Pivotal Platform: A First Look at the October Release

© Copyright 2019 Pivotal Software, Inc. All rights Reserved.
Pivotal Platform October Update
A First Look
Jared Ruckle
@jaredruckle
Dan Baskette
@dbbaskette

Operational
Eﬃciency
● Employ 500:1 developer
to operator ratio
● Perform zero-downtime
upgrades
● Runs the same way on
every public/private
cloud
Developer
Productivity
Comprehensive
Security
● Accelerate feedback
loops by improving
delivery velocity
● Focus on applications,
not infrastructure
● Give developers the
tools and frameworks to
build resilient apps
● Adopt a
defense-in-depth
approach
● Continuously update
platforms to limit threat
impact
● Apply the 3 R’s → repair,
repave, rotate
● Deploy multi-cloud
resilience patterns
● Run platforms that stays
online under all
circumstances
● Scale up and down, in
and out, through
automation
Multi-Cloud
Success
The Pivotal value proposition.

Developer Productivity

PAS 2.7
© 2019 PIVOTAL SOFTWARE, INC. All Rights Reserved. Confidential & Provided Under
NDA —Do Not Distribute. Forwarding this document outside your organization is prohibited.
Native rolling application deployments
Instead of requiring two apps and client orchestration,
developers to perform this scenario natively with
each app in PAS.
● API is GA; corresponding cli is beta
● Oﬀers near-zero downtime push & restarts
● Launched as a beta in PAS 2.4
● Previously exposed as
○ cf v3-zdt-push
○ cf v3-zdt-restart
● Now exposed via the v7 cli beta
○ cf push --strategy rolling

cf CLI updates
v7 beta cf CLI is available. Highlights:
- cf push supports rolling deployments with new
`--strategy rolling` and `no-wait` ﬂags
- routes, domains, buildpacks, stacks, feature-ﬂags,
spaces, orgs are backed by the v3 API
- cf set-label, unset-label, labels - allows
developers and operators to add metadata to the
app, orgs, spaces, buildpack, stack resources
PSA:
- v7 cf CLI beta is still under development; we
continue to build commands backed by the v3
API
- v7 cf CLI beta release is currently tested against a
CC API Release Candidate.

PAS 2.7
Developers can manage app
re-deployments & revisions in Apps
Manager
● View revisions of an application
● Deploy a revision of an application
● View deployment status of a revision
● Users can also view the environment variables
associated with a revision (the drop-down section
of each row)

Apps Manager 2.7
Displays of App Redeployments &
Revisions

PAS 2.7: NEW enhancements for Java apps to run in user-provided sidecars
● Added memory limits to
process deﬁnitions to
enable their use with Java
apps
● Remains a beta
● ICYMI: From PAS 2.6
○ [speed] Improved support for
additional use cases

Pivotal Cloud
Cache 1.9
● [speed] Performance (PCC 1.8 & 1.9) - 2x on server side,
10% improvement in client/server topology.
● Cloud Cache 1.9
○ [savings] Cloud Cache is now available on PWS
○ [speed] Add Geode to your apps via start.spring.io.
○ [security] TLS over WAN
○ [savings] Service instance sharing
● [Speed] Support for .NET framework

Steeltoe 2.3
Steeltoe.Logging - Serilog dynamic logging
Extends the Dynamic Logging Provider with Serilog. This
allows logger levels configured via Serilog to be queried
and modified at runtime via the Loggers Endpoint.
Serilog message templates are a simple DSL extending
.NET format strings. Parameters can be named, and their
values are serialized as properties on the event for
incredible searching and sorting flexibility:
var position = new { Latitude = 25, Longitude = 134 };
var elapsedMs = 34;
log.Information("Processed {@Position} in
{Elapsed:000} ms.", position, elapsedMs);

Steeltoe 2.3
Steeltoe.Management
● Support for ASP.NET Core Community Health
Checks
○ Samples here, additional info here
● Support for launching Cloud Foundry tasks
bundled with applications (used with below EF
migrations cf task)
Steeltoe.Connectors
● Apply EF migrations using ‘cf task’
● Microsoft SQL Server connector now supports
arbitrary properties (including using named
instances) passed via jdbc-style uri
● Added GemFire Connector (.NET 4.5.2+ only)
● Added Search Path support for PostgreSQL

Pivotal Spring Cloud Services 3.1
● Added back Service Registry as part of SCS. Key features:
○ Service registration via cf bind-service and SCS Connectors client
dependency
○ Client-side location of services via SCS Connectors client dependency
○ Bi-directional peer replication between Service Registry instances
● Adds support for backup and restore
○ Based on BBR
○ Backs up the following resources for SCS:
■ Service broker database
■ Mirror service database
■ Mirror service persistent disk for mirrored Git repositories

A developer-friendly way to route API requests (internal or external) to
the correct service
→ Getting Started | Hiding Services | Securing Services
PAS
SSO
Pivotal Spring Cloud Gateway [beta]
Use Pivotal Spring Cloud Gateway
for
Routing
Resiliency
Monolith Strangling
Single Sign-On
Security
Monitoring
Canarying
Flexibility
Built on Spring Framework,
Project Reactor, Spring Boot
Benefits include Comprehensive
List of Filter Options, Route
Configuration Done in Dynamic
JSON Configuration

Pivotal Concourse 5.5 GA + Helm Chart Support
Supported Helm Deployment
● Pivotal Concourse team officially maintains
and supports Concourse Helm Chart for our
enterprise customers
● Deployment validated with “Hush
House”—the environment for observing,
maintaining, and operating Concourse on
Pivotal Container Service at scale
● Available as download on PivNet
Key Feature Updates for 5.5
● Performance boost from improved volume
streaming compression with Zstandard
● Better auditability with improved user
session and event tracking
● UI refinements like sticky step headers that
enables you to keep track of place
● New Super admin role: broader, more
efficient access to permissions across teams
● Automated support for Let’sEncrypt SSL/TLS
certificates
● Backup & recovery reliability and
configuration improvements

Pivotal Continuous Delivery with Spinnaker [Beta]
Proven, community-driven,
open-source Spinnaker releases
that are offered and supported
by Pivotal on PKS.
Confidently deploy and operate microservices
across multi-cloud infrastructure:
● Built-in canary analysis and blue-green
deployments
● App inventory of your entire application
estate
● Security and compliance can be built into
opinionated pipelines
● Application performance optimization during
runtime based on monitoring feedback
● Deploys native K8s manifests (without
modification) according to custom workflows
● Part of Pivotal end-to-end DevOps toolchain

Operator Eﬃciency

Ops Manager 2.7
Operators can now set NSX-V and
NSX-T conﬁguration for instance
groups in the Ops Manager UI.
● The Resource Conﬁg page sports a new
redesign, to better support NSX-T & NSX-V.
● Improves consistency

Ops Manager 2.7: Newly Available NSX-V and NSX-T Conﬁguration

Ops Manager 2.7
Operators can get enhanced
auditing information through Ops
Manager.
● Ops Manager now tracks every request
made to Ops Manager in a uniﬁed way:
what it was, who made it, and when it
occurred.

Ops Manager 2.7
Operators can easily send
information about their deployment
to Pivotal Support engineers.
● A new platform information bundle within Ops Manager
creates a zip file when clicked by the user. This file can
then be uploaded into a support ticket. Pivotal Support
can then start resolution process with basic information
about the user.
● This is our first iteration on this feature. It’s built with the
simplest information possible. We plan to iterate based
on your feedback.

Ops Manager 2.7: One-Click Support Through Platform Information Bundle

Ops Manager API Docs Now Online
● v2.7 http://docs.pivotal.io/pivotalcf/2-7/opsman-api/

Platform
Automation
Platform Automation 4.0
● Goal: Continue to ensure support, as needed, for
upcoming Pivotal Platform releases.
○ Platform engineers can easily upgrade when
those versions become available.
● Version 4.0 includes a new pre-deploy-check that
validates that Ops Manager and its staged products
are conﬁgured correctly.
○ This enables you to ‘fail early’ and correct
conﬁgurations before applying changes to a
production environment.
○ It works with Ops Manager version 2.6 and
higher.

Platform Recovery
Speed
Savings
● Selective backups: Platform
Operators can choose which
blobstores to backup
○ Operators can opt out of backing up
relatively static ﬁles like droplets and
packages.
○ Trade backup duration with recovery
time!
■ Smaller, quicker and therefore
more frequent backups for higher
RTO

Healthwatch 1.7
Speed
Stability
● Adapts for PAS 2.7 relevant
KPI/KSI changes.
● Reduced alert noisiness.
○ We’ve reduced the number of alerts
that come with out-of-the box
thresholds, allowing customers more
conﬁguration of their environments as
they know them best
○ Alerts on `dynamic` metrics will still be
available, however customers will need
to conﬁgure the threshold values to
receive them

Platform
Observability
PSA: Firehose v1 deprecation period
oﬃcially starts with PAS 2.7.
● Firehose v1 endpoint is "deprecated" (but
still works for PAS 2.7 to support transitions).
● It is succeeded by v2, LogCache/RLP
○ All platform provided consumers have
switched with exception of CLI (expected
with PAS 2.9)
● Prepare for ﬁnal v1 deprecation in PAS 2.9!Stability

Pivotal Service Instance Manager [beta]
Reduce the time platform
operators spend managing
services.
- Multi foundation
- Version independent
- Uses Pivotal Platform
Permissions
- Faster troubleshooting
- Savings, via more eﬃcient
resource use

Enterprise PKS 1.5
Production-ready Kubernetes on
any cloud
Kubernetes 1.14.5
Windows based workloads (beta)
Enterprise Management Console (beta)
Granular Upgrades
Leverage SAML for authentication
Enterprise Security & Networking
• Customized load balancer configuration
• Ordering firewall configuration
• Assign a well-known IP address to cluster ingress
controller and LB
Want early access to PKS 1.5 for Windows
workloads? Contact your balanced account
team.

PAS for Windows
2.7
Speed
Security
.NET devs have the VisualC++ redistributables
pre-installed on the rootfs
Adding the VisualC++ 2010, (updating) 2017 and 2019
redistribs to the rootfs and additionally ensuring they are
pulling the latest versions.
[BETA] Windows AIs provide secure mTLS
communication to the GoRouter (via Nginx)
Encrypted data-in-motion communication is a requirement
for many customers, particularly those who require PCI
certiﬁcation for the platform.

PAS for Windows
2.7
Security
Stability
Windows Server 2019 VMs are compliant with
Microsoft Baseline Security Standard
As part of improving the security hardening of our
Windows Server 2019 VMs, we are aligning with the
Microsoft Baseline Security Hardening Standard.
Users can no longer toggle RDP in PASW tile
If a customer would really like to continue to RDP, they
could do so using the BOSH runtime-conﬁg.

PSA & Important reminders
PASW 2012 R2 End of Availability **Sept 31, 2019**
In line with delivering the best experience for Windows workloads on
Pivotal Platform, the 2012 R2 stack is being retired. Please talk to your
customers to discuss migration and upgrade strategy.
‘-s windows2016’ is deprecated (as of PASW 2.5).
In PASW 2.8 the windows2016 stack will no longer work. Use ‘-s
windows’ instead. You may run `cf buildpacks` to verify that you have
the `windows` associated stack.
View a video on how to change the stack, here.
Read more about the change, here.

MySQL 2.8
● ICYMI: MySQL for PCF 2.7 (released Aug 1st)
○ Certiﬁcate rotation
○ HA Clusters are now GA (v2.7.2)
○ Multi-DC Replication Limited BETA
● MySQL for Pivotal Platform 2.8 oﬀers Multi-DC
Replication (Public BETA)
○ Developers can create a Leader-Follower MySQL in two
foundations/data centers
○ Developers can bind apps in either foundation to the
Multi-DC MySQL instance
○ Developers can trigger a failover to their DR foundation in
the case of a disaster
○ Operators can do data center maintenance while
minimizing database downtime
Coming Soon
Stability

RabbitMQ 1.18
● Oﬀ-platform access: on-demand instances can be
given an externally accessible address
● Granular Upgrades: on-demand instance owners
can choose when to perform an upgrade
● Improved availability of SIs when updating
underlying RabbitMQ and Erlang versions
● Expose additional metrics (node sockets, cluster
response time, node uptime)
RabbitMQ Summit - Nov 4th

Comprehensive Security

PAS 2.7
Operators can rotate the CCDB
encryption key
● Rotation of secrets is a best practice, as it
reduces the value of data that leaks outside the
org.
● This is now enabled for encrypted ﬁelds at rest in
the Cloud Controller Database in PAS.
Security

Pivotal Compliance Scanner Now GA!
● Allows customers to prove platform compliance
through scan results of Ops Man-visible VMs.
● Bundles 4 benchmarks
● Works in foundations with SSO enabled
● S3 bucket support for storing scan results
● Allow cancellation of running scans
Compliance
Scanner
Security

Compliance
Updates
● Pivotal Anti-Virus 2.0 now GA
○ Formerly known as ClamAV
○ Now a tile
○ Bundles the ClamAV Mirror Tile to provide
an easy way for our customers to set up a
mirror, to serve virus deﬁnition ﬁles.
○ Handles both air-gapped and
non-air-gapped use cases
Security

PAS 2.7
Developers can configure LDAP
user credentials when creating NFS
service instances.
● This removes the need for re-entering
service bind configuration details when
binding NFS services to apps.
● This also enables LDAP integration to work
in use cases that do not support bind
configuration (e.g. SCDF, or binding via
application manifest).
Speed
Security

Kubernetes-Native Services

RabbitMQ for Kubernetes

Pivotal RabbitMQ for Kubernetes [beta]
Why RabbitMQ for
Kubernetes?
● More eﬃcient resource
consumption
● Consistency
● Modular administration
● Latency
A full-featured Kubernetes Operator
for RabbitMQ to provision and
manage clusters at scale.

Services Marketplace

A multi-platform
services
marketplace
Our goal: enable Platform Engineers to
intuitively curate and manage a marketplace of
services across multiple platforms (both Cloud
Foundry and Kubernetes).
Services
Marketplace
BOSH managed tile (i.e.
RabbitMQ)
Helm packaged software
(ie. MongoDB)
Managed services from
AWS, Azure, GCP

KSM - A broker to bridge PAS and PKS [beta]
KSM enables Platform Engineers to extend the marketplace with a
catalog of containerized services deployed on PKS.
As a Platform Engineer you can now oﬀer OSS, internal, and COTS
products deployed on Kubernetes in your developer marketplace.
And once in the marketplace, Application Developers can create and
bind dedicated service instances to their applications using native CF
commands.

Azure Spring Cloud

Azure Spring Cloud: Build, run, and scale apps with Spring Cloud & K8s
A complete runtime for Spring
Boot microservices (and .NET in
the future)
Managed Eureka, Conﬁg Server,
and Circuit Breaker Dashboard
Integrated with Azure Monitor &
Application Insights
Extend apps with Azure data
services
Supported in the Azure CLI
Multi-region
Tiered oﬀering: “Standard” &
“Premium”
Private preview @ SpringOne
Platform
A fully managed service for
microservices, powered by Spring
Cloud and Azure Kubernetes Service.
+

Partner Ecosystem

ISV Ecosystem Momentum Drives Platform Advantage
ETL
DATABASE
IaaS
CACHE / LB
COMMERCE
SEARCH
IAM
SECURITY
TEST
ANALYTICS
BATCH
APM
MOBILE
CI / CD
NETWORKING
ITIL
BPM
IDE/CODE
API / SOA /
uS / IOT
MESSAGING SIEM / LOG /
AUDIT
CRM
Microsoft Azure
Microsoft Azure
Google Cloud Platform
Google Cloud Platform

Visit us at KubeCon next month!

Transforming How The World Builds Software

Pivotal Platform: A First Look at the October Release

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Pivotal Platform: A First Look at the October Release

Similar to Pivotal Platform: A First Look at the October Release (20)

More from VMware Tanzu

More from VMware Tanzu (20)

Recently uploaded

Recently uploaded (20)

Pivotal Platform: A First Look at the October Release