PCF v2.0 Feature Highlights

This topic highlights important new features included in Pivotal Cloud Foundry (PCF) v2.0.

Note: Elastic Runtime has been renamed Pivotal Application Service.

Ops Manager Highlights

Ops Manager v2.0 includes the following major features:

RBAC Support

Ops Manager v2.0 introduces support for role-based access control (RBAC).

Ops Manager Administrator with Full Control is able to make configuration changes and click apply changes in Ops Manager. With Full View permissions, operators can view credentials in the Credentials tab, view credentials using the Ops Manager API, and view configuration settings. Operators with restricted control permissions can make configuration changes and click apply changes. Operators with restricted view permissions can view configuration settings.

You can assign the following roles to determine which operators in your organization make deployment changes, view credentials, and manage user roles in Ops Manager:

  • Ops Manager Administrator: Full control over all Ops Manager configuration and settings, including assigning user roles and managing authentication
  • Full Control: Write access to Ops Manager, including credentials
  • Restricted Control: Write access to Ops Manager with no access to credentials
  • Full View: Read-only access to Ops Manager UI and API endpoints, including credentials
  • Restricted View: Read-only access to Ops Manager UI and API endpoints with no access to credentials

See Configuring Role-Based Access Control (RBAC) in Ops Manager for more information.

Custom Login Banner

In Ops Manager v2.0, operators can set a custom banner that every user sees when they log in to the Ops Manager BOSH Director. To set the banner, edit the Custom SSH Banner field in the Director Config page of the Ops Manager tile.

See the Configuring Ops Manager topic for your IaaS for more information.

Azure Stack Support (Beta)

Operators can deploy Ops Manager v2.0 to Microsoft Azure in their own local datacenter using Azure Stack.

See Deploying BOSH and Ops Manager to Azure Manually for more information.

BOSH System Metrics Available in Loggregator Firehose

PCF now forwards BOSH health metrics generated for all VMs in a deployment to the Loggregator Firehose by default. For more information about this feature and its implementation, see the BOSH System Metrics Forwarder section in the Overview of the Loggregator System.

BOSH CLI Renamed

Similar to previous Ops Manager versions, the Ops Manager VM includes both versions of the BOSH CLI. In Ops Manager v2.0, both versions of the BOSH CLI have been renamed.

If you used BOSH CLI v2 in earlier versions of Ops Manager, you ran commands using bosh2. In Ops Manager v2.0, run the same commands using bosh. For example, see the following table to compare the changes to the bosh vms command:

BOSH CLI Version PCF v1.12 PCF v2.0
BOSH CLI v1 bosh vms bosh-old vms
BOSH CLI v2 bosh2 -e MY-ENV vms bosh -e MY-ENV vms

Many BOSH CLI v1 commands are incompatible with the BOSH Director. Pivotal recommends using BOSH CLI v2 commands for compatibility with future versions of PCF.

VMware NSX-T Networking Support

Ops Manager v2.0 adds support for VMware NSX-T networking. NSX is a networking solution for VMware that provides a firewall, load balancing, and NAT/SNAT services for PCF. NSX-T is intended to work across multiple clouds and provide networking for container platforms. Previous versions of Ops Manager supported NSX-V.

When you upgrade from a previous version of Ops Manager with NSX networking enabled, Ops Manager defaults to NSX-V. The NSX-T integration is only for fresh installs of PCF. You can enable NSX-T networking by selecting NSX-T in the new NSX Mode dropdown menu of the vCenter Config pane.

See Configuring Ops Manager on vSphere for more information.

Operators can additionally use the NSX Manager to configure policies for PCF applications. See the NSX-T Container Plug-in for Kubernetes and Cloud Foundry - Installation and Administration Guide for more information.

Note: You must have NSX-T v2.1 installed to use this integration.

Note: The IPSec add-on is not supported with NSX-T.

Breaking Change: If you opt out of the BOSH DNS feature, your PCF deployment cannot support NSX-T networking.

Add Custom Encryption Key to AWS Installation

For Ops Manager for AWS, operators can specify a custom Key Management Service (KMS) encryption key to encrypt all the Elastic Block Store (EBS) volumes in AWS. For more information, see Configuring Amazon EBS Encryption.


Pivotal Application Service (PAS) Highlights

Pivotal Application Service (PAS) is the new name for Elastic Runtime.

VMware NSX-T Networking Support

PAS v2.0 adds support for VMware NSX-T networking. NSX is a networking solution for VMware that provides a firewall, load balancing, and NAT/SNAT services for PCF. NSX-T is intended to work across multiple clouds and provide networking for container platforms. Previous versions of PAS supported NSX-V networking.

To use NSX-T networking, you must install the NSX-T tile.

Warning: The NSX-T integration is only for fresh installs of PCF. You cannot upgrade an existing deployment to use NSX-T, and there is no upgrade path from NSX-V to NSX-T.

To enable NSX-T networking for your PCF installation, you must perform the following steps:

  1. In the Ops Manager Director tile > vCenter Config pane, select NSX-T from the NSX Mode drop-down menu. See Step 2: vCenter Config Page in Configuring Ops Manager on vSphere for more information.

  2. Install the NSX-T tile.

    • You must install the NSX-T tile after you install the Ops Manager Director tile.
    • You must install the NSX-T tile before you install the PAS tile.
  3. In the PAS tile > Networking pane, under Container Network Plugin Interface, select External.

Operators can additionally use the NSX Manager to configure policies for PCF applications. See the NSX-T Container Plug-in for Kubernetes and Cloud Foundry - Installation and Administration Guide for more information.

Note: You must have NSX-T v2.1 installed to use this integration.

Note: The IPSec add-on is not supported with NSX-T.

Breaking Change: If you opt out of the BOSH DNS feature, your PCF deployment cannot support NSX-T networking.

Secure Service Instance Credentials

The PAS tile now includes its own CredHub VM to support the secure storage of service instance credentials. Previously, PCF could only use the Cloud Controller database for storing these credentials.

Release-Level Backup and Restore

PAS v2.0 includes support for release-level backup and restore. BOSH Backup and Restore (BBR) now backs up each PAS component using scripts specific to the component. This new flow ensures services stop using the component database before it is backed up and improves the correctness of the backup. The steps to backup and restore with BBR are unchanged. For more information about component and service availability during backup, see PAS Component Availability During Backup

Colocated Errands on Instance VMs

The PAS tile no longer includes individual errand VMs. Instead, the errand jobs are colocated on other VMs in the deployment. Colocated errands run faster than traditional errands and use fewer resources, including disk and IP space. These errands are now set to always run by default.


Apps Manager Highlights

Option to Enable Metrics Forwarder on Apps Manager

Apps Manager includes a new option to bind the Metrics Forwarder service to an application. To bind the Metrics Forwarder service to an application, open Services and click Add a Service.

Option to Enable PCF Scheduler on Apps Manager

Apps Manager includes a new option to bind the PCF Scheduler service to an application. To bind the PCF Scheduler service to an application, open Services and click Add a Service.

Option to Enable App Autoscaler on Apps Manager

Apps Manager includes a new option to bind the App Autoscaler service to an application. To bind the App Autoscaler service to an application, open Services and click Add a Service. To access the configuration panel for App Autoscaler, click Manage.

Mappings Endpoint Integrated in Apps Manager

Apps Manager now integrates the Spring Boot Actuator /mappings endpoint. This endpoint displays the endpoints an app serves and other related details. For more information, see Using Actuators.


PCF Isolation Segment Highlights

VMware NSX-T Networking Support

PCF Isolation Segment v2.0 adds support for VMware NSX-T networking. NSX is a networking solution for VMware that provides a firewall, load balancing, and NAT/SNAT services for PCF. NSX-T is intended to work across multiple clouds and provide networking for container platforms. Previous versions of PCF Isolation Segment supported NSX-V networking.

To use NSX-T networking, you must install the NSX-T tile.

Warning: The NSX-T integration is only for fresh installs of PCF. You cannot upgrade an existing deployment to use NSX-T, and there is no upgrade path from NSX-V to NSX-T.

To enable NSX-T networking for your PCF installation, you must perform the following steps:

  1. In the Ops Manager Director tile > vCenter Config pane, select NSX-T from the NSX Mode drop-down menu. See Step 2: vCenter Config Page in Configuring Ops Manager on vSphere for more information.

  2. Install the NSX-T tile.

    • You must install the NSX-T tile after you install or upgrade the Ops Manager Director tile.
    • You must install the NSX-T tile before you install or upgrade the PAS tile.
  3. In the PCF Isolation Segment tile > Networking pane, under Container Network Plugin Interface, select External.

Operators can additionally use the NSX Manager to configure policies for PCF applications. See the NSX-T Container Plug-in for Kubernetes and Cloud Foundry - Installation and Administration Guide for more information.

Note: You must have NSX-T v2.1 installed to use this integration.

Note: The IPSec add-on is not supported with NSX-T.

Breaking Change: If you opt out of the BOSH DNS feature, your PCF deployment cannot support NSX-T networking.

Gorouter and HAProxy Support Multiple Certificates

You can now add more than one certificate for Gorouter and HAProxy in the Networking configuration pane. This improves security and removes the need to reissue the existing certificate when you want to add TLS support for custom domains. Gorouter and HAProxy use SNI to determine the correct certificate to present in a TLS handshake. For more information, see the Multiple Certificates section of Securing Traffic into Cloud Foundry.


Services Highlights

PCF Healthwatch v1.1

PCF v2.0 introduces PCF Healthwatch, a service for monitoring the current health, performance, and capacity of PCF. To help operators understand the operational state of their PCF deployment, PCF Healthwatch does the following:

  • Stores and visualizes metrics from core PCF components, including BOSH-reported VM metrics. The 1.1 version of the service covers the recommended Key Performance Indicators and Key Scaling Indicators for PCF v2.0.
  • Executes health checks as continuous validation tests and creates super metrics. For more information about the super metrics created by PCF Healthwatch, see PCF Healthwatch Metrics. The service stores, displays, and forwards this data into the Loggregator Firehose for external consumption by existing customer solutions.

For more information, see the PCF Healthwatch documentation.

Spring Cloud Services v1.5

Configurable data services allow you more control over where Spring Cloud Services (SCS) data resides. SCS now allows you to configure a service name and plan for creating a service broker MySQL database and RabbitMQ queues.

Configured server backend enhancements add support for pattern and searchPaths to Git backend properties.

The SCS service broker stores service instance credentials in CredHub. Client applications with updated SCS Connectors automatically resolve credentials stored in CredHub.

Spring Cloud Edgware builds on Spring Boot v1.5.x.

MySQL for PCF v2.2

MySQL for PCF v2.2 now offers the ability to create leader-follower, multi-AZ instances. Operators can monitor leader-follower instances with replication metrics.

Developers can configure MySQL for read/write/mixed workloads.

Developers can customize MySQL usernames in service bindings and service keys.

Developers and operators can create read-only access credentials.

RabbitMQ for PCF v1.11

RabbitMQ for PCF v1.11 is compatible with PCF v2.0.

Five configurable on-demand plans in the RabbitMQ tile enable operators to create customized plans to match developer demands.

Redis for PCF v1.11

Redis for PCF v1.11 is compatible with PCF v2.0 while taking advantage of the newest BOSH and Ops Manager features.

The Redis for PCF tile now uses SHA2 checksums for all releases.

Users that require backups can use the Redis for PCF On-Demand service‚Ä®.

Create a pull request or raise an issue on the source for this page in GitHub