PCF v1.12 Feature Highlights
This topic highlights important new features included in Pivotal Cloud Foundry (PCF) v1.12.
Ops Manager v1.12 includes the following major features:
Ops Manager v1.12 supports migrating
For more information about this feature, see Migrating Existing Credentials to CredHub in the PCF Tile Developers Guide.
Ops Manager creates a TLS certificate and passes it to BOSH. This facilitates mutually authenticated and encrypted HTTP traffic between the BOSH Director and the Agent that exists on each BOSH-created VM.
Ops Manager decreases the time required to upgrade by reducing the size of the file produced by Export Installation Settings by several orders of magnitude.
For upgrade instructions, see Upgrading Pivotal Cloud Foundry.
The exported installation file is smaller because Ops Manager no longer retains releases between upgrades if it has already uploaded them to BOSH. When backing up PCF, you must take this into account by backing up the BOSH blobstore that contains the uploaded releases. BOSH Backup and Restore (BBR) backs up the BOSH blobstore. For more information, see Backing Up Pivotal Cloud Foundry with BBR.
WARNING: CFOps assumed that the Ops Manager installation settings artifact contained all necessary releases, which is no longer the case in PCF v1.12. CFOps should not be used to back up and restore PCF v1.12.
This feature is relevant for operators who use Ops Manager only for manifest generation and do not click Apply Changes.
Operators who extract Ops Manager-generated manifests in order to manually deploy PCF products with BOSH can ensure credentials are migrated to CredHub and continue to be included in the deploy.
Older Ops Manager-generated manifests contained credentials in plain text. But as products migrate to use CredHub, manifests now contain placeholders so that credentials are fetched at deploy time. The extracted manifests for supporting PCF product releases automatically contain a reference to CredHub-stored credentials.
The new Ops Manager API generates a file used by CredHub to bulk load credentials from Ops Manager. Subsequent BOSH deployments result in existing credentials continuing to be supplied. The new API also includes an additional endpoint that operators can use to delete credentials from Ops Manager if needed.
For more information about using the Ops Manager API, see Using the Ops Manager API. For the complete Ops Manager API documentation, browse to
The BOSH Director now supports multiple named runtime configs. Operators can add, remove, and update each runtime config file independently, in order to more easily configure which Pivotal Cloud Foundry Add-ons are applied to which deployments and instance groups.
For more information about runtime configs, see the BOSH documentation.
Operators can deploy PCF and supported products to additional AWS regions. PCF now supports the following public regions:
Pivotal publishes AMIs for all of these regions. The PDF downloaded from PivNet contain the new AMI IDs.
Operators can deploy Ops Manager v1.12 to AWS GovCloud (US). For more information about deploying AWS GovCloud (US), see the following AWS installation topics:
- Deploying the CloudFormation Template for Pivotal Cloud Foundry on AWS
- Manually Configuring AWS for PCF
Google Shared Virtual Private Cloud (VPC), formerly known as Google Cross-Project Networking (XPN), enables you to assign Google Cloud Platform (GCP) resources to individual projects within an organization but allows communication and shared services between projects.
For more information about this feature, see Configuring a Shared VPC on GCP.
Ops Manager v1.12.0 uses the new version of the BOSH CLI.
There are two major releases of the BOSH CLI, and the Ops Manager Director VM includes both versions. You can
bosh commands for the old CLI and
bosh2 commands for the new CLI, but many old CLI commands are incompatible with the BOSH Director. See the corresponding Knowledge Base article for more information.
For more information about the differences between the old and new versions of the BOSH CLI, see the BOSH documentation.
For information about other new features in Ops Manager v1.12, see the Pivotal Cloud Foundry Ops Manager v1.12 Release Notes.
Elastic Runtime v1.12 includes the following major features:
Developers can deploy applications that utilize multiple buildpacks in sequence. Developers specify the buildpacks either with the Cloud Foundry Command Line Interface (cf CLI) or through an application manifest.
Support for multiple buildpacks enables developers to use system buildpacks rather than custom buildpacks or Docker packaging. System buildpacks provide benefits such as automated patching of application server CVEs, and assures a constantly patched root file system across applications.
The internal credentials (
simple_credentials) that Elastic Runtime uses for intra-component communication are generated and stored in CredHub instead of Ops Manager.
GrootFS replaces previously built-in functionality in Garden-runC, including:
- File system isolation
- Disk quota enforcement
- Container image management
This is part of ongoing work designed to make PCF compliant with the Open Container Initiative (OCI) standards.
Each application instance has a unique certificate and key available to it that can be used to verify the identity of the application.
This gives applications an easier way to assert their identity to other clients and services, so that appropriate authentication and authorization decisions can be made on either side of the communication.
For more information, see the App Instance Container Identity Credentials section of the TLS Connections in PCF Deployments topic.
Elastic Runtime now uses the newly incubated haproxy-boshrelease. This replacement of this job allows the tile to expose new HAProxy features.
For information about other new features in Elastic Runtime v1.12, see the Pivotal Cloud Foundry Elastic Runtime v1.12 Release Notes.
Apps Manager v1.12 includes the following features:
Developers can create services without leaving the application or space view for an accelerated workflow.
When creating a new service, developers can discover additional parameter options as fields, or a JSON editor that enables them to define the parameters.
The PCF Isolation Segment v1.12 tile includes the following features:
Operators can now configure sharding mode for routers. For more information, see Installing PCF Isolation Segment.
You can now use an HAProxy for the Isolation Segment tile that is independent from the Elastic Runtime HAProxy.
The PCF Runtime for Windows v1.12 tile includes the following features:
Operators can now manage a password strategy for the Windows admin user on Windows VMs when configuring the PCF Runtime for Windows v1.12 tile. They can use the Windows default password, specify a password, or generate random passwords for each VM. For more information, see Deploying PCF Runtime for Windows.
Operators can now configure a syslog endpoint for Windows Event Logs in the PCF Runtime for Windows v1.12 tile. Windows Events Logs provide a consolidated, system-level logging mechanism that is especially useful in troubleshooting problems with running applications. For more information, see Deploying PCF Runtime for Windows.
The PCF Metrics v1.4 tile releases alongside PCF v1.12 and includes the following major features:
- Support for Spring Boot Actuator metrics
- Support for custom app metrics
- Instance-level metrics visualization
- Improved UI
For more information, see the PCF Metrics v1.4 documentation.
The Single Sign-On (SSO) v1.5 tile releases alongside PCF v1.12 and includes the following major features:
- Support for enterprise SSO with Azure Active Directory using OpenID Connect (OIDC)
- Improved framework support for SSO and the SSO connector for app developers using Spring Boot on PCF
- New sample apps to help developer onboarding
- Support for token exchange flow, including integration with existing enterprise identity providers
For more information, see the SSO v1.5 documentation.
RabbitMQ for PCF v1.10 offers an on-demand cluster plan. Now operators can offer three types of plans:
- On-demand single node
- On-demand cluster
For application teams that require more isolation, on-demand plans empower them to self-serve their own RabbitMQ on a single node or cluster.
Release v1.10 also provides smoke tests for the on-demand plans so that operations teams can validate the application developer workflow for on-demand services.
For more information, see the Redis for PCF v1.10 documentation.
The Redis for PCF v1.10 tile includes the following major features:
- General metrics enhancements for on-demand services
- Syslog enablement with or without TLS encryption
For more information, see the RabbitMQ for PCF v1.10 documentation.
The MySQL for PCF v2.1 tile includes the following major features:
- Provides a new restore utility on each service instance to make restoring from a backup artifact easier
- Adds the ability to enable or disable
lower_case_table_namesfor all MySQL service instances or only specific service instances, which helps when migrating from legacy systems that need case insensitivity
- Changes several MySQL server default configurations to provide better consistency and expected behavior when migrating from the MySQL for PCF v1 series
For more information, see the MySQL for PCF v2.1 documentation.