Fotolia

Google adds single-tenant VMs for compliance, license cares

Google continues its quest to be a more enterprise-friendly cloud, as it adds VMs with isolated hardware that could help companies with specific legacy requirements.

Google's latest VM runs counter to standard public cloud frameworks, but its added flexibility checks off another box for enterprise clients.

Google Cloud customers can now access sole-tenant nodes on Google Compute Engine. The benefits for these single-tenant VMs, currently in beta, are threefold: They reduce the "noisy neighbor" issue that can arise on shared servers; add another layer of security, particularly for users with data residency concerns; and make it easier to migrate certain on-premises workloads with stringent licensing restrictions.

The public cloud model was built on the concept of multi-tenancy, which allows providers to squeeze more than one account onto the same physical host, and thus operate at economies of scale. Early customers happily waived some of those advantages of dedicated hardware in exchange for less infrastructure management and the ability to quickly scale out.

But as more traditional corporations adopt public cloud, providers have added isolation capabilities to approximate what's inside enterprises' own data centers, such as private networks, virtual private clouds and bare-metal servers. Single tenancy applies that approach down to the hardware level, while maintaining a virtualized architecture. AWS was the first to offer single-tenant VMs with its Dedicated Instances.

Customers access Google's single-tenant VMs the same way as its other compute instances, except they're placed on a dedicated server. The location of that node is either auto-selected through a placement algorithm, or customers can manually select the location at launch. These instances are customizable in size, and are charged per second for vCPU and system memory, as well as a 10% sole-tenancy premium.

Multi-tenant vs. single-tenant VMs
Multi-tenant vs. single-tenant instances

Single-tenant VMs another step for Google Cloud's enterprise appeal

Google still lags behind AWS and Microsoft Azure in public cloud capabilities, but it has added services and support in recent months to shake its image as a cloud valued solely for its engineering. Google must expand its enterprise customer base, especially with large organizations in which multiple stakeholders sign off on use of a particular cloud, said Fernando Montenegro, a 451 Research analyst.

Not all companies will pay the premium for this functionality, but it could be critical to those with compliance concerns, including those that must prove they're on dedicated hardware in a specific location. For example, a DevOps team may want to build a CI/CD pipeline that releases into production, but a risk-averse security team might have some trepidations. With sole tenancy, that DevOps team has flexibility to spin up and down, while the security team can sign off on it because it meets some internal or external requirement.

"I can see security people being happy that, we can meet our DevOps team halfway, so they can have their DevOps cake and we can have our security compliance cake, too," Montenegro said.

I can see security people being happy ... our DevOps team ... can have their DevOps cake and we can have our security compliance cake, too.
Fernando Montenegroanalyst, 451 Research

A less obvious benefit of dedicated hardware involves the lift and shift of legacy systems to the cloud. A traditional ERP contract may require a specific set of sockets or hosts, and it can be a daunting task to ensure a customer complies with licensing stipulations on a multi-tenant platform because the requirements aren't tied to the VM.

In a bring-your-own-license scenario, these dedicated hosts can optimize customers' license spending and reduce the cost to run those systems on a public cloud, said Deepak Mohan, an IDC analyst.

"This is certainly an important feature from an enterprise app migration perspective, where security and licensing are often top priority considerations when moving to cloud," he said.

The noisy neighbor problem arises when a user is concerned that high CPU or IO usage by another VM on the same server will impact the performance of its own application, Mohan said.

"One of the interesting customer examples I heard was a latency-sensitive function that needed to compute and send the response within as short a duration as possible," he said. "They used dedicated hosts on AWS because they could control resource usage on the server."

Still, don't expect this to be the type of feature that a ton of users rush to implement.

"[A single-tenant VM] is most useful where strict compliance/governance is required, and you need it in the public cloud," said Abhi Dugar, an IDC analyst. "If operating under such strict criteria, it is likely easier to just keep it on prem, so I think it's a relatively niche use case to put dedicated instances in the cloud."

Dig Deeper on Cloud app development and management