Understanding AWS Tenancy
October 16, 2017When it comes to deploying EC2 instances within Amazon Web Services VPCs, you may find yourself confused when presented with those tenancy options. This post aims to describe the different options that you have with AWS tenancy and how they might be used.
First and foremost, what do we mean by tenancy? Well, tenancy determines who is the owner of a resource. It might be easiest to think of tenancy in terms of housing. For instance if you have a house then you could consider it a dedicated tenant since only one family presumably lives there. However, if you have an apartment building, there is a good chance that several families have rooms in a single building which would be more like a shared tenancy model.
AWS provides a few options for tenancy including dedicated or the default type of shared. These models work in a very similar fashion to the housing example above. Shared tenancy means that multiple EC2 instances from different customers may reside on the same piece of physical hardware. The dedicated model means that your EC2 instances will only run on hardware with other instances that you’ve deployed, no other customers will use the same piece of hardware as you.
Shared Tenancy – Default
The default tenancy model is the one most commonly used with AWS. Multiple customers will share the same pieces of hardware even though they don’t interact with each other. Remember that underneath the covers in AWS, there is a physical host with a hypervisor running on it to handle the virtualization of CPU, Memory, Storage etc. Customers will choose to deploy a new EC2 instance and AWS fits that instance onto the appropriate physical host and isolate it from other customers even if they’re sharing the same physical resources. This is generally the option that you will want to use unless you have regulatory compliance or licensing restrictions causing you to pick a dedicated model. The shared tenancy model is also the cheapest option for running your EC2 instances.
Dedicated Tenancy
As mentioned previously, dedicated tenancy ensures that your EC2 instances are run on hardware specific to your account but comes at a price. AWS usually focuses on driving down costs to operate their data centers and providing you your own isolated hosts to use makes that difficult. The result is that different charges need to be added to make it worthwhile to offer to their customers. Now, you might be asking why you’d want to use a dedicated tenancy model when there are pricing complications associated with them. In some cases due to licensing restrictions some software isn’t allowed to be run on a shared tenancy model. For instance if you’re trying to use Bring Your Own License (BYOL) to AWS, some licenses are based on the Socket model where the number of hosts sockets are used for licensing. In other circumstances, regulatory compliance may dictate that you can’t use the shared model. HIPAA up until earlier this year required dedicated tenancy to ensure data confidentiality. This restriction has since been removed.
There are two different options for dedicated tenancy with AWS: Dedicated Hosts and Dedicated Instances.
Dedicated Hosts
With a dedicated host, you purchase an entire physical host from AWS and that host is billed to you on an hourly basis just like EC2 instances are billed. Once you’ve purchased that host, you’re allowed to spin up as many EC2 instances as that host will allow for no additional charges. This might seem a lot like how you would manage an on-premises solution like vSphere. You buy and license the host and then you can move your instances on it until it’s full. Dedicated hosts have a few considerations that you should be aware of to ensure the proper usage and cost reductions.
You may not mix EC2 instance types on the same dedicated host – If you purchase a dedicated instance you must decide what type of instance that you will be placing on it. For example you would purchase an m4.large host meaning that you could put as many m4.large instances on that host that you want up to the maximum (22 as of this writing) but you are not allowed to add m3.large or m4.xlarge for example. If you want to add m4.xlarge instances on dedicated hosts then you must purchase another dedicated host.
You are responsible for waste – As with the previous example, you’ll be paying for the entirety of the dedicated host. It does not make sense to purchase a dedicated host to run a single VM and leave 21 additional slots available that are unused. You’ll pay for the whole host so if you aren’t fully utilizing them, you’re wasting money.
Each host type has different maximums – Since each EC2 instance type has a different amount of CPU, Memory and storage, the dedicated hosts will offer different maximums by instance type. The current breakdown for m4 and m3 dedicated hosts are shown below but be aware that they are subject to change. Please check the latest AWS documentation for up to the minute changes.
| Instance Type | large | xlarge | 2xlarge | 4xlarge | 8xlarge | 10xlarge | 16xlarge |
|---|---|---|---|---|---|---|---|
| m3 | 16 | 8 | 4 | - | - | - | - |
| m4 | 22 | 11 | 5 | 4 | - | 1 | 1 |
Primary Use Cases – In addition to the compliance purposes, dedicated hosts are used for licensing purposes when the license model requires you to use sockets or cores. Specifically this option is most often used with Microsoft BYOL situations where the customer doesn’t have Software Assurance or the product doesn’t have license mobility. Since you can control the placement of workloads and ensure the socket count is being properly maintained, this option can be used. Also, if you fill the host to capacity, this option may be cheaper than the shared tenancy model but you must manage that capacity wisely.
Dedicated Instances
With a dedicated instance, you’re still receiving the benefits of having separated hosts from the rest of the AWS customers but you are not paying for the entire host all at once. You do not need to worry about the capacity of the hosts but you’re being charged a higher rate for the instances. This type of instance model is similar to the default model where you don’t worry about where the instances are, but it does ensure they’re kept separate. In addition to the higher rate that you’re charged for dedicated instances, you’re also charged a $2 per hour charge per region where dedicated instances are being used. You should be aware though, that even though the instances are on dedicated hardware, if they are using Elastic Block Storage (EBS) devices, they will be on shared hardware. The dedicated instance tenancy doesn’t include their virtual disks unless you choose instance storage.
The following table shows the price differences between some m3 and m4 instances using the default tenancy or the dedicated instance tenancy in AWS.
| Instance Type | vCPU | ECU | Memory (GiB) | Default Tenancy -OnDemand | Dedicated Instance -OnDemand |
|---|---|---|---|---|---|
| m4.large | 2 | 6.5 | 8 | $0.1 per Hour | $0.11 per Hour |
| m4.xlarge | 4 | 13 | 16 | $0.2 per Hour | $0.22 per Hour |
| m4.2xlarge | 8 | 26 | 32 | $0.4 per Hour | $0.44 per Hour |
| m4.4xlarge | 16 | 53.5 | 64 | $0.8 per Hour | $0.88 per Hour |
| m4.10xlarge | 40 | 124.5 | 160 | $2 per Hour | $2 per Hour |
| m4.16xlarge | 64 | 188 | 256 | $3.2 per Hour | $3.2 per Hour |
| m3.medium | 1 | 3 | 3.75 | $0.067 per Hour | $0.074 per Hour |
| m3.large | 2 | 6.5 | 7.5 | $0.133 per Hour | $0.146 per Hour |
| m3.xlarge | 4 | 13 | 15 | $0.266 per Hour | $0.293 per Hour |
| m3.2xlarge | 8 | 26 | 30 | $0.532 per Hour | $0.585 per Hour |
Dedicated Instances Use Cases – Dedicated instances might be used if you have compliance reasons that require that hosts are not shared between customers, but you don’t want to manage all of the hosts. This model can be used with BYOL options for anything licensed by the user such as Windows Desktops operating systems or MSDN as examples. The use of dedicated instances does not require License Mobility or Software Assurance. The biggest note though is that Microsoft Server licenses do not support the BYOL model here. You must purchase the licenses with the instance if you plan to use them here.
Summary
The figure below should provide a good overview of the main differences between the tenancy models. Shared will include your instances with other customers while the dedicated model ensures that only your instances will run on those hosts. Dedicated hosts are entire hosts of different sizes that are available for you to fill up as you need while dedicated instances are similar to the shared model without other customers.
Great job, highly appreciated the explanation and use cases.
Great Explanation , much appreciated
What happens if the physical host we are using goes down?
Not the AZ just the physical host in the data centre goes down. What happens?
I believe the EC2 instances can be restarted on another host if there is a host failure. This could be automated as well by checking the hosts status and writing a lambda function.
That’s a concern and makes me think that you need to have two hosts instead of just one so you can make it resilient. If your project requires eight instances, maybe you can balance the number of instances on the two hosts, have them all in AutoScaling and an LB on top of it. It can be an alternative.
good explanation, well done !
Really Wonderful…Awesome Sir
Great! At last I have clear picture now.
This is probably one of the best explanations I have seen so far on the subject. However, although well explained there is still a grey area for me. Specifically, the dedicated instance has a major gap in understanding on my side. Your explanation is well understood with regard to the dedicated host and how the capacity varies based on the instance type. The use case and cost-based rationale also makes sense. The dedicated instance I am still struggling with understanding how the cost is consumed when I am only paying for per se one slot of potentially 22 slots (slots… used to reference instance capacity). If I have compliance requirements for isolation and I am willing to pay the up-charge for this instance isolation, the $2 up-charge obviously does not cover the cost of the unused other 21 slots. I am aware that’s a worry for Amazon, but it just leads me to believe it would be hard to ensure real isolation with that business model and meet the SLA demands for dedicated instance. I am also missing and understanding of varying instance types with regard to dedicated instances. Your explanation was clear that a dedicated host is basically single instance type. Are the dedicated instances isolated by instance types? Specifically I am asking if I am isolating an m4.large, does that mean my dedicated instance is being hosted on a dedicated host for m4.large only with further assumption that my one or two dedicated instances are the only instances allocated on this host (assuming dedicated host)?
Thanks you for your explanation. Good job