Ops Manager v2.9 and Runtime Feature Highlights
Note: Pivotal Platform is now part of VMware Tanzu.
This topic highlights important new features included in Ops Manager v2.9.
Ops Manager v2.9 includes the following important major features. For additional information about these and other features included in Ops Manager v2.9, see Ops Manager v2.9 Release Notes.
Ops Manager v2.9 provides UI and performance improvements to the deployment log display, including separate pages for historical logs and streaming logs. Each step in these pages is collapsable, with indicators that show whether the step was successful, failed, or not yet executed.
Additional UI and performance improvements to the deployment log display:
- Deployment logs render more quickly
- One-click view of a stage with errors
- Start and end time are clearly displayed
- Stages are more clearly delineated
certificate_authorities API endpoints in Ops Manager v2.9
rotates certificates in BOSH CredHub as well as in Ops Manager if the following
conditions are met:
- VMware Tanzu Application Service for VMs (TAS for VMs) v2.9 or later is installed.
- VMware Enterprise PKS (PKS) is not installed.
The Ops Manager API rotates both Certificate Authorities and leaf certificates. However, some certificates in MySQL for VMware Tanzu and VMware Tanzu GemFire are not rotated.
Operators can view and update the current authentication settings through the Ops Manager UI and API at any time. Operators can set authentication to one of the following:
- Internal Authentication (default)
- SAML (SSO)
Operators can update the BOSH Director properties after initial deployment by first unlocking them in Advanced Mode.
This feature also includes:
- Improved response status and errors from the API endpoint
- Visual identification when customers enter advanced mode
You can access these fields in the Director Config pane. For unlockable fields, you
can also modify the values of these settings by using the
Ops Manager API endpoint in Advanced Mode.
Ops Manager supports virtual-hosted-style, or domain-style, URLs for Amazon S3-compatible blobstores. Operators can use virtual-hosted-style URLs for S3-compatible blobstores before AWS ends support for path-style URLs.
This feature allows operators to:
- Use host-style S3 bucket URLs
- View and update proxy settings using the API
- Update the decryption passphrase using the API
- Use an encrypted private key for a CredHub HSM
- Re-create the BOSH Director VM during an Apply Change
Ops Manager API documentation follows the OpenAPI Specification as documented in OpenAPI Specification in GitHub.
This update provides operators with a machine-parsable version of the Ops Manager API documentation and improves general formatting.
TAS for VMs v2.9 includes the following important major features. For additional information about these and other features included in TAS for VMs v2.9, see VMware Tanzu Application Service for VMs v2.9 Release Notes.
Operators can limit the number of log entries that each app instance generates per second by configuring the App log rate limit (beta) in the App Containers pane.
These limits prevent app instances from overloading the Loggregator Agent with logs, so that the Loggregator Agent does not drop logs for other app instances co-located on a Diego Cell. These limits can also keep excessive logging from depleting critical resources required by Diego to remain in a healthy state.
Operators can set a limit for TAS for VMs Diego Cells and a separate limit for isolated Diego Cells.
Operators can configure the timeout interval between
KILL signals for graceful
shutdowns in the App graceful shutdown period field in the Advanced Features pane.
TAS for VMs sends these signals to containers during a graceful shutdown to handle
in-flight requests. When a process requires more than the default 10-second timeout interval to
complete properly, the Operator can increase the timeout interval to an appropriate value.
Operators can set a timeout interval for TAS for VMs Diego Cells and a separate timeout interval for isolated Diego Cells.
Operators can configure the Diego Route Emitter to send encrypted messages to NATS over TLS.
This feature reduces reliance on security policy exceptions or security add-ons to meet security compliance requirements.
VMware Tanzu Application Service for VMs [Windows] v2.9 (TAS for VMs [Windows]) includes the following important major features. For additional information about these and other features included in TAS for VMs [Windows] v2.9, see VMware Tanzu Application Service for VMs [Windows] v2.9 Release Notes.
Operators can limit the number of log entries that each app instance in an isolation segment generates per second by configuring the App log rate limit (beta) in the App Containers pane of the Isolation Segment tile.
These limits prevent app instances from overloading the Loggregator Agent with logs, so that the Loggregator Agent does not drop logs for other app instances co-located on a Diego Cell. These limits can also prevents app from reporting inaccurate app metrics in the Cloud Foundry Command Line Interface (cf CLI) or increasing the CPU usage on the Diego Cell.
Operators can use the
EventLog.Stream.Console NuGet Package to stream app and Windows event logs
to the console.
Operators can use signed URLs for communication between the BOSH agent and the blobstore for Windows VMs.
Stembuild improvements include:
- Automatically obtain updated root certificates from the Windows Update Server
- Keeps up-to-date with the most recent version of OpenSSH
Note: Stembuild requires outbound network access to the Windows Update Server. Without this access, operators must update root certificates when necessary.
PKS v1.7 includes the following important major features. For additional information about these and other features included in PKS v1.7, see Release Notes in the PKS documentation.
PKS v1.7 uses TLS v1.2+ with strong ciphers for all internal component communication.
PKS v1.7 supports integration with the VMware Tanzu Service Mesh by VMware NSX (NSX-SM).
For more information, see VMware Tanzu Service Mesh by VMware NSX (Beta).
PKS v1.7 adds Kubernetes Profile support enabling cluster administrators and cluster managers to customize Kubernetes component settings for any clusters that they provision. For more information, see Validated vs Experimental Customizations in Using Kubernetes Profiles.
PKS v1.7 supports backing up and restoring stateless workloads networked with vSphere with NSX-T.
PKS v1.7 adds new Kubernetes monitoring enhancements and support for monitoring Node Exporter metrics. For more information, see Telegraf in the Installation topic for your IaaS.