As part of the Google Compute Engine (GCE) platform, Google Cloud offers sole-tenant nodes (STNs), which are physical VM host servers that are dedicated to your GCP project. With STNs, rather than leasing individual VM compute resources, you are effectively leasing an entire host server and run as many VMs as the server can support. More information about sole-tenant nodes is available from Google Cloud.
One of the key advantages of STNs is the support for bring your own licensing (BYOL) for Microsoft products. With BYOL, customers can use their eligible Microsoft licenses on Google Cloud VMs and do not have to pay licensing costs for the Windows OS as part of GCP compute charges. More information about BYOL is available from Google Cloud.
itopia CAS now supports deploying VMs on sole-tenant nodes and, optionally, configuring BYOL parameters for those VMs. This article provides details on how to configure STN support in itopia CAS and how to configure BYOL.
About Bring Your Own License
In order to enable bring your own license (BYOL) in Google Cloud, you must use VM images that are specifically configured for BYOL. The standard Windows Server images that are available in Google Cloud are not compatible with BYOL; even if you deploy these images to sole-tenant nodes, you will still incur GCE compute costs for the OS license. You must import custom images that are specifically configured for BYOL; review the process for creating a BYOL OS image in Google Cloud, available here.
itopia provides "vanilla" BYOL images for Windows Server 2016 and Windows Server 2019; these images are visible in the Boot Disk Image list when you enable Use sole-tenant for this Collection Pool. These images are not activated and you must provide either KMS or MAK configuration to activate them using your own licensing.
Configure Sole-Tenant Node Support in CAS
It is important to note that itopia CAS does not configure sole-tenant nodes in Google Cloud. You must first configure sole-tenant nodes and node groups within your GCP project and then enable STN support in CAS.
NOTE: Sole-tenant nodes can incur significant costs if they are not correctly implemented or utilized. Please be sure you understand sole-tenant nodes and have designed your environment to leverage them correctly.
STN support in CAS is available in three areas:
Sole-tenant node support must be enabled for the CAS deployment
Within each region of the deployment, a default STN node group should be specified
Within each Collection Pool, you can choose the STN node group for the User Session Servers or can disable STN use for that Collection Pool entirely
Enable sole-tenant nodes in your deployment
Follow the steps below to enable sole-tenant support in your CAS deployment.
1. Log into CAS as a user with Deployment Owner or higher privileges. Navigate to Settings > Sole-tenant nodes.
2. On the Sole-Tenant Nodes page, enable Enable support for Google Cloud Sole-Tenant Nodes. You must also select a Maintenance Policy; these options are described in Google's documentation.
3. Optionally, you can enable Configure Licensing for Windows OS. If you are using Group Policy Objects or a similar, you do not need to use this feature. However, if you do not have an alternative method of configuring licensing options, you can enable this option and either provide a Multiple Activation Key (MAK) or a KMS Server address; CAS will configure each VM it creates on STN with these settings.
4. Click Save.
Configure Sole-Tenant Settings per Region
After sole-tenant support has been enabled at the deployment level, you may configure STN settings for each region in your CAS deployment.
1. Navigate to Settings > Regions.
2. For each region that you would like to configure sole-tenant nodes, expand the region configuration. You will see a new section called Sole-Tenant Configuration. CAS will query your GCP project and list all available sole-tenant node groups in this region. Select the sole-tenant node group that you wish to assign to the region and click Save.
3. Click Save.
Configure Sole-Tenant Settings for a Collection Pool
When you create a new Collection Pool, you will see additional settings for the sole-tenant node.
1. Navigate to Cloud Desktops > Collection Pools. Click Create
2. Configure the Collection Pool as you normally would. In the Sole-Tenant section, enable Use sole-tenant for this Collection Pool.
3. In the Regions section, click Add Region.
4. In the Region configuration, select a region to include in this Collection Pool. In the Sole-Tenant Configuration section, select whether to use the region's default Sole-Tenant Node Group or to specify a different node group.
5. Click Save.
6. If you have a multi-region deployment and wish to configure more regions for the Collection Pool, repeat steps 3-5.
7. When using sole-tenant nodes, you can only configure custom machine types for your Session Hosts. Depending on the sole-tenant node class you have configured, your machine type will be, for example, n2-custom or e2-custom. Select the appropriate machine type and specify the vCPU cores and RAM for each Session Host.
8. When using sole-tenant nodes, your Collection Pool will be able to use custom images that you have configured for BYOL. You may also use standard (non-BYOL) images, but you may incur additional compute charges from GCP for the OS license.
9. Continue configuring the Collection Pool as you normally would, and then click Create.
Limitations and Considerations for Sole-Tenant Nodes in CAS
When planning sole-tenant node use in CAS deployments, please consider the following:
Currently, the CAS admin portal does not support configuring STN support in the deployment wizard. Therefore, your infrastructure servers (RD Brokers, RD Gateways, and domain controllers) cannot be deployed to sole-tenant nodes. Once the deployment is created, you can configure STNs in your CAS deployment; any new Collection Pools you configure with STN will create their User Session Servers on your sole-tenant nodes. A future release of the CAS admin console will allow configuring STNs during the provisioning process and will include infrastructure servers on your sole-tenant nodes.
CAS does not support affinity labels for sole-tenant node groups.