Bringing your own licenses


This page describes how Google Cloud supports bringing your own licenses (BYOL) that have dedicated hardware requirements to Compute Engine. Before attempting to bring images with existing licenses to Google Cloud, review your licensing terms and conditions.

Bringing your existing physical-core or physical-processor licenses that have dedicated hardware requirements requires you to bring your own media and to run that media on hardware configurations, such as sole-tenant nodes, that are compliant with your licenses. You can bring images with existing licenses in any region that supports sole-tenant nodes, and although there is no additional charge for bringing images with existing licenses, you must still pay for your licenses according to your agreements.

Sole-tenant nodes are physical servers dedicated to hosting VMs for only your project. You can configure sole-tenant nodes to support various workload requirements, such as requirements for minimizing the number of physical servers and cores. Consult your licensing agreements to determine which configuration options are most suitable for your workloads.

To support bringing your own licenses, and to help you manage compliance requirements related to your licenses, Google Cloud provides tools for importing images, managing VMs on dedicated hardware by using sole-tenant nodes, minimizing physical core usage, and tracking usage of physical cores for reporting purposes.

To bring images with existing licenses to Google Cloud, you must do the following:

  1. Prepare the images according to your license agreements.

  2. Activate your licenses.

  3. Import virtual disk files and create images from those disk files.

  4. Create sole-tenant node templates.

  5. Create sole-tenant node groups from the node templates.

  6. Provision VMs on the node groups with the imported virtual disk files.

  7. Track the license usage of your VMs. To help you with reporting your license consumption, Google provides tools to help you track both license usage and physical core and processor usage.

  8. Report license consumption to your vendor.

If you need support or have questions regarding licensing, contact your licensing reseller. If you need support or have questions about bringing images with existing licenses to Google Cloud, contact Google Cloud Support.

There are other licensing scenarios that do not require sole-tenant nodes, for example, licenses related to Linux BYOS with RHEL and SLES, as well as Microsoft applications. If you are considering bringing licenses from Microsoft applications such as SharePoint Server and SQL Server, use Microsoft License Mobility.

Before you begin

  1. Review the node group maintenance policies.

  2. Request additional CPU quota: new projects receive a CPU quota of 72. Make sure you have enough CPU quota to support your node group. For example, the n1-node-96-624 node type contains 96 CPUs, and if your node group uses the minimum number of nodes (2), your CPU quota must be at least 192. Depending on your setup and the needs of your workloads, you might also need to request a quota adjustment for VMs or IP addresses.

  3. Enable the Cloud Build API: To import your OS image you must enable the Cloud Build API. When you enable this API, Compute Engine grants your project the appropriate IAM roles so that you can import images into your project. To list the roles granted to your project, use the gcloud projects get-iam-policy command. For information about how to grant roles to your project, see Managing access to Compute Engine resources.

  4. Enable the Cloud Logging API: Enable this API if your licensing agreements require you to track physical server usage. With this API enabled, you can import and view server usage information, such as physical core count, by using BigQuery, which Google strongly recommends. For information about how to determine the count of physical cores, see Determining server usage.

Importing and creating an image from an offline virtual disk

To provision VMs with your existing licenses, you must bring your own media. Images based on a Google Cloud premium image are not eligible for BYOL because premium images require pay-as-you-go licenses from Google.

If you have virtual disks (golden disks or golden images) in your on-premises environment with software configurations or licenses that you need, the import virtual disk tool can help you do the following:

  1. Import your customized virtual disks with a supported operating system and create images based on those disks.

  2. Set up the appropriate license configuration.

  3. Install the packages and drivers necessary for compatibility with Google Cloud.

Before you import the virtual disk file for you VM, verify that there are no incompatibilities in the file by downloading and running the precheck tool from inside your VM. Also, because software from third parties might interfere with the installation of Compute Engine drivers, Google recommends removing third-party software before importing your image.

To start a VM with your own license, import a virtual disk with the OS you want to use. You can import virtual disks from Cloud Storage buckets and local workstations. When importing a virtual disk file from a local workstation, the image import tool uploads your image file to Cloud Storage, and, if necessary, creates a new Cloud Storage bucket. Then, the import tool copies the file to Compute Engine and creates a bootable image from the virtual disk file.

Files stored on Cloud Storage and images in Compute Engine incur charges. After verifying that the image imports and boots correctly as a VM, you can delete the virtual disk file from Cloud Storage.

Console

  1. In the Cloud Console, go to the Images page.

    Go to the Images page

  2. Click Create image.

  3. Specify a name for the image.

  4. Under Source, choose Virtual disk (VMDK, VHD).

  5. Under Cloud Storage file, choose Browse and browse to the Cloud Storage location of the image to import.

  6. Under Operating system on virtual disk, choose the operating system of the image that you are importing.

  7. Make sure that Install guest packages is selected, so that the image you are importing is bootable.

  8. Under OS License choose Use your own license key.

  9. Click Create to import the image.

gcloud

Run gcloud compute images import to import a virtual disk file and to create a disk image from the virtual disk file.

gcloud compute images import IMAGE_NAME \
  --source-file VMDK_NAME \
  --os OS

Replace the following:

  • IMAGE_NAME: name to give the image created from the virtual disk file.

  • VMDK_NAME: name of the virtual disk to import and create an image from. You can import a VMDK file from the following:

    • A local file: If importing from a local file, use an absolute path or a relative path to the file. Depending on the size of the virtual disk and the speed of the network connection, the upload might take tens of minutes.

    • Cloud Storage: If importing from Cloud Storage, the Cloud Storage bucket must be in the same project that you are using to import the virtual disk, and you must specify the full path to the file as gs://BUCKET_NAME/OBJECT_NAME, replacing BUCKET_NAME with the name of the Cloud Storage bucket and OBJECT_NAME with the name of the Cloud Storage object.

  • OS: operating system of the disk image. Must be a supported operating system.

Activating licenses

After verifying that you are importing a compatible OS, you are responsible for checking that your licensing agreements permit you to bring your own licenses and that you are permitted to use the guest OS image and license import environment provided by Google. You are also responsible for preparing your guest OS image for import according to your licensing agreements.

To activate a license, use startup scripts with your activation keys, or set up the Cloud Key Management Service. You can't activate images with existing licenses against Compute Engine's license server.

After importing your image and activating the license, provision a VM based on the imported image onto a sole-tenant node.

Creating a sole-tenant node template

After importing the image, set up a node template. You will use this node template to create a sole-tenant node group to run your image on.

Console

  1. In the Google Cloud Console, go to the Node templates page.

    Go to the Node templates page

  2. Click Create node template.

  3. Enter a Name for the node template.

  4. Select the Region for node template.

  5. Select a Node type for the nodes in node groups created based on this node template.

  6. Optionally specify node affinity labels.

  7. Click Create to finish creating your node template.

gcloud

Create a sole-tenant node template by using gcloud compute sole-tenancy node-templates create.

gcloud compute sole-tenancy node-templates create TEMPLATE_NAME \
  --node-type NODE_TYPE \
  --region REGION

Replace the following:

  • TEMPLATE_NAME: name of the node template to create.

  • NODE_TYPE: type of sole-tenant node for the nodes in a node group. All nodes in a node group are identical and are created from the parameters specified by a node template.

  • REGION: region to create the node template in.

API

Create a sole-tenant node template by using nodeTemplates.insert .

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/nodeTemplates

{
   "name": "TEMPLATE_NAME",
   "nodeType": "NODE_TYPE"
   "nodeAffinityLabels": {
      "KEY": "VALUE"
   }
}

Replace the following:

  • PROJECT_ID: ID of your project.

  • REGION: region to create the node template in.

  • TEMPLATE_NAME: name of the node template to create.

  • NODE_TYPE: type of sole-tenant node for the nodes in a node group. All nodes in a node group are identical and are created from the parameters specified by a node template.

  • KEY: VALUE: comma-separated list of affinity labels represented as key-value pairs. You can only specify affinity labels for a node template when you create the node template.

Creating a sole-tenant node group

With the previously created sole-tenant node template, create a sole-tenant node group. A sole-tenant node group inherits properties specified by the sole-tenant node template and has additional values that you must specify.

Console

  1. In the Google Cloud Console, go to the Node groups page.

    Go to the Node groups page

  2. Click Create node group.

  3. Enter a Name for the node group.

  4. Select the Region and Zone for the node group. You can only create node groups based on node template that is in the same zone.

  5. Select the Node template to base the node group on. Node templates and node groups must be in the same region, so when selecting the template for a node group, select a template from the region where you are creating the node group.

  6. Choose one of the following for the Autoscaling mode for the node group autoscaler:

    • Don't configure autoscale: Manually manage the size of the node group.

    • Autoscale: Have nodes automatically added to or removed from the node group.

    • Autoscale only out: Add nodes to the node group when extra capacity is required.

  7. Specify the Number of nodes for the group. If you enable the node group autoscaler, either specify a range for the size of the node group, or, specify the number of nodes for the group. You can manually change either value later.

  8. Specify the Maintenance policy for the sole-tenant node group to one of the following values. The maintenance policy lets you configure the behavior of VMs on the node group during host maintenance events. For more information, see Maintenance policies.

    • Default
    • Restart in place
    • Migrate within node group
  9. Click Create.

gcloud

Create a sole-tenant node group by using the gcloud compute sole-tenancy node-groups create command.

gcloud compute sole-tenancy node-groups create GROUP_NAME \
  --node-template TEMPLATE_NAME \
  --target-size GROUP_SIZE \
  --zone ZONE \
  --maintenance-policy MAINTENANCE_POLICY

Replace the following:

  • GROUP_NAME: name of the sole-tenant node group to create.

  • TEMPLATE_NAME: name of the node template to create the node group from.

  • GROUP_SIZE: initial size of the node group. The node group autoscaler automatically manages the size of sole-tenant node groups, or you can manage the size manually.

  • ZONE: zone to create the node group in. Must be in the same region as the node template.

  • MAINTENANCE_POLICY: maintenance policy of the node group. Set to migrate-within-node-group, restart-in-place, or default. If no value is specified, default is specified for the maintenance policy.

API

Create a sole-tenant node group by using nodeGroups.insert.

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/nodeGroups?initialNodeCount=GROUP_SIZE

{
  "nodeTemplate": "/regions/REGION/nodeTemplates/TEMPLATE_NAME",
  "name": "GROUP_NAME",
  "maintenancePolicy": "MAINTENANCE_POLICY"
}

Replace the following:

  • PROJECT_ID: ID of the project to create the node group in.

  • ZONE: zone to create the node group in. Must be in the same region as the node template.

  • GROUP_SIZE: initial size of the node group. The node group autoscaler automatically manages the size of sole-tenant node groups, or you can manage the size manually.

  • REGION: region containing the node template.

  • TEMPLATE_NAME: name of the node template to create the node group from.

  • GROUP_NAME: name of the sole-tenant node group to create.

  • MAINTENANCE_POLICY: maintenance policy of the node group. Set to MIGRATE_WITHIN_NODE_GROUP, RESTART_IN_PLACE, or DEFAULT. If no value is specified, DEFAULT is specified for the maintenance policy.

Provisioning a sole-tenant VM

Provision a VM on the node group, and specify the VM's restart behavior. If you previously specified that your node groups restart hosted VMs within the same node group during a maintenance event, then, when you create a new VM instance on that node group, specify that the new VM do one of the following:

  • Migrate after a restart due to a maintenance event.

  • Stop and then restart on the same host. If the same host is not available, a new server is provisioned, and the physical ID of the previous host is not reused.

Console

If you used node affinity labels, you can create multiple VMs by using managed instance groups and specifying the node affinity labels under Sole Tenancy settings, or, create individual VMs from the node group details page:

  1. In the Google Cloud Console, go to the Sole-tenant nodes page.

    Go to the Sole-tenant nodes page

  2. Click the Name of the node group to provision a VM on.

  3. Create a VM on a sole-tenant node by doing one of the following:

    • To create a VM anywhere in the sole-tenant node group, click Create instance.

    • To create a VM on a specific sole-tenant node, click the Name of a sole-tenant node group, then click the Name of a sole-tenant node, then click Create instance.

  4. Configure the sole-tenant VM. Because you already selected your node group or a specific node, the Region, Zone, and Node affinity labels are already specified.

  5. Select a Machine configuration by specifying the Machine family, Series, and Machine type. Choose the Series that corresponds to the sole-tenant node type.

  6. Select the Boot disk for the sole-tenant VM, which is the previously imported virtual disk image.

  7. Select the Management tab, and:

    • Under Availability policy > On host maintenance, select the restart behavior of the VM.

    • Under Automatic Restart, select On (recommended) or Off.

  8. Click Create.

gcloud

Provision a sole-tenant VM on a sole-tenant node group by using the gcloud compute instances create command.

gcloud compute instances create VM_NAME \
  --machine-type MACHINE_TYPE
  --image IMAGE_NAME \
  --zone ZONE \
  --node-group GROUP_NAME \
  RESTART_BEHAVIOR \
  --maintenance-policy MAINTENANCE_POLICY

Replace the following:

  • VM_NAME: name of the VM to create.

  • MACHINE_TYPE: machine type for the new VM.

  • IMAGE_NAME: image to create a VM from. This is the image created during the import process.

  • ZONE: zone to create the VM in.

  • GROUP_NAME: name of the node group to provision the VM on.

  • RESTART_BEHAVIOR: restart behavior of this VM, set to either --restart-on-failure or --no-restart-on-failure.

  • MAINTENANCE_POLICY: VM behavior during maintenance events, set to either MIGRATE or TERMINATE.

API

Provision a sole-tenant VM on a sole-tenant node group by using the instances.insert method.

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/VM_ZONE/instances

{
  "name": "VM_NAME",
  "machineType": "/zones/MACHINE_TYPE_ZONE/machineTypes/MACHINE_TYPE",
  "scheduling": {
    "nodeAffinities": [
      {
        "key": "node-group",
        "operator": "IN",
        "values": [
        "GROUP_NAME"
        ]
      }
    ],
    "onHostMaintenance": "MAINTENANCE_POLICY",
    "automaticRestart": "AUTOMATIC_RESTART"
  },
  "networkInterfaces": [
    {
     "network": "/global/networks/NETWORK",
     "subnetwork": "/regions/region/subnetworks/SUBNETWORK"
    }
  ],
  "disks": [
    {
      "boot": true,
      "initializeParams": {
        "sourceImage": "/projects/IMAGE_PROJECT/global/images/family/IMAGE_FAMILY"
       }
    }
  ]
}

Replace the following:

  • PROJECT_ID: ID of the project to create the VM in.

  • VM_ZONE: zone to create the VM in.

  • VM_NAME: name of the new VM.

  • MACHINE_TYPE_ZONE: zone containing the machine type.

  • MACHINE_TYPE: machine type to provision the VM on.

  • GROUP_NAME: name of the node group to provision the VM on.

  • MAINTENANCE_POLICY: VM behavior during maintenance events, set to either MIGRATE or TERMINATE.

  • AUTOMATIC_RESTART: specifies whether the VM is automatically restarted if Compute Engine stops the VM. The default value is true.

  • NETWORK: name of the network to connect the VM to.

  • SUBNETWORK: name of the subnetwork to connect the VM to.

  • IMAGE_PROJECT: image project containing the source image.

  • IMAGE_FAMILY: image family of the source image.

What's next