Join Dan Baskette and Jared Ruckle for a first look at the latest Pivotal Platform capabilities with demos and expert Q&A. Attend this session and learn how you can put these new updates to work for your enterprise.
Build apps atop Kubernetes with:
● Azure Spring Cloud, a complete runtime for Spring apps atop Azure Kubernetes Service
● Pivotal Build Service, an automated workflow for code-to-container builds
● Container Services Manager for Pivotal Platform, a bridge between Pivotal Application Service and PKS
Build apps atop a self-managed platform with:
● Pivotal Application Service 2.7, and its additional app deployment capabilities
● Pivotal Service Instance Manager, a new tool to help you manage backing services at scale
Get your apps to production with CI/CD tools like:
● Pivotal Continuous Delivery with Spinnaker
● Pivotal Concourse 5.5
We’ll also review Pivotal Spring Cloud Gateway and Pivotal Cloud Cache 1.9!
Presenter : Dan Baskette, Director, Technical Marketing & Jared Ruckle, Director, Product Marketing
3. Operational
Efficiency
● Employ 500:1 developer
to operator ratio
● Perform zero-downtime
upgrades
● Runs the same way on
every public/private
cloud
Developer
Productivity
Comprehensive
Security
● Accelerate feedback
loops by improving
delivery velocity
● Focus on applications,
not infrastructure
● Give developers the
tools and frameworks to
build resilient apps
● Adopt a
defense-in-depth
approach
● Continuously update
platforms to limit threat
impact
● Apply the 3 R’s → repair,
repave, rotate
● Deploy multi-cloud
resilience patterns
● Run platforms that stays
online under all
circumstances
● Scale up and down, in
and out, through
automation
Multi-Cloud
Success
The Pivotal value proposition.
6. cf CLI updates
v7 beta cf CLI is available. Highlights:
- cf push supports rolling deployments with new
`--strategy rolling` and `no-wait` flags
- routes, domains, buildpacks, stacks, feature-flags,
spaces, orgs are backed by the v3 API
- cf set-label, unset-label, labels - allows
developers and operators to add metadata to the
app, orgs, spaces, buildpack, stack resources
PSA:
- v7 cf CLI beta is still under development; we
continue to build commands backed by the v3
API
- v7 cf CLI beta release is currently tested against a
CC API Release Candidate.
7. PAS 2.7
Developers can manage app
re-deployments & revisions in Apps
Manager
● View revisions of an application
● Deploy a revision of an application
● View deployment status of a revision
● Users can also view the environment variables
associated with a revision (the drop-down section
of each row)
9. PAS 2.7: NEW enhancements for Java apps to run in user-provided sidecars
● Added memory limits to
process definitions to
enable their use with Java
apps
● Remains a beta
● ICYMI: From PAS 2.6
○ [speed] Improved support for
additional use cases
11. Pivotal Cloud
Cache 1.9
● [speed] Performance (PCC 1.8 & 1.9) - 2x on server side,
10% improvement in client/server topology.
● Cloud Cache 1.9
○ [savings] Cloud Cache is now available on PWS
○ [speed] Add Geode to your apps via start.spring.io.
○ [security] TLS over WAN
○ [savings] Service instance sharing
● [Speed] Support for .NET framework
13. Steeltoe 2.3
Steeltoe.Logging - Serilog dynamic logging
Extends the Dynamic Logging Provider with Serilog. This
allows logger levels configured via Serilog to be queried
and modified at runtime via the Loggers Endpoint.
Serilog message templates are a simple DSL extending
.NET format strings. Parameters can be named, and their
values are serialized as properties on the event for
incredible searching and sorting flexibility:
var position = new { Latitude = 25, Longitude = 134 };
var elapsedMs = 34;
log.Information("Processed {@Position} in
{Elapsed:000} ms.", position, elapsedMs);
14. Steeltoe 2.3
Steeltoe.Management
● Support for ASP.NET Core Community Health
Checks
○ Samples here, additional info here
● Support for launching Cloud Foundry tasks
bundled with applications (used with below EF
migrations cf task)
Steeltoe.Connectors
● Apply EF migrations using ‘cf task’
● Microsoft SQL Server connector now supports
arbitrary properties (including using named
instances) passed via jdbc-style uri
● Added GemFire Connector (.NET 4.5.2+ only)
● Added Search Path support for PostgreSQL
16. Pivotal Spring Cloud Services 3.1
● Added back Service Registry as part of SCS. Key features:
○ Service registration via cf bind-service and SCS Connectors client
dependency
○ Client-side location of services via SCS Connectors client dependency
○ Bi-directional peer replication between Service Registry instances
● Adds support for backup and restore
○ Based on BBR
○ Backs up the following resources for SCS:
■ Service broker database
■ Mirror service database
■ Mirror service persistent disk for mirrored Git repositories
17. A developer-friendly way to route API requests (internal or external) to
the correct service
→ Getting Started | Hiding Services | Securing Services
PAS
SSO
Pivotal Spring Cloud Gateway [beta]
Use Pivotal Spring Cloud Gateway
for
Routing
Resiliency
Monolith Strangling
Single Sign-On
Security
Monitoring
Canarying
Flexibility
Built on Spring Framework,
Project Reactor, Spring Boot
Benefits include Comprehensive
List of Filter Options, Route
Configuration Done in Dynamic
JSON Configuration
19. Pivotal Concourse 5.5 GA + Helm Chart Support
Supported Helm Deployment
● Pivotal Concourse team officially maintains
and supports Concourse Helm Chart for our
enterprise customers
● Deployment validated with “Hush
House”—the environment for observing,
maintaining, and operating Concourse on
Pivotal Container Service at scale
● Available as download on PivNet
Key Feature Updates for 5.5
● Performance boost from improved volume
streaming compression with Zstandard
● Better auditability with improved user
session and event tracking
● UI refinements like sticky step headers that
enables you to keep track of place
● New Super admin role: broader, more
efficient access to permissions across teams
● Automated support for Let’sEncrypt SSL/TLS
certificates
● Backup & recovery reliability and
configuration improvements
21. Pivotal Continuous Delivery with Spinnaker [Beta]
Proven, community-driven,
open-source Spinnaker releases
that are offered and supported
by Pivotal on PKS.
Confidently deploy and operate microservices
across multi-cloud infrastructure:
● Built-in canary analysis and blue-green
deployments
● App inventory of your entire application
estate
● Security and compliance can be built into
opinionated pipelines
● Application performance optimization during
runtime based on monitoring feedback
● Deploys native K8s manifests (without
modification) according to custom workflows
● Part of Pivotal end-to-end DevOps toolchain
24. Ops Manager 2.7
Operators can now set NSX-V and
NSX-T configuration for instance
groups in the Ops Manager UI.
● The Resource Config page sports a new
redesign, to better support NSX-T & NSX-V.
● Improves consistency
26. Ops Manager 2.7
Operators can get enhanced
auditing information through Ops
Manager.
● Ops Manager now tracks every request
made to Ops Manager in a unified way:
what it was, who made it, and when it
occurred.
27. Ops Manager 2.7
Operators can easily send
information about their deployment
to Pivotal Support engineers.
● A new platform information bundle within Ops Manager
creates a zip file when clicked by the user. This file can
then be uploaded into a support ticket. Pivotal Support
can then start resolution process with basic information
about the user.
● This is our first iteration on this feature. It’s built with the
simplest information possible. We plan to iterate based
on your feedback.
28. Ops Manager 2.7: One-Click Support Through Platform Information Bundle
29. Ops Manager API Docs Now Online
● v2.7 http://docs.pivotal.io/pivotalcf/2-7/opsman-api/
● v2.6 http://docs.pivotal.io/pivotalcf/2-6/opsman-api/
● v2.5 http://docs.pivotal.io/pivotalcf/2-5/opsman-api/
● v2.4 http://docs.pivotal.io/pivotalcf/2-4/opsman-api/
30. Platform
Automation
Platform Automation 4.0
● Goal: Continue to ensure support, as needed, for
upcoming Pivotal Platform releases.
○ Platform engineers can easily upgrade when
those versions become available.
● Version 4.0 includes a new pre-deploy-check that
validates that Ops Manager and its staged products
are configured correctly.
○ This enables you to ‘fail early’ and correct
configurations before applying changes to a
production environment.
○ It works with Ops Manager version 2.6 and
higher.
31. Platform Recovery
Speed
Savings
● Selective backups: Platform
Operators can choose which
blobstores to backup
○ Operators can opt out of backing up
relatively static files like droplets and
packages.
○ Trade backup duration with recovery
time!
■ Smaller, quicker and therefore
more frequent backups for higher
RTO
32. Healthwatch 1.7
Speed
Stability
● Adapts for PAS 2.7 relevant
KPI/KSI changes.
● Reduced alert noisiness.
○ We’ve reduced the number of alerts
that come with out-of-the box
thresholds, allowing customers more
configuration of their environments as
they know them best
○ Alerts on `dynamic` metrics will still be
available, however customers will need
to configure the threshold values to
receive them
33. Platform
Observability
PSA: Firehose v1 deprecation period
officially starts with PAS 2.7.
● Firehose v1 endpoint is "deprecated" (but
still works for PAS 2.7 to support transitions).
● It is succeeded by v2, LogCache/RLP
○ All platform provided consumers have
switched with exception of CLI (expected
with PAS 2.9)
● Prepare for final v1 deprecation in PAS 2.9!Stability
35. Pivotal Service Instance Manager [beta]
Reduce the time platform
operators spend managing
services.
- Multi foundation
- Version independent
- Uses Pivotal Platform
Permissions
- Faster troubleshooting
- Savings, via more efficient
resource use
37. Enterprise PKS 1.5
Production-ready Kubernetes on
any cloud
Kubernetes 1.14.5
Windows based workloads (beta)
Enterprise Management Console (beta)
Granular Upgrades
Leverage SAML for authentication
Enterprise Security & Networking
• Customized load balancer configuration
• Ordering firewall configuration
• Assign a well-known IP address to cluster ingress
controller and LB
Want early access to PKS 1.5 for Windows
workloads? Contact your balanced account
team.
39. PAS for Windows
2.7
Speed
Security
.NET devs have the VisualC++ redistributables
pre-installed on the rootfs
Adding the VisualC++ 2010, (updating) 2017 and 2019
redistribs to the rootfs and additionally ensuring they are
pulling the latest versions.
[BETA] Windows AIs provide secure mTLS
communication to the GoRouter (via Nginx)
Encrypted data-in-motion communication is a requirement
for many customers, particularly those who require PCI
certification for the platform.
40. PAS for Windows
2.7
Security
Stability
Windows Server 2019 VMs are compliant with
Microsoft Baseline Security Standard
As part of improving the security hardening of our
Windows Server 2019 VMs, we are aligning with the
Microsoft Baseline Security Hardening Standard.
Users can no longer toggle RDP in PASW tile
If a customer would really like to continue to RDP, they
could do so using the BOSH runtime-config.
41. PSA & Important reminders
PASW 2012 R2 End of Availability **Sept 31, 2019**
In line with delivering the best experience for Windows workloads on
Pivotal Platform, the 2012 R2 stack is being retired. Please talk to your
customers to discuss migration and upgrade strategy.
‘-s windows2016’ is deprecated (as of PASW 2.5).
In PASW 2.8 the windows2016 stack will no longer work. Use ‘-s
windows’ instead. You may run `cf buildpacks` to verify that you have
the `windows` associated stack.
View a video on how to change the stack, here.
Read more about the change, here.
43. MySQL 2.8
● ICYMI: MySQL for PCF 2.7 (released Aug 1st)
○ Certificate rotation
○ HA Clusters are now GA (v2.7.2)
○ Multi-DC Replication Limited BETA
● MySQL for Pivotal Platform 2.8 offers Multi-DC
Replication (Public BETA)
○ Developers can create a Leader-Follower MySQL in two
foundations/data centers
○ Developers can bind apps in either foundation to the
Multi-DC MySQL instance
○ Developers can trigger a failover to their DR foundation in
the case of a disaster
○ Operators can do data center maintenance while
minimizing database downtime
Coming Soon
Stability
45. RabbitMQ 1.18
● Off-platform access: on-demand instances can be
given an externally accessible address
● Granular Upgrades: on-demand instance owners
can choose when to perform an upgrade
● Improved availability of SIs when updating
underlying RabbitMQ and Erlang versions
● Expose additional metrics (node sockets, cluster
response time, node uptime)
RabbitMQ Summit - Nov 4th
47. PAS 2.7
Operators can rotate the CCDB
encryption key
● Rotation of secrets is a best practice, as it
reduces the value of data that leaks outside the
org.
● This is now enabled for encrypted fields at rest in
the Cloud Controller Database in PAS.
Security
48. Pivotal Compliance Scanner Now GA!
● Allows customers to prove platform compliance
through scan results of Ops Man-visible VMs.
● Bundles 4 benchmarks
● Works in foundations with SSO enabled
● S3 bucket support for storing scan results
● Allow cancellation of running scans
Compliance
Scanner
Security
49. Compliance
Updates
● Pivotal Anti-Virus 2.0 now GA
○ Formerly known as ClamAV
○ Now a tile
○ Bundles the ClamAV Mirror Tile to provide
an easy way for our customers to set up a
mirror, to serve virus definition files.
○ Handles both air-gapped and
non-air-gapped use cases
Security
50. PAS 2.7
Developers can configure LDAP
user credentials when creating NFS
service instances.
● This removes the need for re-entering
service bind configuration details when
binding NFS services to apps.
● This also enables LDAP integration to work
in use cases that do not support bind
configuration (e.g. SCDF, or binding via
application manifest).
Speed
Security
53. Pivotal RabbitMQ for Kubernetes [beta]
Why RabbitMQ for
Kubernetes?
● More efficient resource
consumption
● Consistency
● Modular administration
● Latency
A full-featured Kubernetes Operator
for RabbitMQ to provision and
manage clusters at scale.
56. KSM - A broker to bridge PAS and PKS [beta]
KSM enables Platform Engineers to extend the marketplace with a
catalog of containerized services deployed on PKS.
As a Platform Engineer you can now offer OSS, internal, and COTS
products deployed on Kubernetes in your developer marketplace.
And once in the marketplace, Application Developers can create and
bind dedicated service instances to their applications using native CF
commands.
59. Azure Spring Cloud: Build, run, and scale apps with Spring Cloud & K8s
A complete runtime for Spring
Boot microservices (and .NET in
the future)
Managed Eureka, Config Server,
and Circuit Breaker Dashboard
Integrated with Azure Monitor &
Application Insights
Extend apps with Azure data
services
Supported in the Azure CLI
Multi-region
Tiered offering: “Standard” &
“Premium”
Private preview @ SpringOne
Platform
A fully managed service for
microservices, powered by Spring
Cloud and Azure Kubernetes Service.
+
61. ISV Ecosystem Momentum Drives Platform Advantage
ETL
DATABASE
IaaS
CACHE / LB
COMMERCE
SEARCH
IAM
SECURITY
TEST
ANALYTICS
BATCH
APM
MOBILE
CI / CD
NETWORKING
ITIL
BPM
IDE/CODE
API / SOA /
uS / IOT
MESSAGING SIEM / LOG /
AUDIT
CRM
Microsoft Azure
Microsoft Azure
Google Cloud Platform
Google Cloud Platform