Installing and Configuring PASW
This topic describes how to install and configure the Pivotal Application Service for Windows (PASW) tile. The PASW tile installs Windows cells in your Pivotal Cloud Foundry (PCF) deployment.
Windows cells installed by the Pivotal Application Service for Windows tile are affected by two settings in the Pivotal Application Service tile. Configure these Pivotal Application Service tile settings as desired:
- System Logging: In the System Logging section, if you configure an external syslog aggregator, logs are drained from Windows cells as well as non-Windows cells. See Logging and Metrics for additional information.
- Disable SSL certificate verification for this environment: In the Networking section, if you select the Disable SSL certificate verification for this environment checkbox, SSL certificate verification is disabled for Windows cells. See Procedure: Terminate SSL/TLS at HAProxy for additional information.
Note: Only disable SSL certificate verification for development and testing environments. Do not select Disable SSL certificate verification for this environment for production environments.
Download the Pivotal Application Service for Windows product file from the product page of Pivotal Network.
From the same Pivotal Network page, download the Windows FS Injector tool for your workstation OS. The Injector tool,
winfs-injector, is an executable binary that adds the Windows Server container base image into the product file. This step requires internet access and can take up to 20 minutes.
Note: You need the
tar(BSD) executables on your
%PATH%to run the
winfs-injectorbin. For example, to use
tar.exemust be copied to a directory in your
To add the Windows Server container base image to the product file, run the following command:
winfs-injector --input-tile PASW-DOWNLOAD-PATH --output-tile PASW-IMPORTABLE-PATH
PASW-DOWNLOAD-PATHis the path and filename to the downloaded PASW product file.
PASW-IMPORTABLE-PATHis the desired output path for the importable product file.
C:\Users\admin> winfs-injector --input-tile ^ c:\temp\pas-windows-2.6.0-build.1.pivotal ^ --output-tile c:\temp\pas-windows-2.6.0-build.1-INJECTED.pivotal
For troubleshooting the
winfs-injector, see Missing Local Certificates for Windows File System Injector.
Navigate to the Ops Manager Installation Dashboard and click Import a Product.
To add PASW to the Import a Product product list, select the importable
PASW-IMPORTABLE-PATHfile on your workstation.
To add PASW to your staging area, click + under the PASW product listing.
Click the newly added PASW tile.
Click Assign AZs and Networks or Assign Networks. The name of the section varies depending on your IaaS.
Assign your AZs and networks and click Save.
Click VM Options.
Specify your selection for Manage Administrator Password.
- Use the Windows default password randomizes the admin password. With this selection, the admin password is not retrievable by an operator. This is the default selection.
- Set the password sets the same admin password for every Windows cell. As a result, this password can be used to access any Windows cell, including, for example, Remote Desktop Protocol (RDP) sessions.
(Optional) Select the BETA: Enable BOSH-native SSH support on all VMs checkbox to start the Microsoft beta port of the OpenSSH daemon on port 22 on all VMs. Users can SSH onto Windows VMs with the
bosh sshcommand, and enter a CMD terminal as an admin user. They can then run
powershell.exeto start a PowerShell session.
Note: This feature is beta and not considered production-ready.
(Optional) If you want all VMs to support connection through Remote Desktop Protocol (RDP), click Enable Remote Desktop Protocol.
(Optional) If you want to configure a Key Management Service (KMS) that your volume-licensed Windows cell can register with, perform the following steps:
- Click Enable
- For the Host field, enter the KMS hostname.
- For the Port field, enter the port number. The default port number is
(Optional) To deploy your PASW application workloads to an isolation segment, click Application Containers and perform the steps in the Assign a Tile to an Isolation Segment section below.
(Optional) To configure Windows cells to send Windows Event logs to an external syslog server, click System Logging and perform the steps in the Send Cell Logs to a Syslog Server section.
Click Smoke Tests.
Choose an org and space where your smoke tests can run.
- Choosing Temporary space within the system organization deletes the org after smoke tests finish.
- Choosing Specified org and space requires a domain available for routing and that domain must be accessible to the organization.
- In the Organization field, enter the Application Service org to use when running tests.
- In the Space field, enter the Application Service space to use when running tests.
- In the Domain field, enter the domain that the org has access to for running smoke tests.
(Optional) To enable advanced features in PASW, click Advanced Features and perform the following steps:
- To configure memory and disk overcommit for your Windows Diego cells,
follow the steps below:
- Enter the total desired amount of Diego cell memory in the Cell Memory Capacity (MB) field. For the current cell memory capacity settings, see the Windows Diego cell row on the Resource Config pane.
- Enter the total desired amount of Diego cell disk capacity in the Cell Disk Capacity (MB) field.
For the current cell disk capacity settings, see the Windows Diego cell row
on the Resource Config pane.
Note: Due to the risk of app failure and the deployment-specific nature of disk and memory use, Pivotal has no recommendation about how much, if any, memory or disk space to overcommit.
- To use the
cftag as the deployment name in your PASW metrics, enable the Use “cf” as deployment name in emitted metrics instead of unique name checkbox. By default, this checkbox is disabled, and the metrics are emitted with the BOSH deployment name of your PASW tile.
Note: Enable the Use “cf” as deployment name in emitted metrics instead of unique name checkbox only if it is required for backward compatibility with previous versions of PCF.
- Click Save.
- To configure memory and disk overcommit for your Windows Diego cells, follow the steps below:
- Pivotal recommends that you set the Install HWC Buildpack Errand to On. This ensures that you receive the most up-to-date HWC Buildpack.
- Enabling the Smoke Test Errand ensures that a smoke test is run against your Application Service installation.
To configure your tile resources, perform the following steps:
- Navigate to the Resource Config pane of the PASW tile.
- Use the dropdown menus to configure Windows Diego Cell. For more information, see Disk Size of Windows Diego Cells.
- Click Save.
Note: Provision your Master Compilation Job with at least 100 GB of disk space.
Windows stemcells v1803.2 and later in the 1803 line support ephemeral disks. If your PASW deployment is based on one of these stemcells, the recommended disk size for your Windows Diego cells is as follows:
|IaaS||Recommended Disk size of Windows Diego cell|
Note: If you use vSphere, you must create your own stemcell. The default root disk size of Windows stemcells v1803.2 and later in the 1803 line is 30 GB. Pivotal recommends setting the root disk size of your Windows stemcell for vSphere to 30 GB. For more information, see Creating a vSphere Windows Stemcell.
Go to Stemcell Library.
Retrieve the stemcell that you downloaded or created in Downloading or Creating a Windows Stemcell.
Follow the steps in Importing and Managing Stemcells to upload the Windows stemcell to Pivotal Application Service for Windows.
- Return to the Ops Manager Installation Dashboard.
- Click Review Pending Changes.
- Select the PASW tile and review the changes. For more information, see Reviewing Pending Product Changes.
- Click Apply Changes to install the PASW tile.
To run Windows cells in multiple isolation segments, you must create and configure additional PASW tiles. For more information, see Windows Cells in Isolation Segments.