How do you know you’re getting better at software? The modern enterprise strives to improve five important metrics:
Speed. Are you going faster? Are more of your apps on build pipelines? Your goals are shorter cycle times and more frequent deployments.
Stability. What’s the uptime of your customer-facing apps? Can your internal teams count on a reliable “dial tone” of platform services for their software?
Scale. Do your apps stay online when you need them the most? You want to be comfortable with the resiliency of your apps, even as traffic surges.
Security. How quickly are you patching your systems—platform and apps? Do you know your patch coverage? If it’s not 100%, it’s a risk to the business.
Savings. You’re being asked to build and run more software than ever before. Are you spending money on the projects that matter? Can you wiggle out of pricey licensing agreements that don’t deliver value anymore?
We call these indicators the 5 Ss. Together, they roll up into the Built to Adapt Benchmark. Use this benchmark as the foundation for achieving superior business outcomes.
With every release of our products, we aim to make progress in support of this benchmark and the five Ss.
Now that Pivotal Cloud Foundry (PCF) 2.2 is generally available, let’s discuss the top features under this backdrop.
Speed: Accelerate the Delivery of Custom Software
For platform operators, day-to-day tile management goes quicker now that you can selectively deploy tiles in Ops Manager. Selective updates enable operators to target only a subset of products rather than the entire set of products. This reduces the scope and therefore the risk of updates, as they are now able to be done in smaller, incremental steps.
Developers now have an easy way to add service discovery to their apps: polyglot service discovery for container networking. This capability makes service discovery a part of the app platform itself, so it works with any supported framework.
Stability: Deliver Enterprise SLAs Across Your App Portfolio
Building redundancy at the AZ level for on-prem deployments is now much easier. Why? Because Ops Manager supports multiple data centers on vSphere. You can configure Pivotal Application Service (PAS) to span several vCenters, virtual data centers, and vCenter users for vSphere.
Log Cache is a new way to monitor apps. Use the Log Cache API to query logs and metrics. Then, build custom automation based on any emitted metric. Log Cache helps you keep apps online and serving traffic.
Scalability: Reliably Run All Your Apps at Cloud Scale
PCF App Autoscaler now consumes Log Cache. Use this nifty integration to create scaling rules that trigger on any metric emitted by an app. Scale your apps based on the metrics that matter the most!
Security: Reduce Risk in Your App Portfolio
Runtime CredHub and the CredHub Service Broker are GA, allowing you to keep off-platform service credentials encrypted at rest. Use this option instead of CUPS to store all generated credentials in PAS's CredHub cluster.
A new OpsManager and BOSH CredHub integration further reduces the risk of leaked credentials. Here’s why: no tile credentials are stored in the BOSH director's database. Instead, BOSH CredHub encrypts all tile credentials before storing them on the BOSH VM.
TLS encrypts several more traffic flows throughout the platform. Ops Manager, BOSH Backup & Restore, MySQL, and RabbitMQ all expand their use of the protocol.
Savings: Trim Waste and Invest in What Counts
Do you use expensive, external load balancers to handle application traffic? Save network hops and money—use polyglot service discovery for container networking instead! When traffic flows through the platform, instead of hairpinning through the load balancer, your packets travel shorter distances on the network, reducing consumption-based licensing costs.
Let’s go beyond the release headlines and dig into each feature!
Log Cache is an in-memory caching layer for logs and metrics. App developers and operators can use the RESTful Log Cache API to query and filter logs. You’ll find Log Cache immediately useful in three areas:
Monitoring and alerting. Use Log Cache to track specific metrics emitted by the Firehose without consuming the whole thing. You can now consume selected metrics with a “pull” model, rather than receiving a stream that’s pushed to you.
Autoscaling. Previously, you could configure App Autoscaler based on five metrics. With Log Cache, a new universe of autoscaling possibilities exists. More on this below!
Canary routing. This one is a bit more advanced. You can use Log Cache to route requests based on custom metrics. Check out this GitHub repository for an example using Log Cache and PromQL.
One other new capability worth highlighting: app developers can now see service instance metrics from supported services.
Ready to get started with Log Cache? Download the Log Cache CLI plugin. You’ll need to enable Log Cache explicitly. Upgrade to PAS 2.2, then tick a box under “Advanced Features,” and you’re good to go.
Once a customer realizes better business outcomes with PCF in their data center, they often ask: “How can we do this across sites?”
There are several tried-and-true multisite patterns for PCF. Now, some of these best practices have become easier for vSphere deployments. With Ops Manager 2.2, you can manage multiple vSphere vCenters on a single vSphere BOSH Director tile. Use this new feature to associate a single PCF foundation with multiple data centers across the world.
Just fill out a simple form to add a vCenter configuration to your PAS instance. At that point, an availability zone becomes an abstraction, so a single foundation can use two AZs in different locations.
One quick caveat: this feature doesn’t address latency. So you’ll want to think about performance between sites.
The killer feature for Kubernetes? Operability. PKS 1.1 delivers new capabilities to help you run K8s at scale on day 1 and day 2. Highlights include support for multi-AZ deployments and full multi-tenant network automation for Kubernetes clusters. There’s also a multi-masters capability we've shipped as a beta. This excellent video shows the new features in action:
And PKS comes with the most recent stable version of the project: Kubernetes 1.10. (Google Container Engine recently upgraded to 1.10 as well.)
[new blog post] @pivotal @VMware #PKS 1.1 is now GA! Includes @kubernetesio 1.10 and much more. Our goal is to be the Enterprise multi-cloud #k8s that customers love. It's a BIG release - congrats to the great team behind it! https://t.co/0ikY84TEKG— Chad Sakac (@sakacc) June 29, 2018
Read VMware’s take on PKS 1.1!
Your apps need to be online and handling queries no matter what. In PCF 2.2, we’ve wired up Log Cache to App Autoscaler to give you more scalability options. Download the new CLI here.
Want to Scale off of JVM Metrics? Create Custom Rules with Custom Metrics!
Thanks to this integration, you can create custom rules. Your app can scale according to any metric it emits. Want to scale based on
jvm.memory.max? Go for it.
Build sophisticated scaling rules based on custom metrics.
You can also create compare rules. Here, you can divide two data points from two different metrics, and scale based on this ratio. Consider
jvm.memory.max. You may want to scale your app when used approaches 50% of
max. Now you can!
Now in the CLI: Scheduled Instance Limit Management
The workload on your apps may be variable. But sometimes this variation is predictable.
If you have an app that’s heavily used during business hours, you may want to set scaling rules and limits based on a calendar schedule. App Autoscaler has supported this in the Apps Manager UI for a while. In PCF 2.2, you can now manage these rules in the CLI as well.
Create and manage schedule-based scaling rules in the CLI.
The Runtime CredHub goes GA in PCF 2.2. This repository for credentials is part of PAS, and makes service broker integrations and the CredHub Service Broker first-class citizens.
What’s the CredHub Service Broker, you ask? Well, it’s a lightweight service broker deployed as a tile. It enables an experience almost identical to CUPS — with one very important difference. All credentials created with this service broker are stored securely within PAS's CredHub cluster. The only “actors” allowed to read those credentials are the applications they're intended for, and the CredHub Service Broker itself. The service broker is GA when you use it with PAS 2.2; it’s a beta when used alongside other PAS versions.
Want a deeper look at how the CredHub Service Broker works? Check out this technical blog post from an enterprise architect point of view. The post includes several insightful drawings like this one:
How the CredHub Service Broker stores credentials in CredHub.
Speaking of CredHub! The BOSH CredHub repository takes a big leap forward in this release. Now, no tile credentials are stored in the BOSH director's database. Instead, BOSH CredHub encrypts all tile credentials before storing them on the BOSH VM.
The ultimate goal of CredHub: to help you rotate all the credentials for Cloud Foundry every few minutes or hours. When credentials quickly rotate, the value of these secrets to an attacker is much lower. This is a big vision, and each successive PCF release has brought us that much closer to making it a reality.
What a time saver! You can now choose to deploy a selection of tiles rather than all tiles in Ops Manager. Operators will love this capability for three reasons:
It drastically reduces the time to “Apply Changes.”
You gain more control over the impact of a given “Apply Changes” command.
You can sequence upgrades as a series of smaller steps, rather than one large deployment.
We’ve also built in safeguards against incompatibilities and other possible issues. You can safely accelerate this part of your workflow.
The API for this feature is generally available. You can try out the UI as a beta:
The beta UI for the Selective Deploy capability in Ops Manager.
Java and .NET engineers use the service discovery pattern to build and run microservices. Why should these developers have all the fun?
Developers working in any framework now have an easy way to add service discovery to their apps: platform-native service discovery. In PCF 2.2, the feature is GA and enabled by default.
As we noted before, you’ll appreciate this feature in three scenarios:
To secure microservices. Use this feature to create internal routes, and to make internal services only accessible within PCF.
For Blue-Green deployments. Map multiple apps to the same internal route.
Clustering apps. Access individual instances of an app using instance-based DNS.
Want to learn more? Watch this Cloud Foundry Summit talk from Pivotal product managers:
You can lower your costs, to: polyglot service discovery bypasses external load balancers. You’ll have much less traffic going through these pricey appliances.
We’re big fans of Transport Layer Security (TLS). That’s why PCF uses the protocol to secure connections between internal components, app containers, and customer hardware. And TLS gets more pervasive in our product suite with each successive release. Most recently, we added TLS down to the app container.
Had a ton of questions recently about how @PivotalCF uses @EnvoyProxy for transparent TLS all the way to the app container, so I wrote up a blog post about it: https://t.co/xZVaVSkgkk pic.twitter.com/hXYSdyIbYp— Eric Malm (@emalminator) April 5, 2018
Here’s where we've added TLS in PCF 2.2:
Operations Manager 2.2
An Ops Manager Director can connect to a remote database via TLS (using a custom CA to trust).
Operators can specify a custom trusted SSL certificate and key for the Ops Manager server.
Operators can opt into enabling TLS communication between the BOSH Director NATS and all BOSH agents.
BOSH Backup & Restore (when used with PAS 2.2)
Backup and restore of a database used by PAS can use TLS.
Backup and restore of an external blobstore on PAS can use TLS.
MySQL for PCF v2.3
When TLS is enabled for this service, the platform will provision a MySQL server with a certificate so that apps and clients can establish an encrypted connection to the service. (Read more about this from the operator perspective. Then learn about the developer point of view.)
Microsoft Azure Stack is now a supported infrastructure target for PCF 2.2. Customers can deploy PCF in this on-premises extension of Microsoft Azure. Operators can configure settings specific to Azure Stack (e.g., domain, authentication, endpoint prefix). All other elements of PCF setup and management are identical to other infrastructure targets.
Scores of enterprises are modernizing how they do development, using Pivotal Cloud Foundry atop VMware’s Developer-Ready Infrastructure stack. Now you have another way to quickly and easily deploy that stack: Pivotal Ready Architecture (PRA) 1.1 from Dell EMC.
What’s PRA? It's a reference architecture that’s purpose-built for running Pivotal Cloud Foundry (PCF). It features:
Pivotal Application Service (PAS) and Pivotal Container Service (PKS) reference architectures on Dell EMC VxRail hyper-converged infrastructure
“Always on” highly-available configurations
A central management console
Modular design that scales with you
Integrated backup and disaster recovery options
The solution delivers a fast, simple way to deploy and run Pivotal Cloud Foundry in your data center.
Want technical details? Check out the PRA page. It has handy reference architectures, like this one for PKS:
A reference architecture for PKS on VMware vSphere with Pivotal Ready Architecture.
PAS for Windows Adds Support for AWS
The .NET Renaissance continues! Companies are re-examining their .NET application estate like never before. PAS for Windows is a big reason why. With PAS for Windows, developers can modernize .NET apps with an automated app platform. The service also helps Windows Server admins adopt immutable infrastructure practices.
So what’s new in this release? PAS for Windows 2.2 can be deployed on AWS! AWS support extends to PAS 2.1 as well.
Want to read up on cloud-native .NET? Download this recent whitepaper by Pivotal’s peerless platform architects.
So much positive feedback on this whitepaper on cloud-native .NET https://t.co/aGYqYwLB7x It lays the groundwork for cloud-native .net and how @pivotalcf improves both the dev and operator experience Well done @RichardJRossJr @Krumpe Shawn Neal and David Dieruf— Ronak Kumar Mallik (@ronak) May 12, 2018
Docker Support Comes to Pivotal Web Services
OK, this one isn’t technically part of PCF. But it is worth highlighting!
Long-time PCF customers know that the platform supports Docker images. You can push your image with a single CLI command.
What if you want to run Docker images in a multitenant environment, with pay-as-you-go flexibility? Use Pivotal Web Services! The service now supports Docker images, just like PCF has for years.
cf target https://t.co/2nPCQP4Jgv— Richard Seroter (@rseroter) May 31, 2018
cf push pwsdocker --docker-image microsoft/dotnet-samples:aspnetapp -i 1 -m 256M --no-start
cf set-env pwsdocker ASPNETCORE_URLS http://*:8080
cf start pwsdockerhttps://t.co/N253eERmGd < @Docker images supported now in hosted PCF pic.twitter.com/yc4cb5W1DL
PWS remains a fast, no-cost way to try out the app platform. Now that’s also true for folks that simply want to run Docker containers in an automated, highly available platform.
Ubuntu 16.04 is on the Way
Managing an operating system is such a pain—that’s why Pivotal does it for you! To wit: Pivotal intends to move to Ubuntu 16.04 (Xenial Xerus) BOSH stemcells for PCF 2.3 later this year. The prior stemcell version, based on Ubuntu 14.04 (Trusty Tahr), will reach the end of its official support lifecycle in April 2019. We intend to retire all Trusty stemcell lines with PCF 2.2 and move PCF customers to the newer and fully-supported Xenial stemcell lines for 2.3. You may now go back to not caring about the operating system!
Learn From Your Peers at SpringOne Platform this Fall
The most successful companies are operating automated platforms, using containers, and adhering to modern development methods. But these firms didn’t start out as efficient, secure-by-default, high-velocity engineering organizations.
Their respective IT teams began with the unglamorous work of gathering data and assessing the current state of their development practices. They cobbled initial benchmarks together and worked with Pivotal to optimize their processes and run their custom software on PCF. Then, their improvements in the 5 Ss began to shine.
If these stories sound interesting to you, you’re going to want to sign up for SpringOne Platform this fall.
If you could create your own enterprise software conference, what would it have?— Jared Ruckle (@jaredruckle) June 13, 2018
✅ Stories from F500 leaders
✅ Dazzling keynotes
✅ No nonsense talks from seasoned practitioners
✅ Cool demos
That’s SpringOne Platform.https://t.co/xvmEzDKRDB pic.twitter.com/ry0owzgIGL
You’re also going to want to learn more about Pivotal Cloud Foundry 2.2. Check out the links below and read up on the newest capabilities.
Ready to get started immediately? Use many of the latest PCF 2.2 features on Pivotal Web Services for free!
About the Author
Jared works in product at Pivotal.Follow on Twitter More Content by Jared Ruckle