Moving Microsoft to AWS: the licensing issues

15. 11. 2019

PART 2: Dedicated Hosts or Dedicated Instances?

Part 1 of our Guide explained the requirement for customers to use dedicated hardware for their move to AWS, unless software assurance were in place. In this Part, we consider this more closely particularly in the context of what Amazon offers, ‘Dedicated Hosts’ and ‘Dedicated Instances’, its customers.

Basic position

Microsoft confirms the position that using AWS is no different to using a traditional outsourcer. Even without Microsoft software assurance (see later in this Series), AWS’s dedicated hosts can, according to Amazon, be used:

‘Using Amazon EC2 Dedicated Hosts, you can access hardware fully dedicated to your use. This makes it possible to bring Microsoft software licenses ….’.

What type of ‘dedicated’ devices does AWS offer?

AWS has two defined ‘dedicated’ products:  ‘Dedicated Hosts’ and ‘Dedicated Instances’.

How these are established and run is important because Microsoft customers need to know whether, without software assurance, their existing licenses can be migrated to EC2 with Amazon supplying the necessary ‘Servers and other devices …. fully dedicated to Customer’s use’.

How then are these ‘Dedicated Hosts’ and ‘Dedicated Instances’ described and physically set up by Amazon?

The most reliable definitions, at least legally, are those in AWS Service Terms (last updated November 11, 2019).

Dedicated Instance

This is defined by AWS as ‘…a physically isolated host hardware dedicated to a single customer account (each requested instance, a “Dedicated Instance”)’

AWS Product documentation also confirms this:

‘Dedicated Instances are Amazon EC2 instances that run in a VPC on hardware that’s dedicated to a single customer. Your Dedicated instances are physically isolated at the host hardware level from instances that belong to other AWS accounts. Dedicated instances may share hardware with other instances from the same AWS account that are not Dedicated instances’. [‘Amazon EC2 Dedicated Instances’]

Dedicated Host

The definition here is slightly different: ‘…host hardware physically dedicated to a single customer account (each, a “Dedicated Host”)’

Elsewhere, AWS refers to this host as:

‘An Amazon EC2 Dedicated Host is a physical server with EC2 instance capacity fully dedicated to your use’.  [Amazon EC2 Dedicated Hosts]

Further, in its FAQs, AWS declares:

What is a Dedicated Host?

An Amazon EC2 Dedicated Host (“Dedicated Host” or “host”) is a physical server with EC2 instance capacity fully dedicated to your use.

Is a Dedicated Host a bare metal offering?

No, the instances that run on a Dedicated Host are the same virtualized instances that you’d get with traditional EC2 instances that use the Xen hypervisor.

So, the server is always that of the customer?

Obviously, if something is fully dedicated it implies that the customer has full control of that particular device. But, still, despite AWS’s repeated use of the word ‘dedicated’, it appears that AWS could still swap out the hardware.  Its Service Terms (4.11) has the following reservation:

  • ‘As part of using Amazon EC2, you agree that your Amazon EC2 resources may be terminated or replaced due to failure, retirement or other AWS requirement(s). … THE USE OF AMAZON EC2 DOES NOT GRANT YOU, AND YOU HEREBY WAIVE, ANY RIGHT OF PHYSICAL ACCESS TO, OR PHYSICAL POSSESSION OF, ANY AWS SERVERS, EQUIPMENT, REAL OR PERSONAL PROPERTY, OR OTHER ASSETS’.

This casts some uncertainty as to exactly what control the customer has in AWS’s EC2 environment, even over ‘their’ dedicated hosts.

Although there might be some technical differences, Amazon maintains that the Microsoft licensing position is the same for both:

  • ‘Dedicated infrastructure provides servers that are physically isolated for use by a single customer. Amazon EC2 has two dedicated infrastructure options: Dedicated Hosts and Dedicated Instances. If you bring existing licenses to Dedicated Hosts or Dedicated Instances, then you are using hardware that is fully dedicated to your use. In that case, the outsourcing language within the Microsoft Product Terms applies’.

On this basis, and despite the contractual reservation in Amazon’s favour mentioned above, it is clear that both Microsoft and AWS assume that use of EC2 dedicated hosts or dedicated instances can and does satisfy Microsoft’s requirement that the sever or device is dedicated to the customer.

In practice, which must I use – Dedicated Instances or Dedicated Hosts?

Although either of Dedicated Hosts or Dedicated Instances can satisfy Microsoft’s terms, there is still the issue of license management eg counting numbers of cores etc:

According to Amazon:

What is the difference?

Both offerings provide instances that are dedicated to your use.

However, Dedicated Hosts provide additional control over your instances and visibility into Host level resources and tooling that allows you to manage software that consumes licenses on a per-core or per-socket basis, such as Windows Server and SQL Server.

In addition, AWS Config will keep a record of how your instances use these Dedicated Host resources which will allow you to create your own license usage reports.

 Amazon explains this further:

‘For BYOL license scenarios that are server bound (e.g., Windows Server, SQL Server) and require you to license against the number of sockets or physical cores on a dedicated server, you should use Dedicated Hosts.

For licensing scenarios that are VM, CAL, or user bound and do not require you to license against the number of sockets or physical cores on a dedicated server but require you to run on dedicated infrastructure (e.g., Windows Desktop, SQL Server, Remote Desktop Services, Microsoft Office, and MSDN) you can use Dedicated Instances’.

This table shows the differences:

CharacteristicDedicated InstancesDedicated Hosts
Enables the use of dedicated physical serversxx
Per instance billing (subject to a $2 per region fee)x
Per host billingx
Visibility of sockets, cores, host IDx
Affinity between a host and instancex
Targeted instance placementx
Automatic instance placementxx
Add capacity using an allocation requestx

Accordingly, you will need to look at the type of licensing scenario and then, from the above, know whether you have to use a Dedicated Host or whether there is also the possibility of using Dedicated Instances.

Are AWS’s ‘Dedicated Hosts’ and ‘Dedicated Instances’ sufficient to fall within Microsoft’s conditions?

Certainly AWS considers so:

‘Microsoft BYOL Licensing. Under this option, Amazon EC2 enables you to provision Amazon EC2 instances using your Microsoft Software and Microsoft Licenses (the “BYOL Program”).

Unless otherwise specified in your agreement(s) with Microsoft, you can use this benefit only if you comply with the requirements here, and you (a) use Dedicated Instances or Dedicated Hosts; (b) launch from Virtual Machines (VMs) sourced from software binaries provided by you; and (c) run the instances within your designated AWS regions’.  [AWS Service Terms 4.11]

Its introduction to Microsoft Licensing on AWS also declares:

Your existing licenses may be used on AWS with Amazon EC2 Dedicated HostsAmazon EC2 Dedicated Instances, or EC2 instances with default tenancy using Microsoft License Mobility through Software Assurance.

How does Microsoft explain the position?

Microsoft itself is less forthcoming as to use within AWS but does say, in the context of permitted third party datacenters, thatSome examples include Azure Dedicated Host, Amazon EC2 Dedicated Hosts, VMware Cloud on Amazon Web Services (AWS), and single tenant nodes from Google’.

Its Product Terms make it clear that

‘Any dedicated device that is under the management or control of an entity other than Customer or one of its Affiliates is subject to the Outsourcing Software Management clause’

Can any third party be used?

Formerly, Microsoft was largely agnostic as to the identity of the third party host. However, although a move to AWS is still permitted, the rules are now (from October 2019) much more constricted

Outsourcing Software Management

Customer may install and use licensed copies of the software on Servers and other devices that are under the day-to-day management and control of Authorized Outsourcers, provided all such Servers and other devices are and remain fully dedicated to Customer’s use.

Customer is responsible for all of the obligations under its volume licensing agreement regardless of the physical location of the hardware upon which the software is used.

Except as expressly permitted here or elsewhere in these Product Terms, Customer is not permitted to install or use licensed copies of the software on Servers and other devices that are under the management or control of a third party.

It is important to note that an ‘Authorized Outsourcer’ is different from an ‘Authorized Mobility Partner’. Only Microsoft, Alibaba, Amazon (including VMware Cloud on AWS), and Google are such Authorized Outsourcers; they are also referred to as ‘Listed Providers’.

Relevant details for this are set out here: Updated licensing terms for dedicated hosted cloud services: FAQs

So, it is clear that AWS is, and remains for the time being, an Authorized Outsourcer and so migration of Microsoft BYOL licenses is (subject to conditions) permitted.

In Part 3 of our Guide, we will examine whether and to what extent customers can move to AWS EC2’s shared environments.

Robin Fry,

Cerno Professional Services Ltd

To get in contact with our team you can either Call us on 0207 421 7360 or email us at

Related articles

Moving Microsoft to AWS: the licensing issues



Website Security Test