Installing and Configuring PASW

This topic describes how to install and configure the Pivotal Application Service for Windows (PASW) tile. The PASW tile installs Windows cells in your Pivotal Cloud Foundry (PCF) deployment.

Step 1: Confirm Shared PAS Tile Settings

Windows cells installed by the Pivotal Application Service for Windows tile are affected by two settings in the Pivotal Application Service tile. Configure these Pivotal Application Service tile settings as desired:

  • System Logging: In the System Logging pane, if you configure an external syslog aggregator, logs are drained from Windows cells as well as non-Windows cells. See Logging and Metrics for additional information.
  • Disable SSL certificate verification for this environment: In the Networking pane, if you select the Disable SSL certificate verification for this environment checkbox, SSL certificate verification is disabled for Windows cells. See Procedure: Terminate SSL/TLS at HAProxy for additional information.

Note: Only disable SSL certificate verification for development and testing environments. Do not select Disable SSL certificate verification for this environment for production environments.

Step 2: Install the Tile

  1. Download the Pivotal Application Service for Windows product file from Pivotal Network.

  2. Within Pivotal Application Service for Windows, download the Windows FS Injector tool for your workstation OS.

    The Injector tool, winfs-injector, is an executable binary that adds the Windows Server container base image into the product file. This step requires internet access and can take up to 20 minutes.

    Note: You need the git and tar (BSD) executables on your %PATH% to run the winfs-injector bin. For example, to use winfs-injector.exe, tar.exe must be copied to a directory in your %PATH%.

  3. To add the Windows Server container base image to the product file, run the following command:

    winfs-injector --input-tile PASW-DOWNLOAD-PATH --output-tile PASW-IMPORTABLE-PATH
    

    Where:

    • PASW-DOWNLOAD-PATH is the path and filename to the downloaded PASW product file.
    • PASW-IMPORTABLE-PATH is the desired output path for the importable product file.

    For example:

    C:\Users\admin> winfs-injector --input-tile ^
    c:\temp\pas-windows-2.3.0-build.1.pivotal ^
    --output-tile c:\temp\pas-windows-2.3.0-build.1-INJECTED.pivotal
    

    For troubleshooting the winfs-injector, see Missing Local Certificates for Windows File System Injector.

  4. Navigate to the Ops Manager Installation Dashboard and click Import a Product.

  5. To add PASW to the Import a Product product list, select the importable PASW-IMPORTABLE-PATH file on your workstation.

  6. To add PASW to your staging area, click + under the PASW product listing.

Step 3: Configure the Tile

  1. Click the newly added PASW tile.

    Pcf windows tile orange

  2. Click Assign AZs and Networks or Assign Networks. The name of the pane varies depending on your IaaS.

  3. Assign your AZs and networks and click Save.

  4. Click VM Options.

    Vm options

  5. Specify your selection for Manage Administrator Password.

    • Use random password randomizes the admin password. With this selection, the admin password is not retrievable by an operator. This is the default selection.
    • Set the password sets the same admin password for every Windows cell. As a result, this password can be used to access any Windows cell, including, for example, Remote Desktop Protocol (RDP) sessions.
  6. (Optional) Select the BETA: Enable BOSH-native SSH support on all VMs checkbox to start the Microsoft beta port of the OpenSSH daemon on port 22 on all VMs. Users can SSH onto Windows VMs with the bosh ssh command, and enter a CMD terminal as an admin user. They can then run powershell.exe to start a PowerShell session.

    Note: This feature is beta and not considered production-ready.

  7. (Optional) If you want all VMs to support connection through Remote Desktop Protocol (RDP), click Enable Remote Desktop Protocol.

  8. (Optional) If you want to configure a Key Management Service (KMS) that your volume-licensed Windows cell can register with, perform the following steps:

    1. Click Enable
    2. For the Host field, enter the KMS hostname.
    3. For the Port field, enter the port number. The default port number is 1688.

    The enable KMS text fields: host and port

  9. Click Save.

  10. (Optional) To deploy your PASW application workloads to an isolation segment, click Application Containers and perform the steps in the Assign a Tile to an Isolation Segment section below.

  11. (Optional) To configure Windows cells to send Windows Event logs to an external syslog server, click System Logging and perform the steps in the Send Cell Logs to a Syslog Server section.

  12. (Optional) To enable advanced features in PASW, click Advanced Features and perform the following steps:

    1. To configure memory and disk overcommit for your Windows Diego cells, follow the steps below:
      1. Enter the total desired amount of Diego cell memory in the Cell Memory Capacity (MB) field. For the current cell memory capacity settings, see the Windows Diego cell row on the Resource Config pane.
      2. Enter the total desired amount of Diego cell disk capacity in the Cell Disk Capacity (MB) field. For the current cell disk capacity settings, see the Windows Diego cell row on the Resource Config pane.

        Note: Due to the risk of app failure and the deployment-specific nature of disk and memory use, Pivotal has no recommendation about how much, if any, memory or disk space to overcommit.

        Advanced features
    2. Click Save.
  13. Click Errands. Pivotal recommends that you set the Install HWC Buildpack Errand to On. This ensures that you receive the most up-to-date HWC Buildpack.

    Errands hwc

  14. Click Save.

Step 4: Configure Tile Resources

To configure your tile resources, perform the following steps:

  1. Navigate to the Resource Config pane of the PASW tile.
  2. Use the dropdown menus to configure Windows Diego Cell. For more information, see Disk Size of Windows Diego Cells.
  3. Click Save.

Note: Provision your Master Compilation Job with at least 100 GB of disk space.

Disk Size of Windows Diego Cells

Windows stemcells v1803.2 and later in the 1803 line support ephemeral disks. If your PASW deployment is based on one of these stemcells, the recommended disk size for your Windows Diego cells is as follows:

IaaS Disk size of Windows Diego cell
AWS 100 GB
Azure 150 GB
GCP 150 GB
vSphere 100 GB

Note: If you use vSphere, you must create your own stemcell. The default root disk size of Windows stemcells v1803.2 and later in the 1803 line is 30 GB. Pivotal recommends setting the root disk size of your Windows stemcell for vSphere to 30 GB. For more information, see Creating a Windows Stemcell for vSphere Manually or Creating a Windows Stemcell for vSphere Using stembuild (Beta).

Step 5: Upload the Stemcell

  1. Go to Stemcell Library.

  2. Retrieve the stemcell that you downloaded or created in Downloading or Creating a Windows Stemcell.

  3. Follow the steps in Importing and Managing Stemcells to upload the Windows stemcell to Pivotal Application Service for Windows.

Step 6: Deploy the Tile

  1. Return to the Ops Manager Installation Dashboard.
  2. Click Review Pending Changes.
  3. Select the PASW tile and review the changes. For more information, see Reviewing Pending Product Changes.
  4. Click Apply Changes to install the PASW tile.

Step 7: (Optional) Create More Tiles

To run Windows cells in multiple isolation segments, you must create and configure additional PASW tiles. For more information, see Windows Cells in Isolation Segments.

Create a pull request or raise an issue on the source for this page in GitHub