses purchased with Software Assurance have license mobility benefits and can be brought to AWS multi-tenant environments. If the licenses do not have Software Assurance, they must be deployed on dedicated hosts or dedicated instances.
If you are providing this is a service to a third party (not internal use), then the Service Provider License Agreement (SPLA)could be used to license Remote Desktop Services. Under this model, you would deploy your service on AWS and rent remote desktop licenses for your end users on a monthly basis. Information on SPLA can be found at: https://www.microsoft.com/en-us/CloudandHosting/Licensing_Get_started_with_SPLA.aspx
We have many customers and partners that have their own SPLA and utilize AWS. AWS customers can use their SPLA in scenarios where they are offering software services to a third party. Customers that have a SPLA with Microsoft are governed by the Services Provider Use Rights (SPUR). The SPUR describes exactly how customers can outsource their infrastructure to AWS. Products licensed by user can be deployed on multi-tenant AWS and licensed on a monthly basis under the customer’s SPLA. Unless deployed on dedicated infrastructure, products that are licensed by core or processor (Windows Server, SQL Server) are licensed with AWS license included instances.
ISVs can choose to utilize self-hosting rights with Microsoft as part of their Enterprise Agreement (EA). This allows them to take advantage of pricing that they have negotiated with Microsoft under their EA. Microsoft requires that customers not mix self-hosting rights and SPLA for each application. If you have a solution that is licensed under the self-hosting benefit and you wish to bring it to AWS, you can deploy this on EC2 default tenancy. In this scenario, you would still be required to purchase a Windows license-included instance. Dedicated Hosts are not required for SQL (or other included self-hosting products) due to AWS’s status as a license mobility partner.
No, at this time new BizSpark licenses cannot be used on AWS. We encourage startups to try AWS Activate, with benefits including usage credits, support, training and more.
AWS provides updated, fully patched Windows AMIs within 5 business days of Microsoft’s patch Tuesday (second Tuesday of each month).
AWS deprecates previously published Windows and SQL Server AMIs within 10 business days after a new set of AMIs is published.
When publishing new Windows AMIs, AWS follows a consistent naming scheme. For example, Windows_Server-2012-R2_RTM-English-64Bit-Base-2014.05.20. Look for the date stamp in the AMI name. You find the date stamp (last 8 digits) at the end of the AMI name.
Windows Server 2016 is Microsoft’s newest release of Windows Server. Windows Server 2016 comes loaded with a variety of powerful new features including support for Docker and Windows Containers. The release also features a Nano Server deployment option that boots faster than the Standard Edition and uses a fraction of the disk space. By running Windows Server 2016 on Amazon EC2, users can leverage the performance and elasticity of AWS to get up and running on this new release.
AWS is releasing several new AMIs, including Windows Server 2016, Nano Server, Windows Server 2016 with Containers and Windows Server 2016 with SQL Server 2016.
Nano Server is optimized to run cloud-hosted applications and containers. Compared to Windows Server 2016, it starts faster, requires fewer updates, consumes far less disk space, presents less surface area for security threats, and only runs 64-bit applications, tools, and agents. Nano Server has no graphical user interface – all administration is done remotely via PowerShell or WMI.
For Nano Server, Get Instance Screenshot and System Log views are supported, however given Nano Server is headless, Connect via RDP is not. Instead, users can administer a running Nano Server instance via PowerShell remoting, via PowerShell CIM sessions over WinRM, or via Windows Remote Management.
Yes, you can create customized AMIs from Windows Server 2016 and Nano Server instances. As a best practice, AWS recommends generalizing an image by running sysprep when creating a new Windows AMI, and this continues to be true for Windows Server 2016. However, sysprep is not included in Nano Server, meaning image generalization is not available when creating a Windows AMI from Nano Server. Alternately, users can customize a Nano Server instance post-launch by using Run Command, which enables configuration via remote command execution.
Windows Server 2016 and Nano Server AMIs feature an all-new version of the SSM agent that replaces the functionality previously supported by the EC2Config service, thereby eliminating the need for EC2Config. With these enhancements, SSM agent now supports a number of advanced settings and launch-time configurations. More details on the new SSM agent in Windows Server 2016 and Nano Server can be found in the User Guide.
Launch an instance with the new Windows Server 2016 with Containers AMI. You can find a sample walkthrough in the AWS Blog.
Yes. Amazon EC2 Container Service (ECS) will support Windows containers by the end of 2016. Please sign up here to receive more information.
Windows Server 2016 instances are billed under standard Windows EC2 pricing.
Microsoft recommends a minimum of 2GB RAM – visit the EC2 Instance Types page to see which instances fit best for your application.
Yes, you can upgrade Windows instances to Windows Server 2016. Visit this page for more details.
Windows Server 2016 is available in all AWS regions.
We will be releasing AMIs with Windows Server 2012 R2 Standard Edition. For details on the differences between the Windows Server Editions, please refer to the Microsoft documentation.
No. Both On-Demand and Reserved instance pricing for Windows Server 2012 R2 is the same as the pricing for earlier versions of Windows Server available on Amazon EC2. You can view the current pricing for Amazon EC2 instances here: http://aws.amazon.com/ec2/pricing.
Windows Server 2012 R2 is available in all AWS regions.
At this time, all Amazon EC2 instance types are supported.
We support 19 languages with the Windows Server 2012 R2 AMIs. Current list of supported languages: Brazilian Portuguese, Chinese Simplified, Chinese Traditional, Czech, Dutch, English, French, German, Hungarian, Italian, Japanese, Korean, Polish, Russian, Spanish, Swedish, and Turkish.
You can use AWS Elastic Beanstalk to deploy and manage your applications on Windows Server 2012 R2 in the AWS cloud. Additionally, you can deploy directly to Amazon EC2 instances launched from the EC2 console or the AWS Marketplace. Also, you can use the AWS Toolkit for Visual Studio to get your application deployed and running in a few clicks.
The following SQL Server languages, version and editions are available with Windows Server 2012 R2 AMI: English, Japanese and Brazilian Portuguese: SQL Server 2014 (Enterprise (English only), Express, Standard and Web editions).
ReFS was designed for file sharing workloads like sharing content or streaming videos. Windows applications like SQL Server support NTFS and will not install on a ReFS volume.
Yes. EBS volumes can be used to setup a Storage Pool. The volumes can be formatted as NTFS or ReFS depending upon your application*.
Move your mouse to the lower left corner, wait for the Start screen and then click to switch into the Start screen.
On previously published Windows Server AMIs I followed the steps as documented here to enable enhanced networking. Do I still need to do this for Windows Server 2012 R2 AMIs?
No, you don’t need to do this for the new Windows Server 2012 R2 AMIs. The AMIs provide built-in support for enhanced networking via SR-IOV on R3, C3 and I2 instances.
Yes. You can run Windows Server 2003 and Windows Server 2003 R2 instances on Amazon EC2 after Microsoft extended support ends on July 14, 2015* including instances that are running at that time.
You can launch new Windows Server 2003 instances on existing Amazon EC2 instance families after the end of extended support*.
Yes. You will be able to create custom Windows Server 2003 AMIs and launch instances from those AMIs after July 14, 2015*.
Windows Server 2003 AMIs will continue to be published and updated through the August AMI release schedule, and will be removed from the Amazon EC2 quick launch and Marketplace on September 15th, 2015. After September 15th, you will still be able to search for the published AMIs by following the instructions on this page.
Without the ability to receive updates or debugging assistance from Microsoft, our ability to fully resolve issues related to Windows Server 2003 will be restricted to addressing issues which do not require an OS patch. AWS will continue to offer assistance troubleshooting issues with running Windows Server 2003 on Amazon EC2.
Yes. You can use VM Import to import Windows Server 2003 based VMs after July 14th, 2015.
AWS is unable to provide security and software updates to Windows Server 2003 after extended support ends on July 14th 2015. If Microsoft provides security and software updates to the general public for Windows Server 2003 after July 14, 2015, we will provide them to you via an updated AMI.
Yes. AWS customers can create and launch custom AMIs for their own use, including if those AMIs contain updates resulting from a custom support agreement. AWS customers may not redistribute any custom support updates, however.
AWS will continue to offer assistance troubleshooting applications that are still within the Microsoft extended support phase. There is no change in the way applications running on Windows Server are supported. However if the issue requires a patch or OS-level troubleshooting support from Microsoft, the AWS support team may not be able to fully resolve your issue. Please visit the AWS Support page for more details.
Yes, for details on how to perform OS Upgrades on your Amazon EC2 instances, please visit the following page for more details.
On September 15, 2015, the AWS-published Windows Server 2003 AMIs will be removed from the quick start in the instance launch wizard but will still be accessible by following the instructions on this page. The AMI IDs of your custom AMIs will not be changed.
* Following July 14, 2015, Microsoft's extended support for Microsoft Windows Server 2003 will end. Because of this, instances running Windows Server 2003 may have a higher risk of failure, security issues, incompatibility, or non-functionality. AWS will continue to offer you use of Windows Server 2003 within Amazon EC2, with an understanding that there may be an increasing number of issues that cannot be diagnosed or resolved, and therefore there is a risk that your Windows Server 2003 instances will lose their functionality entirely.
No, AWS does not offer SharePoint instances at this time.
You can run SharePoint on AWS by deploying eligible licenses with active Software Assurance through Microsoft’s License Mobility program. Learn more at http://aws.amazon.com/windows/resources/licensemobility/. SharePoint can also be deployed on AWS EC2 Dedicated Hosts without Software Assurance.
Microsoft License Mobility through Software Assurance allows Microsoft customers to move current on-premises Microsoft Server application workloads to Amazon Web Services (AWS), without any additional Microsoft software license fees. This benefit is available to Microsoft Volume Licensing (VL) customers with eligible server applications covered by active Microsoft Software Assurance (SA) contracts. Learn more at http://aws.amazon.com/windows/resources/licensemobility/.
Please contact your Microsoft Large Account Reseller (LAR) for options on how to purchased and/or add Software Assurance to existing licenses.
One SharePoint license can be assigned to one AWS instance (no max/min size).
Customers can run their existing SQL licenses per the License Mobility program or they can run on an AWS SQL instance. For more information on SQL instances running on Amazon EC2, including pricing, please visit http://aws.amazon.com/windows/products/ec2.
The AWS Management Pack is an extension to Microsoft System Center Operations Manager that enables you to view and monitor your AWS resources directly in the Operations Manager console. This way, you get a single pane of glass to view and monitor your resources, whether they are on-premises or in the AWS cloud.
You can monitor following AWS resources using the AWS Management Pack:
● Amazon EC2 instances (Microsoft Windows and Linux)
● Amazon Elastic Block Store (EBS) volumes
● Elastic Load Balancing
● AWS CloudFormation stacks
● AWS Beanstalk applications
All the default Amazon CloudWatch metrics for these resources—and any Amazon CloudWatch alarms associated with them—are surfaced as performance counters and alerts in Operations Manager.
The AWS Management Pack is available for “System Center 2012 – Operations Manager” and “System Center Operations Manager 2007 R2”.
Yes. The management pack gives you a consolidated view of your resources across multiple regions and Availability Zones.
Yes. The management pack gives you a consolidated view of your resources running in Amazon VPC and Amazon EC2.
Yes. You can configure the management pack to monitor AWS resources from multiple AWS accounts. Resources from multiple AWS accounts are monitored separately instead of being consolidated in a single view.
Yes, provided that (a) the Amazon EC2 instances are running Operations Manager Agent, and (b) the application-specific management packs are imported in Operations Manager. This applies to Amazon EC2 instances running Microsoft Windows as well as Linux.
Yes. You can configure the AWS Management Pack to use the access key ID and secret access key of a locked-down IAM user instead of using the credentials of a fully-privileged AWS root account.
Yes. You can choose to run Operations Manager either on-premises or in the AWS cloud.
A comprehensive guide detailing deploying, using, customizing, and troubleshooting the AWS Management Pack is available here.
Yes, through Microsoft License Mobility.
AWS Systems Manager for Microsoft SCVMM is a software add-in that lets you administer your AWS resources using SCVMM. You can monitor and manage your EC2 for Windows instances in the AWS Cloud, as well as on-premises virtual machines—from a single console.
You can list and view EC2 for Windows instances in any region. You can also start, stop, reboot, and terminate instances, as well as connect via RDP.
You can use AWS Systems Manager with SCVMM 2012 SP1 and later.
You can download the add-in here.
There is no additional cost to download, install or use Systems Manager for SCVMM.
The AWS Management Pack is used for monitoring and reporting on the performance of EC2 for Windows instances, whereas AWS Systems Manager lets you start, stop, reboot and terminate instances.
AWS Diagnostics for Microsoft Windows Server is a standalone executable that can be run on an EC2 Windows Server instance for diagnosis and troubleshooting as well as proactively checking for possible issues. The tool includes a data collector module that collects debug information and packages it in a zip file. It also includes an analyzer module that can analyze the log files collected by the data collector module and parse them based on predefined rule.
If you ever run into issues with your EC2 Windows Server instance and want to do a preliminary check to eliminate some of the known problems, this tool will be a great starting point. It will also relieve the pain point of trying to collect a bunch of different log files manually, especially when you are working with our technical support.
Here’s a sample list of data that will be collected. For a comprehensive list, please refer to the user manual
- Network Information, including IP address and route table
- Domain and computer name
- Activation settings, including license status and Key Management Server (KMS) configuration
- Time settings, including current time and time zone
- Installed drivers on the instance
- Windows firewall settings, along with security group rules
- Installed updates
- Mini dump files if Windows has crashed within a week
Here’s a sample list of analysis rules. For a comprehensive list, please refer to the user manual
- Check for activation status and KMS settings
- Check for proper route table entries for metadata and KMS access
- Comparison of AWS Security group rules vs. Windows firewall rules
- Version check for PV driver (Redhat or Citrix)
- Check if the RealTimesUniversal registry key is set
- Default gateway settings if using multiple NICs
- Bug check code in mini dump files
There is no additional charge for AWS Diagnostics for Microsoft Windows Server.
Yes. In order to do that you will have to detach the volume from the crashed instance and attach it to an instance on which the tool is running. The tool will then parse through the directory structure of the attached EBS volume that you select and will collect the necessary information.
A comprehensive guide for AWS Diagnostic Tool for Microsoft Windows Server is available here.
No. Customers can receive support running Microsoft workloads on AWS from both AWS and Microsoft under the customer’s support agreements with AWS or Microsoft without having to recreate their environment using other technologies. In the very rare case a problem could not be duplicated, AWS would work with the customer to recreate the issue in a Microsoft validated environment.
AWS does not need to be SVVP validated for customers to be fully supported running Microsoft workloads on AWS. As Microsoft explains: “SVVP does not apply to vendors that are hosting Windows Server or other Microsoft products through the Microsoft Service Provider License Agreement Program (SPLA). Support for SPLA customers is provided under the SPLA agreement by the SPLA hoster.” (see http://www.windowsservercatalog.com/svvp.aspx).
Yes. SVVP validation is not applicable to SPLA providers. Support for SPLA customers is provided under the SPLA agreement by AWS. AWS is fully committed to supporting our customers running Microsoft workloads on AWS.