Achieving Escape Velocity with Pivotal Cloud Foundry 2.0

December 22, 2017 Jared Ruckle

Breaking free from decades of “business-as-usual” in the enterprise isn’t easy. You have to overcome the pull of technical debt and employee turnover. Mergers and acquisitions happen. And while you wrestle with all that, open source tech regularly upends the world.

But if this month’s SpringOne Platform taught us anything, it’s this: big companies are making it happen. They are transforming how they build software. And they use Pivotal Cloud Foundry to do it. Powered by a highly automated platform, these adopters release code to production thousands of times a month.

Where do you go from here? If you’ve partnered with Pivotal, you need more ways to go faster. You’re a visionary that wants to inject speed into more areas of your business.

Are you just starting your journey? Awesome. We have good news: you can learn from your peers. SpringOne was packed with best practices, case studies, and useful patterns. There’s never been a better time to modernize how you build software.

Pivotal Cloud Foundry 2.0 will delight both camps. PCF 2.0, announced a few weeks ago, is now GA. Get the bits on the Pivotal Network.

The upshot: PCF now includes many abstractions with shared promises striped across each runtime.

Any app, every cloud, one platform. We offer you the right tool for the job, namely:

  • PAS, a runtime for apps. This delivers the best experience for your Java, .NET, and Node.js apps.

  • PKS, a runtime for containers. PKS, based on Kubernetes, is now available to select customers. Use it to run developer-built containers, and workloads like Elasticsearch and Apache Spark. Talk to your account team for access!

  • PFS, a runtime for functions. This is coming next year (contact us for early access). In the meantime, check out project riff on Github; this is the open source foundation for PFS.

  • Services Marketplace. Your software doesn’t live alone. You need to extend it, secure it, observe it. And you want to use the biggest names in tech to do all this. The Services Marketplace has you covered!

Like most other leaders, you’re constantly assessing the health of your most important apps. You’re planning your application roadmap. PCF 2.0 was built for your current software estate and your most important greenfield projects. It’s a secure, highly available platform that works on any cloud. And that’s why the biggest companies in the world run their apps and containers on Pivotal Cloud Foundry.

OK, enough about the big picture. ‘Tis the season for unwrapping - let’s unpack the release highlights!

Pivotal Container Service (PKS)

Everyone is experimenting with Kubernetes. You’re probably trying to figure out how to operationalize the project, how to make it work for your business. Use PKS! Pivotal teamed up with VMware and Google to help you capitalize on this breakthrough open-source project.

Here are four reasons why you’re going to love PKS:

  • On-demand provisioning. Building a Kubernetes cluster by hand can be hard! With PKS, your environment is ready to go in jiffy. And once you’ve acquired your clusters, PKS helps you to assign them to different tenants, or allocate them to specific use cases that require a separate cluster. Multitenancy in Kubernetes made easy!

  • Easy to operate & administer. Kubernetes is a powerful, but onerous, tool. How do you ensure high availability? How can you apply patches and updates without downtime? And what about scaling? PKS does all of this for you. The secret sauce: BOSH. It’s the same operations toolchain Cloud Foundry customers have used for years to keep their systems online.

  • No proprietary extensions. If you need a container abstraction, you should use a container abstraction! Don’t use extra features that gum up your workflow. PKS is pure Kubernetes. That makes it the ideal service for software that’s packaged as a container. In fact, we’re working to certify software from ISVs like IBM, Github, Crunchy Data and Solace for PKS. We also recommend PKS for popular open source projects like Elasticsearch, Apache Spark, and many other use cases.

  • Constant compatibility. Kubernetes releases new features each quarter; PKS keeps in lock-step with this cadence. We upgrade to the new release shortly after it’s live on Google Kubernetes Engine. Delight your developers with the latest k8s features right away!

There’s plenty of other goodness in PKS (Harbor, a container registry; VMware NSX; and easy access to services from Google Cloud Platform). But don’t take our word for it - PKS is available to select Pivotal customers now. Contact your account team today for access!

Our incredible PKS team gave this informative deep-dive talk at SpringOne Platform.

Windows Server Containers

Pivotal and Microsoft have teamed up to bring Windows Server containers to the world of Cloud Foundry. The fruits of our collective labor, the new PAS for Windows tile, are just about ready. (The bits will be posted in the coming weeks.)

The product supports Windows Server version 1709. And that’s good - no, GREAT news - for .NET teams. PAS for Windows features deeper integration with Microsoft’s new container tech.

That means important PAS capabilities (CPU & network limits, CPU-based autoscaling, CredHub-encrypted service creds, cf ssh) are in play for apps running on Windows. This brings the Windows experience further in-line with the Linux feature set that Cloud Foundry users have long appreciated.

One other quick point: the hard work of running different development frameworks are abstracted away from operators. (It’s the platform’s job to handle this toil.) Apps powered by .NET Core, the Hosted Web Framework - heck, Java too - all "just work." So you can confidently tell your dev teams to use their preferred frameworks. Your apps run on PAS the same way, secure and highly available!

Pivotal and Microsoft are working together on a number of fronts. Check out this post on the Azure blog.

Deeper VMware NSX integration

Customers running PCF atop VMware NSX and vSphere enjoy a fully automated stack. We call this power trio “Developer-Ready Infrastructure.” Just bring your code; everything else is done for you. With PCF 2.0, we’ve made a good thing even better. We’ve extended our PCF+NSX-V work to now include support for NSX-T, the multi-cloud flavor of NSX. To wit:

  • Operations Manager supports NSX-T security groups. The Ops Manager UI and API can can connect to (and work with) an NSX-T manager.

  • Container networking in PAS is integrated with NSX-T. (This works with the small footprint version too). Your containers get an IP on an NSX-T network.

Most PCF customers use container networking policies and application security groups (ASGs) to control how data flows through their deployment. NSX now recognizes these rules. In addition, your InfoSec team can now create NSX policies to enforce the same set of networking rules for your cloud-native and traditional apps! And as Pivotal Cloud Foundry and NSX grow closer together over time, you’ll be able to do this across runtimes and across clouds.

Pivotal and VMware product managers gave a talk on this topic at SpringOne.

Apps Manager Enhancements

You may think of Apps Manager as a nice UI for managing permissions for your development teams. It does that - and so much more. We’ve enhanced the console to with:

  • Additional Spring Boot Actuator integrations. We’ve steadily beefed up the Spring Boot Actuator integration with Apps Manager. In this release, you can see the output of the mappings endpoint.

  • Actuator integration for .NET apps. Steeltoe offers essential microservices patterns for .NET devs. And when you use Steeltoe’s libraries, Apps Manager will show you the health info trace loggers endpoints for your code. Handy!

  • Easy binding to App Autoscaler & Metrics Forwarder. Quickly add and configure autoscaling policies for your apps. Create and bind to an instance of Metrics Forwarder. We've also made it simpler to create or bind to ANY service when you're viewing an application's details.

  • Scheduler integration. Use Apps Manager to set schedules for your Tasks (more on Scheduler below).

PCF Healthwatch, an Operational Dashboard for the Platform

PCF Healthwatch helps operators monitor and understand the current health of the platform. The service tracks the status of key indicators for a given version of PCF. The service constantly looks at the most important parts of PCF, and translates the data into a super-simple visual gauge.  Learn more about PCF Healthwatch in this blog post. [UPDATED Jan 12, 2018]

PCF Healthwatch shows the most important data about the health of your Pivotal Cloud Foundry installation.

Multiple Certificate Keypairs (Plus Mutual TLS in More Places)

In PAS 2.0, we’ve made it easier for you to manage TLS for apps that use custom (or “vanity”) domains. How? By supporting multiple certificate keypairs in the routing tier with Gorouter and HAProxy.

If you use custom domains (which is pretty much everyone), you can now add additional certificates for these domains. Clients that support server name indication (SNI) will receive a TLS certificate specific to the requested custom domain.

We’ve steadily updated more and more PAS components to support mTLS. (It’s a handy way to validate that both the client and the server in a given interaction are approved to fulfill a request. And many regulated industries rely on the protocol for compliance.) In PCF 2.0, the PAS runtime now includes TLS in more places, specifically:

  • HAProxy will now always forward requests to Gorouter over TLS.

  • Ops Manager now configures Director and agent communication over NATS to use TLS.

Another nice enhancement: we’ve extended support for applications to authorize clients using TLS certificates. Now HAProxy can be configured to set the X-Forwarded-Client-Cert HTTP header to enable mutual authentication between applications on PAS and their clients. Previously, the header could only be set by Gorouter (or a load balancer in front of Gorouter), and the feature was not supported when HAProxy was deployed in between them.

IBM Now Supports the IBM Websphere Liberty Buildpack on PCF

IBM has maintained a Websphere Liberty buildpack for a while now. (The Github repo was created in 2013). The big news today: IBM will now support customers using this buildpack in production on Pivotal Cloud Foundry. So if you’ve written Java apps for Liberty today, you can bring them over to PCF. (After all, shouldn’t these apps run on a secure, highly available platform?)

More IaaS Options

Multi-cloud is the default pattern for the modern enterprise. In PCF 2.0, we give you even more choice. Deploy PCF where you want it; it runs the same everywhere. Here’s what’s new in PCF 2.0 when it comes to IaaS targets.

Support for Azure Stack (beta)

What’s Azure Stack? It’s Microsoft’s “extension of Azure, bringing the agility and fast-paced innovation of cloud computing to on-premises environments.” We’ve released a beta version of an Ops Manager appliance designed for Azure Stack. You’ll need to configure Azure Stack-specific settings (like domain, authentication, endpoint prefix). But other than that, PCF will operate the same way you know and love.

Small Footprint PCF in Azure Marketplace

We released a smaller version of PCF a few months back. Now, you can deploy this configuration via the Azure Marketplace. Using PCF atop Azure just got that much easier!

Deploy in AWS China

Ready to go cloud-native in China? You can now run PCF (and other supported products) in this region.

Ops Manager: Role-Based Access Controls, Collocated Errands, SSH Banner Config

Role-Based Access Controls come to Ops Manager

Adding new operators to your PCF deployment? You can now assign them one of 5 roles to choose from. In addition to admin you can select from “Full Control”, “Restricted Control”, ‘Full View”, and “Restricted View”. The full recap of each role is in the documentation.

Collocated Errands Speed Day-to-Day Administration

Ops Manager runs scripts (or errands) often. Performing a backup, a restore, managing tiles - these are all errands. And now, they will start and finish much faster!

Errands are now collocated on a single set of VMs in the PCF deployment. Previously, a new VM would be spun up, and spun down, specifically for each job. Now, you don’t have to wait for the VM to be created - the errand can just execute.

PAS uses this feature; soon other tiles will too. When you click “Apply Changes,” those errands will run much speedier!

Configuring Your Login Banner upon SSH into the BOSH Director

Many compliance requirements often dictate that a “login banner” appear upon a user initiating an SSH session. Operators can now address this stipulation for BOSH Director VMs.

Simply type in the text for a banner while configuring the Ops Manager Director. (It’s usually something like this:  WARNING: Unauthorized access to this system is forbidden and will be prosecuted by law. By accessing this system, you agree that your actions may be monitored if unauthorized usage is suspected.)

Scheduler for PCF: cron for Your Cloud Native Apps

In software development, ad hoc jobs invariably come up. These activities have to be done in order for the larger system to function as desired. That’s where Tasks come in. Need to migrate a database?  Run a batch job? Optimize a search index? Use Tasks in Cloud Foundry.

Scheduler for PCF, recently released, adds automation to Tasks. It’s cron for PCF.

That means you can use Scheduler to make scheduled jobs part of your microservices development cycle.

There’s a good chance you rely on a legacy batch scheduling product today. These tools don’t support cloud-native design patterns and are often roadblocks to rapid delivery of custom code. Use this product, and you have a flexible enterprise scheduler that easily integrates with your modern apps.

Deploy utility functions, batch jobs and other scheduler workloads right alongside your other microservice apps - all while pushing to PAS.

Services Roundup: MySQL, Spring Cloud Services, & Concourse

The Pivotal services teams have been busy too! Here’s a look at the most important updates from some of our flagship services.

MySQL 2.2 introduces Leader/Follower

Operators can now offer their developers MySQL instances in a leader-follower, multi-AZ configuration. This feature can dramatically increase the availability of your database. Here’s how it works.

When a developer creates a leader-follower service instance, the on-demand broker deploys two MySQL VMs in two separate availability zones (AZs). Any data that is written to the leader is asynchronously replicated to the follower. If there’s an issue, operators can quickly failover and send application traffic to the follower. All the while, Ops teams can monitor leader-follower instances with replication metrics.

Spring Cloud Services 1.5: Configurable Data Services & CredHub Integration

Spring Cloud Services (SCS) hosts essential data about your microservices. It’s only natural, then, to want more control over where this data resides. So, SCS 1.5 allows you to configure service names and plans when creating:

  • Service broker MySQL database and RabbitMQ queues

  • Circuit Breaker Dashboard service RabbitMQ queues

What’s more, you can use the Pivotal-managed options, or bring your own.

We’ve talked a lot about CredHub in this space. This innovative credential management is becoming a bigger and bigger part of the platform. Spring Cloud Services is one of the first services to store service instance credentials in CredHub. Even better - client applications with updated SCS Connectors automatically resolve credentials stored in CredHub.

Just getting started with Spring Cloud Services? Watch this overview from SpringOne Platform to get up to speed.

Concourse for PCF: Multi-pipeline Dashboard

Power users of Concourse want easy visibility across all their pipelines. In this version of Concourse, we’ve added multi-pipeline dashboards. Now you can see across dozens of pipelines instantly. The underpinnings of the service have been improved to handle multi-tenant and multi-pipeline deployments as well.

View development progress with multi-pipeline dashboards in Concourse.

Speed Thrills

We’re reminded of this eminently quotable quote from Eric Pearson, CIO of IHG:

The journey for an enterprise to become good at software is certainly more difficult than that of a startup. But it can be more rewarding, as any SpringOne Platform speaker will tell you. And thanks to the innovations of Pivotal Cloud Foundry 2.0, becoming one of the fast has never been easier.

Ready to try out PCF 2.0? Check out Small Footprint PCFPCF Dev, or spin up a free trial on Pivotal Web Services.

About the Author

Jared Ruckle

Jared works in product at Pivotal.

Follow on Twitter More Content by Jared Ruckle
Previous
Software Trends for 2018
Software Trends for 2018

Some of the smartest minds in tech look ahead at what 2018 holds for software itself, as well as some of th...

Next
Infrastructure as Code is Not Enough: Comparing BOSH, Ansible, and Chef - Part 2
Infrastructure as Code is Not Enough: Comparing BOSH, Ansible, and Chef - Part 2

A comparison of BOSH, Ansible, and Chef examines whether there is a single tool that can provide everything...