Oracle Cloud Infrastructure Documentation

Dedicated Virtual Machine Hosts

Dedicated virtual machine hosts let you run Oracle Cloud Infrastructure Compute virtual machine (VM) instances on dedicated servers that are a single tenant and not shared with other customers. Use dedicated virtual machine hosts to meet compliance and regulatory requirements for isolation that prevent you from using shared infrastructure. You can also use dedicated virtual machine hosts to meet node-based or host-based licensing requirements that require you to license an entire server.

Support and Limitations

Shapes and capacity: When you create a dedicated virtual machine host, you select a shape for the dedicated virtual machine host. The shape determines how much capacity is available and what types of instances can be launched on the host. Note that there is a difference between the number listed for billed OCPUs compared to available OCPUs. This is because some OCPUs are reserved for virtual machine management.

When you launch an instance on a dedicated virtual machine host, you can choose any of the VM shapes that are supported for that host.

You can mix VM instances with different supported shapes on the same dedicated virtual machine host. The size of each instance might impact the maximum number of instances that you can place on the dedicated virtual machine host. For more information, see Optimizing Capacity on a Dedicated Virtual Machine Host.

Billing: You are billed for the dedicated virtual machine host as soon as you create it, but you are not billed for any of the individual VM instances you place on it. You will still be billed for image licensing costs if they apply to the image you are using for the VM instances.

Supported features: Most of the Compute features for VM instances are supported for instances running on dedicated virtual machine hosts. However, the following features are not supported:

  • Autoscaling
  • Burstable instances
  • Capacity reservations
  • Changing the shape of an instance
  • Confidential computing
  • Instance pools
  • Reboot migration, live migration, and rebuild-in-place infrastructure maintenance. You can use manual migration instead.

Required IAM Policy

To use Oracle Cloud Infrastructure, you must be granted security access in a policy  by an administrator. This access is required whether you're using the Console or the REST API with an SDK, CLI, or other tool. If you get a message that you don’t have permission or are unauthorized, verify with your administrator what type of access you have and which compartment  to work in.

For administrators: The simplest policy to enable users to work with dedicated virtual machine hosts is listed in Let users manage Compute dedicated virtual machine hosts. It gives the specified group access to launch instances on dedicated virtual machine hosts and manage dedicated virtual machine hosts.

See Let users launch Compute instances on dedicated virtual machine hosts for an example of a policy that allows users to launch instances on dedicated virtual machine hosts without giving them full administrator access to dedicated virtual machine hosts.

Managing Dedicated Virtual Machine Hosts

Creating Dedicated Virtual Machine Hosts

You must create a dedicated virtual machine host before you can place any instances on it.

When creating a dedicated virtual machine host, you select an availability domain and fault domain to launch it in. All the VM instances that you place on the host will subsequently be created in this availability domain and fault domain.

You also select a compartment when you create the dedicated virtual machine host, but you can move the host to a new compartment later without impacting any of the instances placed on it. You can also create the instances in a different compartment than the dedicated virtual machine host, or move them to different compartments after they have been launched.

Using the Console

  1. Open the navigation menu and click Compute. Under Compute, click Dedicated Virtual Machine Hosts.
  2. Click Create dedicated virtual machine host.
  3. Enter a name for the dedicated virtual machine host. It doesn't have to be unique, and you can change it later. Avoid entering confidential information.
  4. Select the compartment to create the dedicated virtual machine host in.
  5. Select the Availability domain for the dedicated virtual machine host.
  6. In the Dedicated host shape section, select the shape to use for the dedicated virtual machine host. To see which VM shapes you can use to create instances on the host, click the down arrow in the row for a host shape.

  7. (Optional) If you want to configure the fault domain or add tags, click Show Advanced Options. Then enter the following information:

    • Fault domain: The fault domain for the dedicated virtual machine host.
    • Tags: Optionally, you can add tags. If you have permissions to create a resource, you also have permissions to add free-form tags to that resource. To add a defined tag, you must have permissions to use the tag namespace. For more information about tagging, see Resource Tags. If you are not sure whether you should add tags, skip this option (you can add tags later) or ask your administrator.
  8. Click Create.

Using the CLI

Open a command prompt and run:

oci compute dedicated-vm-host create --dedicated-vm-host-shape <shape_name> --wait-for-state ACTIVE --display-name <display_name> --availability-domain <availability_domain> --compartment-id <compartment_OCID>

<shape_name> is the shape for the dedicated virtual machine host.

It can take up to 15 minutes for the dedicated virtual machine host to be fully created. It must be in the ACTIVE state before you can launch an instance on it.

To query the current state of a dedicated virtual machine host using the CLI, run the following command:

oci compute dedicated-vm-host get --dedicated-vm-host-id <dedicatedVMhost_OCID>

Using the API

Use the CreateDedicatedVmHost operation.

Deleting Dedicated Virtual Machine Hosts

You can delete a dedicated virtual machine host after you terminate (delete) the instances that are placed on it.

How do I see which instances are placed on a dedicated virtual machine host?

In the Console: Go to the Details page for the dedicated virtual machine host. Then, under Resources, click Hosted Instances. Perform this step for each compartment in your tenancy that has instances running on the dedicated virtual machine host. To change the compartment for the Hosted Instances list, select a different compartment from the Table Scope list.

Using the CLI: To list the instances running on a dedicated virtual machine host, run the following command:

oci compute dedicated-vm-host list --compartment-id <compartment_OCID> --dedicated-vm-host-id <dedicatedVMhost_OCID>

Run this command for every compartment in your tenancy that has instances running on the dedicated virtual machine host that you want to delete.

Using the API: Use the ListDedicatedVmHostInstances operation.

Using the Console

  1. Open the navigation menu and click Compute. Under Compute, click Dedicated Virtual Machine Hosts.
  2. Click the dedicated virtual machine host that you're interested in.
  3. Click Delete, and then confirm when prompted.

Using the CLI

Open a command prompt and run:

oci compute dedicated-vm-host delete --dedicated-vm-host-id <dedicated_VM_host_OCID>

Using the API

Use the DeleteDedicatedVmHost operation.

Instances on Dedicated Virtual Machine Hosts

Placing Instances on a Dedicated Virtual Machine Host

You place an instance on a dedicated virtual machine host at the time that you create the instance.

The dedicated virtual machine host must have sufficient capacity for the shape of instance that you want to create.

How do I know if a dedicated virtual machine host has capacity for an instance?

In the Console, when you create an instance, you can only select from the dedicated virtual machine hosts that have sufficient capacity for the shape that you specify.

You can use the API, CLI, or SDKs to determine which dedicated virtual machine hosts have capacity for a particular shape. Use the ListDedicatedVmHosts API operation, passing the name of the shape that you want to use when launching the instance. For flexible shapes, you can also include the minimum number of OCPUs and amount of memory you want to provision.

The following example demonstrates how to use the CLI to return all the dedicated virtual machine hosts with sufficient capacity for you to place an instance launched using the VM.Standard.E4.Flex shape with 8 OCPUs and 10 GB memory:

oci compute dedicated-vm-host list --compartment-id <compartment_OCID> --instance-shape-name VM.Standard.E4.Flex --remaining-ocpus-greater-than-or-equal-to 8 --remaining-memory-in-gbs-greater-than-or-equal-to 10

For more information, see Optimizing Capacity on a Dedicated Virtual Machine Host.

Using the Console

  1. Follow the steps to create an instance, until the Placement section.
  2. In the Placement section, click Show advanced options.
  3. For Capacity type, select Dedicated host.
  4. Select the dedicated virtual machine host that you want to place the instance on.
  5. Finish configuring the instance, and then click Create.

Using the API

Use the LaunchInstance operation to create the instance, passing the OCID of the dedicated virtual machine host in the dedicatedVmHostId parameter.

Auditing your Dedicated Virtual Machine Host

To fully meet requirements for some compliance scenarios, you might be required to validate that your instances are running on a dedicated virtual machine host and not using shared infrastructure. The Oracle Cloud Infrastructure Audit service provides you with the functionality to do this. Use the steps described in Viewing Audit Log Events to access the log events for the dedicated virtual machine host.

The section on searching log events walks you through how to retrieve the log events with the data you need to verify that your instances are running on a dedicated virtual machine host. For this procedure:

  • Ensure that you select the dedicated virtual machine host's compartment and not the compartment for the instances that are hosted on it.
  • Use the dedicated virtual machine host's OCID as the search keyword.

After you have retrieved the log events for the dedicated virtual machine host, view the log event lower-level details, and check the contents of the responsePayload property. This property should contain the OCIDs for the instances that are running on the dedicated virtual machine host.

Optimizing Capacity on a Dedicated Virtual Machine Host

When designing your cloud footprint, we recommend that you plan to always launch the largest instance first. Here's why:

When you place instances on a dedicated virtual machine host, Oracle Cloud Infrastructure launches the instances in a manner to optimize performance. For example, a dedicated virtual machine host created based on the DVH.Standard2.52 shape has two sockets with 24 cores configured per socket. Instances are placed so that each instance will only use resources that are local to a single physical socket. In scenarios where you are creating and terminating instances with a mix of shapes, this can result in an inefficient distribution of resources, meaning that not all OCPUs on a dedicated virtual machine host are available to be used. It might appear that a dedicated virtual machine host has enough OCPUs to launch an additional instance, but the new instance will fail to launch because of the distribution of existing instances.

Continuing this example, say that you want to launch instances using a shape with 16 OCPUs. On a DVH.Standard2.52 dedicated virtual machine host, you can only launch a maximum of two instances with 16 OCPUs. You cannot launch a third instance with 16 OCPUs, even though the dedicated virtual machine host has 16 remaining OCPUs. You can, however, launch additional instances using shapes with a smaller number of OCPUs.

What this means is, when you're placing an instance on a dedicated virtual machine host, you can only create the instance if the host has sufficient capacity based on the shape of the instance. In the Console, you can only choose from the hosts with sufficient capacity. Similarly, when you place an instance on a dedicated virtual machine host using the API, CLI, or SDKs, the operation will succeed only if the dedicated virtual machine host has sufficient capacity.

If you have a dedicated virtual machine host that doesn't have enough capacity to launch instances, you can do any of the following things:

  • Delete (terminate) instances you no longer need on the dedicated virtual machine host to make capacity available.
  • Choose a different, smaller shape for the instance you are trying to place on the dedicated virtual machine host.
  • Create a new dedicated virtual machine host to place the instance on.

Infrastructure Maintenance for Dedicated Virtual Machine Hosts

Oracle Cloud Infrastructure performs routine data center maintenance on the physical infrastructure for compute instances. This maintenance includes tasks such as upgrading and replacing hardware or performing maintenance that halts power to the host.

Recovering a Dedicated Virtual Machine Host During Planned Maintenance

When an infrastructure maintenance event affects a dedicated virtual machine host, Oracle Cloud Infrastructure schedules a maintenance due date within 7 to 14 days and sends you a notification by email or announcements.

At the time listed in the notification, Oracle Cloud Infrastructure disables all instances running on the dedicated virtual machine host. After 7 days, OCI terminates (deletes) all instances running on the dedicated virtual machine host as part of the repair. The dedicated virtual machine host is also deleted.

To avoid disruption to your workloads, you must manually migrate all affected instances to another dedicated virtual machine host before the scheduled time.

Depending on the type of planned maintenance, you might be able to extend the maintenance due date. The notification indicates whether you can extend the maintenance due date.

Dedicated Virtual Machine Host Recovery Due to Infrastructure Failure

When the underlying infrastructure for a dedicated virtual machine host fails because of software or hardware issues, you must manually migrate all affected instances to another dedicated virtual machine host as soon as possible.

Oracle Cloud Infrastructure notifies you by email or announcements to move the instances to a healthy dedicated virtual machine host within 7 to 14 days, depending on the type of infrastructure failure. If you don't move the instances, Oracle Cloud Infrastructure disables the instances, and then terminates (deletes) the instances within the next 7 days. The dedicated virtual machine host is also deleted. The boot volumes and remote attached data volumes are preserved.

If there aren't any VMs placed on the dedicated virtual machine host, Oracle Cloud Infrastructure deletes the dedicated virtual machine host within 2 days.

You cannot extend the deadline to migrate a dedicated virtual machine host that experiences infrastructure failure.

Moving a Dedicated Virtual Machine Host with Manual Migration

To manually migrate a dedicated virtual machine host, you manually move each instance that is placed on the unhealthy dedicated virtual machine host to a healthy host. This method requires that you create a new dedicated virtual machine host, delete (terminate) any instances that are placed on the original dedicated virtual machine host, and then launch new instances from the retained boot volumes. Instances that have additional VNICs, secondary IP addresses, remote attached block volumes, the Trusted Platform Module (TPM) enabled, or that belong to a backend set of a load balancer require additional steps.

Limitations and Warnings for Manual Migration

Be aware of the following limitations and warnings when performing a manual migration:

  • Any public IP addresses assigned to your instance from a reserved public pool are retained. Any that were not assigned from a reserved public IP address pool will change. Private IP addresses do not change.
  • MAC addresses, CPUIDs, and other unique hardware identifiers do change during the move. If any applications running on the instance use these identifiers for licensing or other purposes, be sure to take note of this information before moving the instance to help you manage the change.
  • Shielded instances have additional limitations. See Migrating Shielded Instances.

Prerequisites for Manual Migration

Perform the following steps for each instance that is placed on the dedicated virtual machine host.

  1. Before moving the instance, document all critical details:

    • The instance's region, availability domain, and fault domain.
    • The instance's display name.
    • All private IP addresses, names, and subnets. Note that the instance can have multiple VNICs, and each VNIC can have multiple secondary IP addresses.
    • All private DNS names. The instance can have multiple VNICs, and each VNIC can have multiple secondary IP addresses. Each private IP address can have a DNS name.
    • Any public IP addresses assigned from a reserved public pool. Note that the instance can have multiple VNICs, and each VNIC can have multiple secondary private IP addresses. Each VNIC and secondary private IP address can have an attached public IP address.
    • Any block volumes attached to the instance.
    • Any tags on the instance or attached resources.

  2. Prepare the instance for manual migration:

    • Ensure that any block volumes defined in /etc/fstab use the recommended options.
    • Ensure that any File Storage service (NFS) mounts use the nofail option.
    • If you have statically defined any network interfaces belonging to secondary VNICs using their MAC addresses, such as those defined in /etc/sysconfig/network-scripts/ifcfg*, those interfaces will not start due to the change in the MAC address. Remove the static mapping.
    • If you use the Oracle-provided script to configure secondary VNICs, ensure it runs automatically at startup.

Moving a Dedicated Virtual Machine Host Manually

After you complete the prerequisites:

  1. Create a new dedicated virtual machine host. Use the same shape as the original dedicated virtual machine host, and create the dedicated virtual machine host in the same fault domain.

  2. For each instance that is placed on the dedicated virtual machine host, do the following:

    Note

    Start with the largest instance first. Moving the largest instance first helps you to optimize capacity on the dedicated virtual machine host.
    1. Stop any running applications.

    2. Ensure that those applications will not start automatically.

      Caution

      When the relocated instance starts for the first time, any block volumes, secondary VNICs, or any resource that relies on them, will not be attached. The absence of these resources can cause application issues.

    3. If the instance uses a dense I/O shape, back up the locally-attached NVMe-based SSD:

      1. Create and attach one or more block volumes to the instance.
      2. Copy the data from the NVMe devices to the block volumes.
    4. Unmount any block volumes or File Storage service (NFS) mounts.
    5. Back up all block volumes.

    6. Create a backup of the boot volume.

      Important

      Do not generalize or specialize Windows instances.

    7. Terminate (delete) the instance, preserving the attached boot volume:

      Using the Console

      Follow the steps in Terminating an Instance, ensuring that the Permanently delete the attached boot volume check box is cleared. This preserves the boot volume that is associated with the instance.

      Using the API

      Use the TerminateInstance operation and pass the preserveBootVolume parameter set to true in the request.

      Using the CLI

      Use the oci compute instance terminate operation and set the preserve-boot-volume option to true.

    8. Create a new instance using the boot volume from the terminated instance. When you create the instance, place it on the new dedicated virtual machine host:

      1. In the Placement section, click Show advanced options.
      2. For Capacity type, select Dedicated host.
      3. Select the dedicated virtual machine host that you want to place the instance on.

      In the create instance flow, specify the private IP address that was attached to the primary VNIC. If the public IP address was assigned from a reserved IP address pool, be sure to assign the same IP address.

    9. When the instance state changes to Running, stop the instance.
    10. Recreate any secondary VNICs and secondary IP addresses.

    11. Attach any block volumes.

      Note

      This step includes any volumes used to back up local NVMe devices. Copy the data onto the NVMe storage on the new instance, and then detach the volumes.
    12. Start the instance.
    13. Start and test any applications on the instance.
    14. Configure the applications to start automatically, as required.
    15. Recreate the required tags.
    16. (Optional) After you confirm that the instance and applications are healthy, you can delete the volume backups.
  3. Repeat the previous step for each instance that is placed on the dedicated virtual machine host.
  4. After you move all instances to the new dedicated virtual machine host, delete the original dedicated virtual machine host.