Pivotal Cloud Foundry v1.7

Deploying Diego for Windows

Page last updated:

Note: This topic is deprecated.

This topic contains instructions for setting up a Windows cell in a Diego deployment. For more information about Diego, see the Diego Architecture topic.

A cell is a virtual machine (VM) that stages, hosts, and manages application lifecycles. You can install a Windows cell into your Pivotal Cloud Foundry (PCF) deployment by connecting directly to a Windows VM.


Unsupported Features

Diego for Windows does not yet support the following features:

  • Guaranteed binary compatibility with Diego BOSH releases
  • BOSH rolling updates for PCF or core operating system updates in Windows
  • Fair sharing of CPU resources

    Note: Diego for Windows does not enforce any CPU limits.

  • Container SSH access from the Cloud Foundry Command Line Interface (cf CLI)
  • ICMP egress by default. You must explicitly enable ICMP through security groups.
  • Emitting firewall logs into the CF log pipeline

Stability and Scalability Expectations

Capacity planning for Windows instances of PCF varies greatly based on the overhead caused by the components you add to the instance.

Supported Applications

The following application types are known to run correctly on Diego Windows:



  • A working Diego deployment
  • A Windows Server 2012R2 VM instance that is routable to your Diego deployment

    • See recommended instance types in the GitHub Diego release repo for details.
    • If you are creating a new Windows image, and not using one predefined and supplied by your IaaS, we recommend using this ISO image as a starting point. You must have an MSDN account to download this ISO image.
    • We recommend at least 50 gigabytes of storage space for your Windows VM instance.

    Note: The IP address of your Windows cell must not conflict with the IP addresses of VMs managed by BOSH. To prevent a conflict, use separate subnets in your VPC for the Windows cell and BOSH VMs, or assign the Windows cell an IP address from the Excluded IP Range that you declared in Ops Manager.

Step 1: Retrieve Setup Files

Perform the following steps to download the necessary setup files:

  1. From your Windows cell, navigate to the Elastic Runtime product on Pivotal Network (link deprecated).

  2. Deprecated: Select the DiegoWindows file group from the table.

    DiegoWindows file group

  3. Download the setup.ps1 and generate.exe files. Keep this window open to complete the steps below.

    Note: If you download the generate.exe file using Internet Explorer, Internet Explorer removes the .exe extension. You must rename the file to add the .exe extension.

Step 2: Configure Windows Cell

Perform the following steps to configure your Windows cell:

  1. Using File Explorer, navigate to the location where you downloaded the setup.ps1 and generate.exe files.

  2. Right-click on the setup.ps1 file and select Run with PowerShell. The setup.ps1 script configures Windows features, DNS settings, and the firewall for your Windows cell.

Note: Some IaaSes may require elevated Windows privileges to run the setup.ps1 script. If you receive a PSSecurity Unauthorized Access error, use the Set-ExecutionPolicy Unrestricted PowerShell cmdlt before re-running the setup.ps1 script.

Step 3: Download Your Manifest

Perform the following steps to download your Cloud Foundry manifest:

  1. SSH into your Ops Manager VM. The steps vary depending on your IaaS. For more information, see the SSH into Ops Manager section of the Advanced Troubleshooting with the BOSH CLI topic.

  2. From your Ops Manager VM, use the BOSH CLI to target and log in to your BOSH Director. The steps vary depending on whether your PCF deployment uses internal authentication or an external user store. For more information, see the Log into BOSH section of the Advanced Troubleshooting with the BOSH CLI topic.

  3. Use the bosh deployments command to list your deployments:

    $ bosh deployments
    Acting as user 'director' on 'p-bosh'
    RSA 1024 bit CA certificates are loaded due to old openssl compatibility
    | Name                    | Release(s)                    | Stemcell(s)                                   | Cloud Config |
    | cf-222e11e11111111e1111 | cf-autoscaling/36             | bosh-google-kvm-ubuntu-trusty-go_agent/3263.7 | none         |
    |                         | cf-mysql/26.6                 |                                               |              |
    |                         | cf/239.0.26                   |                                               |              |
    |                         | cflinuxfs2-rootfs/1.33.0      |                                               |              |
    |                         | consul/108.0.2                |                                               |              |
    |                         | diego/0.1485.1                |                                               |              |
    |                         | etcd/60.0.1                   |                                               |              |
    |                         | garden-runc/0.9.2             |                                               |              |
    |                         | ipsec/1.5.37                  |                                               |              |
    |                         | mysql-backup/1.25.0           |                                               |              |
    |                         | mysql-monitoring/6            |                                               |              |
    |                         | notifications-ui/17           |                                               |              |
    |                         | notifications/24              |                                               |              |
    |                         | pivotal-account/1             |                                               |              |
    |                         | push-apps-manager-release/652 |                                               |              |
    |                         | routing/0.138.6               |                                               |              |
    |                         | service-backup/14             |                                               |              |

  4. Review the output and identify the name of your Cloud Foundry deployment. In the above example, the name is cf-222e11e11111111e1111.

  5. Use the bosh download command to download the manifest of your Cloud Foundry deployment as cf.yml:

    $ bosh download manifest cf-222e11e11111111e1111 cf.yml
    Acting as user 'director' on deployment 'cf-222e11e11111111e1111' on 'p-bosh'
    RSA 1024 bit CA certificates are loaded due to old openssl compatibility
    Deployment manifest saved to 'cf.yml'

  6. Copy the cf.yml file from the Ops Manager VM to your Windows cell in one of two ways:

    • From your Windows cell, use WinSCP to copy the manifest from the Ops Manager VM.
    • From your local Mac or Linux machine, use scp to copy the manifest from the Ops Manager VM, and then use a Remote Desktop Protocol (RDP) client like Microsoft Remote Desktop to mount a directory containing the manifest on your local machine as a drive on the Windows cell. For more information, see the Microsoft documentation.

Step 4: Run Install Script Generator

From your Windows cell, run generate.exe with the following arguments:

  • manifest: The path to the manifest file downloaded from your Ops Manager BOSH Director
  • outputDir: The directory that will contain the required certificates and a script to run the installers
$ generate.exe ^
-manifest /tmp/cf.yml ^
-outputDir C:\diego-windows

Note: The parameters for generate.exe are case-sensitive.

Step 5: Install MSI

  1. Download DiegoWindows.msi and GardenWindows.msi from the same Pivotal Network file group to the outputDir that you specified above.

    DiegoWindows msis

    downloading msis

  2. From a command prompt, run install.bat from the outputDir.

    Note: By default, Containerizer stores container files at C:\containerizer. To modify the default, open install.bat and set CONTAINER_DIRECTORY to the directory where you want Containerizer to store container files.

    running install bat

Step 6: Confirm Successful Deployment

Follow the steps below to deploy a sample .NET application to one of your Windows cells and exercise basic Elastic Runtime functionality to ensure that your deployment functions properly.

  1. Launch Task Manager.

  2. Navigate to the Services tab. Confirm that the following five services are running:

    • ConsulService
    • ContainerizerService
    • GardenWindowsService
    • MetronService
    • RepService running services
  3. Clone the CF Smoke Tests repository.

  4. Follow the instructions from the CF Smoke Tests README to run the smoke tests against your environment with the enable_windows_tests configuration flag set to true.

Create a pull request or raise an issue on the source for this page in GitHub