Oracle Cloud Infrastructure Documentation

Dedicated Virtual Machine Hosts

The Oracle Cloud Infrastructure Compute service's dedicated virtual machine host feature provides you with the ability to run your Compute virtual machine (VM) instances on dedicated servers that are a single tenant and not shared with other customers. This enables scenarios where you have compliance and regulatory requirements for isolation that prevent you from using shared infrastructure.

Support and Limitations

When you create a dedicated virtual machine host, you select a shape for the host, see Dedicated Virtual Machine Host Shapes for the available shapes and shape details for dedicated virtual machine host. Note that there is a difference between the number listed for billed OCPUs compared to available OCPUs, this is because four OCPUs are reserved for virtual machine management.

You are billed for the dedicated virtual machine host as soon as you create it, but you are not billed for any of the individual VM instances you place on it. You will still be billed for image licensing costs if they apply to the image you are using for the VM instances.

For instances launched on a dedicated virtual machine host, all of the VM.Standard2 shapes are supported, for details about these shapes, see VM Shapes. Most of the Compute service features for VM instances are supported for instances running on dedicated virtual machine hosts, however the following features are not supported:

  • Instance configurations

  • Instance pools

  • Autoscaling

Reboot migration is also not supported for dedicated virtual machine hosts, in this scenario, you need to manually migrate the instance. See Moving an Instance with Manual Migration for this process.

You can mix VM instances with different shapes on the same dedicated virtual machine host. This may impact the maximum number of instances you can place on the dedicated virtual machine host, for more information see Optimizing Capacity on your Dedicated Virtual Machine Host.

Managing Dedicated Virtual Machine Hosts

Required IAM Policy

To use Oracle Cloud Infrastructure, you must be given the required type of access in a An IAM document that specifies who has what type of access to your resources. It is used in different ways: to mean an individual statement written in the policy language; to mean a collection of statements in a single, named "policy" document (which has an Oracle Cloud ID (OCID) assigned to it); and to mean the overall body of policies your organization uses to control access to resources. written by an administrator, whether you're using the Console or the REST API with an SDK, CLI, or other tool. If you try to perform an action and get a message that you don’t have permission or are unauthorized, confirm with your administrator the type of access you've been granted and which A collection of related resources that can be accessed only by certain groups that have been given permission by an administrator in your organization. you should work in.

For administrators: The simplest policy to enable users to work with dedicated virtual machine hosts is listed in Let users manage Compute dedicated virtual machine hosts. It gives the specified group general access to launching instances on and managing dedicated virtual machine hosts.

See Let users launch Compute instances on dedicated virtual machine hosts for an example of a policy that allows users to launch instances on dedicated virtual machine hosts without giving them full administrator access to dedicated virtual machine hosts.

Creating a Dedicated Virtual Machine Host

You need to create a dedicated virtual machine host before you can place any instances on it. When creating the dedicated virtual machine host, you select an availability domain and fault domain to launch it in. All the VM instances you place on the host will subsequently be created in this availability domain and fault domain. You also select a compartment when you create the dedicated virtual machine host, but you can move it to a new compartment later without impacting any of the instances placed on it. You can also create the instances in a different compartment than the dedicated virtual machine, or move them to difference compartments after they have been launched.

To create a dedicated virtual machine host using the Console
To create a dedicated virtual machine host using the CLI

Deleting a Dedicated Virtual Machine Host

To delete a dedicated virtual machine host using the Console
To delete a dedicated virtual machine host using the CLI

Using the API

For information about using the API and signing requests, see REST APIs and Security Credentials. For information about SDKs, see Software Development Kits and Command Line Interface.

Use the following operations for working with dedicated virtual machine hosts:

Instances on Dedicated Virtual Machine Hosts

Placing an Instance on a Dedicated Virtual Machine Host

You place an instance on a dedicated virtual machine host at the time that you create the instance. The steps are the same as creating a regular instance, you just need specify that you want to create the instance on a dedicated virtual machine host when you create the instance. See Creating an Instance for the steps to create an instance. Once you get to the Advanced Options section of the form, using the following steps to place the instance in a dedicated virtual machine host.

To place an instance on a dedicated virtual machine host using the Console

If you're using the CLI or REST API to create the instance, you just need to pass the dedicated virtual machine host OCID in the optional parameter dedicatedVmHostId when you use the LaunchInstance operation. If you try to launch an instance with a shape requiring more capacity than what is available on the dedicated virtual machine host you are trying to place it on, the launch operation will fail. To avoid this you can use the ListDedicatedVmHosts operation and pass the shape you want to use when launching the instance in the InstanceShapeNameQueryParam parameter. This will return all the dedicated virtual machine hosts that you can place the instance in.

The following example demonstrates how to call this operation in the CLI to return all the dedicated virtual machine hosts with sufficient capacity for you to place an instance launched using the VM.Standard2.16 shape:

compute dedicated-vm-host list --compartment-id <compartment_ID> --instance-shape-name VM.Standard2.16

Auditing your Dedicated Virtual Machine Host

To fully meet requirements for some compliance scenarios you may be required to validate that your instances are running on a dedicated virtual machine host and not using shared infrastructure. The Oracle Cloud Infrastructure Audit service provides you with the functionality to do this. Use the steps described in the Viewing Audit Log Events to access the log events for the dedicated virtual machine host.

The steps described in the To search log events section walk you through how to retrieve the log events with the data you need to verify that your instances are running on a dedicated virtual machine host. For this procedure:

  • Ensure that you select the dedicated virtual machine host's compartment and not the compartment for the instances hosted on it.

  • Use the dedicated virtual machine host's OCID as the search keyword.

Once you have retrieved the log events for the dedicated virtual machine host, view the log event lower-level details, and check the contents of the responsePayload property. This property should contain the OCIDs for the instances running on the dedicated virtual machine host.

Optimizing Capacity on your Dedicated Virtual Machine Host

When you place an instance on a dedicated virtual machine host, Oracle Cloud Infrastructure launches them in a manner to optimize performance. For example, a dedicated virtual machine host created based on the DVH.Standard2.52 shape has two sockets with 24 cores configured per socket. Instances are placed so that each instance will only use resources local to a single physical socket. In scenarios where you are creating and terminating instances with a mix of shapes, this can result in inefficient distribution of resources, meaning that not all OCPUs on a dedicated virtual machine host are available to be used. In this scenario, it may appear that a dedicated virtual machine has enough OCPUs to launch an additional instance on it, but the instance will fail to launch because of their distribution.

In this example, if you are launching instances using a shape with 16 OCPUs on a dedicated virtual machine host, you can only launch a maximum of two instances using that shape, you cannot launch a third instance with 16 OCPUs, even though the remaining number of OCPUs showing for the dedicated virtual machine host is 16. You can launch additional instances using shapes with a smaller number of OCPUs.

When designing your cloud footprint, we recommend that you plan to always launch the largest instance first.