Installing and Configuring PAS for Windows

This topic describes how to install and configure the Pivotal Application Service (PAS) for Windows tile. The PAS for Windows tile installs Windows cells on your PCF deployment.

Step 1: Confirm Shared PAS Tile Settings

There are two settings in the Pivotal Application Service tile that affect the Windows cells installed by the PAS for Windows tile. Configure these settings as desired:

  • In the Networking section, if you select the Disable SSL certificate verification for this environment checkbox, SSL certificate verification is disabled for Windows cells.
  • In the System Logging section, if you configure an external syslog aggregator, logs are drained from Windows cells as well as non-Windows cells.

Step 2: Install the Tile

  1. Download the Pivotal Application Service for Windows product file from the product page of Pivotal Network.

  2. From the same Pivotal Network page, download the PAS for Windows File System Injector tool for your workstation OS, Windows, Linux, or Mac. The Injector tool is an executable binary winfs-injector that adds the Windows Server container base image into the product file. This step requires internet access and can take up to 20 minutes. Note that you will need the git and tar (BSD) executables on your %PATH% in order in order to run the winfs-injector. Note, to use the injector on a Windows machine, winfs-injector.exe, the included utility, tar.exe, must be copied to a folder in your %PATH%. For example, C:\Windows.

  3. Run winfs-injector with the following options, replacing PAS-WINDOWS-DOWNLOADED.pivotal with the path to the downloaded PAS for Windows product file and PAS-WINDOWS-INJECTED.pivotal with a desired output path for the importable product file:

    $ winfs-injector --input-tile PAS-WINDOWS-DOWNLOADED.pivotal \
    --output-tile PAS-WINDOWS-INJECTED.pivotal
    
    For troubleshooting the winfs-injector, see PAS for Windows File System Injector Troubleshooting.

  4. Navigate to the Ops Manager Installation Dashboard and click Import a Product.

  5. Select the importable PAS-WINDOWS-INJECTED.pivotal file on your workstation. PAS for Windows appears in the product list under Import a Product.

  6. Click + under the PAS for Windows product listing to add it to your staging area.

Step 3: Configure the Tile

  1. Click the newly added PAS for Windows tile.

    Pcf windows tile orange

  2. Click Assign AZs and Networks or Assign Networks. The name of the section varies depending on your IaaS.

  3. Assign your AZs and networks and click Save.

  4. Click VM Options.

    Vm options

  5. Specify how you would like to manage the password for the user called “Administrator” for your Windows VMs.

    • The default option is to Use the Windows default password, which randomizes the password for this user and the password is not retrievable by an operator.
    • Set the password will set the same password for the user called “Administrator” for every Windows cell; this can be used to access any Windows cell (e.g. RDP sessions).
  6. (Optional) Select the BETA: Enable BOSH-native SSH support on all VMs checkbox to start the Microsoft beta port of the OpenSSH daemon on port 22 on all VMs. Users will be able to SSH onto Windows VMs with the bosh ssh command, and enter a CMD terminal as an administrator user. They can then run powershell.exe to start a PowerShell session.

    Note: This feature is beta and not considered production-ready.

  7. (Optional) If you want all VMs to support connection through Remote Desktop Protocol (RDP), click Enable Remote Desktop Protocol.

  8. (Optional) If you want to configure a Key Management Service (KMS) that your volume-licensed Windows cell can register with, perform the following steps:

    1. Click Enable
    2. For the Host field, enter the KMS hostname.
    3. For the Port field, enter the port number. The default port number is 1688.

    The enable KMS text fields: host and port

  9. (Optional) To deploy your PAS for Windows application workloads to an isolation segment, click Application Containers and perform the steps in the Assign a Tile to an Isolation Segment section below.

  10. (Optional) To configure Windows cells to send Windows Event logs to an external syslog server, click System Logging and perform the steps in the Send Cell Logs to a Syslog Server section.

  11. Click Errands. Pivotal recommends that you set the Install HWC Buildpack Errand to On. This ensures that you receive the most up-to-date HWC Buildpack.

    Errands hwc

  12. Click Save.

Step 4: Configure Tile Resources

Note: Root disk sizing has been disabled and the default disk size for Windows cells has been increased. Future releases will provide ephemeral disk support to allow you to configure the size of your Windows cell.

The size of the root disk of a stemcell determines the minimum root disk size of any Windows VM that the BOSH Director can create from that stemcell. The relationship between the disk size of the stemcell and the root disk size of the Windows cells depends on your IaaS, as shown in the table below.

IaaS Windows Stemcell 1200.17+ disk size Windows Stemcell 1709.5+ disk size
Azure 127 GB 30 GB
AWS 128 GB 128 GB
GCP 100 GB 100 GB
vSphere Recommended 128 GB+* Recommended 128 GB+*

Because you create your own stemcell on vSphere, you can control its root disk size. See Creating a vSphere Stemcell by Hand for more information.

If you’re using a Stemcell version before 1200.17 or before 1709.5, please refer to Using Windows Stemcells in the PAS for Windows 2012R2 documentation.

Select Diego Cell disk sizes

When you deploy or upgrade PAS for Windows, configure the resources of the BOSH Director and PAS for Windows as follows:

  1. On the Ops Manager Installation Dashboard, select Pivotal Application Service for Windows.

  2. In the Settings tab, select Resource Config.

  3. In the VM Type field, ensure that Windows Diego Cell has a minimum disk size according to the table above and your IaaS.

  4. Click Save.

Select Master Compilation VM disk size

  1. On the Ops Manager Installation Dashboard, select the BOSH Director tile (usually the first tile).

  2. In the Settings tab, select Resource Config.

  3. In the VM Type field, ensure that the Ops Manager compilation VM has a minimum disk size according to the table above and your IaaS.

    Ops man resources

  4. Click Save.

Step 5: Upload the Stemcell

  1. On the Ops Manager Installation Dashboard, in Pivotal Application Service for Windows, click on Missing Stemcell. You will be taken to the Stemcell Library.

  2. Retrieve the stemcell that you downloaded or created in Downloading or Creating a Windows Stemcell.

  3. Follow the steps in Importing and Managing Stemcells to upload the Windows stemcell to Pivotal Application Service for Windows.

Step 6: Deploy the Tile

  1. Return to the Ops Manager Installation Dashboard and click Apply Changes to install the PAS for Windows tile.

Step 7: (Optional) Create More Tiles

If you want to run Windows cells in multiple isolation segments, you must create and configure additional PAS for Windows tiles. See Windows Cells in Isolation Segments for how to do this.

Create a pull request or raise an issue on the source for this page in GitHub