Installing and Configuring PASW
This topic describes how to install and configure the Pivotal Application Service for Windows (PASW) tile.
If you have the PASW 2012 R2 tile installed, see Migrating from PASW 2012 R2 to PASW for more information about the changes in features and functionality between the two tile versions.
The PASW tile installs Windows Diego Cells in your Pivotal Cloud Foundry (PCF) deployment.
The PASW tile inherits settings from the Pivotal Application Service (PAS) tile and also includes additional configuration settings.
To install, configure, and deploy PASW, do the following:
- Complete the prerequisites. See Prerequisite.
- Download and install the PASW tile. See Install the Tile.
- Configure required settings for the tile. See Configure the Tile.
- Configure resources for the tile. See Configure Tile Resources.
- Upload the Windows stemcell to the tile. See Upload the Stemcell.
- Deploy the tile. See Deploy the Tile.
Before you install and configure the PASW tile, you must disable SSL certificate verification for all Windows Diego cells on development and testing environments.
Note: Only disable SSL certificate verification for development and testing environments. Do not disable SSL certificate verification for production environments.
To disable SSL validation on development and testing environments, do the following:
In the PAS tile, go to the Networking pane.
Select the Disable SSL certificate verification for this environment checkbox.
For more information, see the Procedure: Terminate SSL/TLS at HAProxy section of Configuring SSL/TLS Termination at HAProxy.
To install the PASW tile, do the following:
Download the Pivotal Application Service for Windows product file from Pivotal Network.
Within Pivotal Application Service for Windows, download the Windows FS Injector tool for your workstation OS.
The Injector tool,
winfs-injector, is an executable binary that adds the Windows Server container base image into the product file. This step requires internet access and can take up to 20 minutes.
Note: You need the
tarexecutables in your
winfs-injector.exe. For example, copy
tar.exeto a directory in your
To add the Windows Server container base image to the product file, run the following command:
winfs-injector --input-tile PASW-DOWNLOAD-PATH --output-tile PASW-IMPORTABLE-PATH
PASW-DOWNLOAD-PATHis the path and filename to the PASW product file you downloaded.
PASW-IMPORTABLE-PATHis the desired output path for the importable product file.
C:\Users\admin> winfs-injector --input-tile ^ c:\temp\pas-windows-2.6.0-build.1.pivotal ^ --output-tile c:\temp\pas-windows-2.6.0-build.1-INJECTED.pivotal
For information about troubleshooting
winfs-injector, see Missing Local Certificates for Windows File System Injector in Troubleshooting Windows Cells.
To enable forwarding BOSH job logs to an external syslog server, add the following BOSH add-on to a
releases: - name: windows-syslog version: latest addons: - name: windows-syslog include: stemcell: - os: ((Stemcell OS e.g., windows2019)) jobs: - name: syslog_forwarder_windows properties: syslog: address: ((IP address of the syslog server)) port: ((Port of the syslog server)) transport: ((tcp or udp)) # Optional. If you enabled SSL certificate # verification in PAS, you must configure # `tls_enabled:` and `ca_cert:`. tls_enabled: true ca_cert: ((TLS CA certificate of the syslog server)) release: windows-syslog
For more information about BOSH add-ons, see Addons Block in the BOSH documentation.
Navigate to the Ops Manager Installation Dashboard and click Import a Product.
To add the PASW tile to the Import a Product product list, select the importable
PASW-IMPORTABLE-PATHfile on your workstation.
To add the PASW tile to your staging area, click + under the Pivotal Application Service for Windows product listing.
The following sections describe how to configure the settings for the PASW tile.
To assign AZs and networks, do the following:
Click the Pivotal Application Service for Windows tile.
Select Assign AZs and Networks or Assign Networks. The name of the pane varies depending on your IaaS.
Assign your AZs and networks and click Save.
To configure VMs, do the following:
In the Pivotal Application Service for Windows tile, select VM Options.
Select one of the following for Manage Administrator Password:
- To randomize the admin password, select Use random password. If you select this option, the admin password is not retrievable by an operator. This is the default selection.
- To set the same admin password for every Windows Diego Cell, select Set the password. If you select this option, this password can be used to access any Windows Diego Cell. For example, you can use this password to open Remote Desktop Protocol (RDP) sessions.
(Optional) To start the Microsoft beta port of the OpenSSH daemon on port 22 on all VMs, select the BETA: Enable BOSH-native SSH support on all VMs checkbox. If you select this option, users can SSH into Windows VMs with the
bosh sshcommand, and enter a CMD terminal as an admin user. They can then run
powershell.exeto start a PowerShell session.
Note: This feature is in beta and not considered production-ready.
(Optional) To enable all VMs to support connection through RDP, select Enable Remote Desktop Protocol.
(Optional) To configure a Key Management Service (KMS) that your volume-licensed Windows Diego Cell can register with, do the following:
- Select Enable.
- For the Host field, enter the KMS hostname.
- For the Port field, enter the port number. The default port number is
To configure smoke tests, do the following:
In the Pivotal Application Service for Windows tile, select Smoke Tests.
Select one of the following locations for smoke tests to run:
- To run smoke tests in a temporary space in the default org, select Temporary space within the system organization. PASW deletes the space after smoke tests finish.
- To specify the org and space where smoke tests run, select Specified org and space. You must enter a domain available for routing and that domain must be accessible to the org. Enter the following:
- In the Organization field, enter the Application Service org to use when running tests.
- In the Space field, enter the Application Service space to use when running tests.
- In the Domain field, enter the domain that the org has access to for running smoke tests.
To configure memory and disk overcommit for your Windows Diego Cells, do the following:
In the Pivotal Application Service for Windows tile, select Advanced Features.
Enter the total desired amount of Diego Cell memory in the Cell Memory Capacity (MB) field. For the current cell memory capacity settings, see the Windows Diego Cell row on the Resource Config pane.
Enter the total desired amount of Diego Cell disk capacity in the Cell Disk Capacity (MB) field. For the current cell disk capacity settings, see the Windows Diego Cell row on the Resource Config pane.
Note: Due to the risk of app failure and the deployment-specific nature of disk and memory use, Pivotal has no recommendation about how much, if any, memory or disk space to overcommit.
To configure errands, do the following:
- To ensure that you receive the most up-to-date HWC buildpack, set the Install HWC Buildpack Errand to On.
- To ensure that a smoke test is run against your Application Service installation, set the Smoke Test Errand to On.
To deploy your PASW app workloads to an isolation segment, select Application Containers and perform the steps in the Assign a Tile to an Isolation Segment section of Windows Cells in Isolation Segments.
To configure Windows Diego Cells to send Windows Event logs to an external syslog server, select System Logging and perform the steps in the Forward Windows Event Logs to a Syslog Server section of Troubleshooting Windows Cells.
To configure your tile resources, do the following:
- Navigate to the Resource Config pane of the PASW tile.
- Use the dropdown menus to configure Windows Diego Cell.
See the following table for the recommended Windows Diego Cell disk size for your IaaS:
IaaS Recommended Windows Diego Cell Disk Size AWS 100 GB Azure 150 GB GCP 150 GB vSphere 100 GB
Note: Windows stemcells in the v2019.x line support ephemeral disks.
- Provision your Master Compilation Job with at least 100 GB of disk space.
- Click Save.
To upload the stemcell, do the following:
In the Pivotal Application Service for Windows tile, select Stemcell Library.
Retrieve the stemcell that you downloaded or created in Downloading or Creating a Windows Stemcell.
Follow the steps in Importing and Managing Stemcells to upload the Windows stemcell to Pivotal Application Service for Windows.
Note: If you use vSphere, you must create your own stemcell. The default root disk size of Windows stemcells v2019.x line is 30 GB. Pivotal recommends setting the root disk size of your Windows stemcell for vSphere to 30 GB. For more information, see Creating a Windows Stemcell for vSphere Manually or Creating a Windows Stemcell for vSphere Using stembuild (Beta).
To deploy the PASW tile, do the following:
- Go to the Ops Manager Installation Dashboard.
- Select Review Pending Changes.
- Select the PASW tile and review the changes. For more information, see Reviewing Pending Product Changes.
- Select Apply Changes to install the Pivotal Application Service for Windows tile.
To run Windows Diego Cells in multiple isolation segments, you must create and configure additional PASW tiles. For more information, see Windows Cells in Isolation Segments.