Ops Manager v2.9 and Runtime Feature Highlights

Note: Pivotal Platform is now part of VMware Tanzu.

This topic highlights important new features included in Ops Manager v2.9.

Ops Manager Highlights

Ops Manager v2.9 includes the following important major features. For additional information about these and other features included in Ops Manager v2.9, see Ops Manager v2.9 Release Notes.

Improved Deployment Log Display

Ops Manager v2.9 provides UI and performance improvements to the deployment log display, including separate pages for historical logs and streaming logs. Each step in these pages is collapsable, with indicators that show whether the step was successful, failed, or not yet executed.

Additional UI and performance improvements to the deployment log display:

  • Deployment logs render more quickly
  • One-click view of a stage with errors
  • Start and end time are clearly displayed
  • Stages are more clearly delineated

Ops Manager API Rotates BOSH CredHub Certificates and Certificate Authorities

The certificate_authorities API endpoints in Ops Manager v2.9 rotates certificates in BOSH CredHub as well as in Ops Manager if the following conditions are met:

  • VMware Tanzu Application Service for VMs (TAS for VMs) v2.9 or later is installed.
  • VMware Enterprise PKS (PKS) is not installed.

The Ops Manager API rotates both Certificate Authorities and leaf certificates. However, some certificates in MySQL for VMware Tanzu and VMware Tanzu GemFire are not rotated.

View and Update Ops Manager Authentication Settings

Operators can view and update the current authentication settings through the Ops Manager UI and API at any time. Operators can set authentication to one of the following:

  • Internal Authentication (default)
  • LDAP
  • SAML (SSO)

Modifications to Locked and Unlockable Fields

Operators can update the BOSH Director properties after initial deployment by first unlocking them in Advanced Mode.

This feature also includes:

  • Improved response status and errors from the API endpoint
  • Visual identification when customers enter advanced mode

You can access these fields in the Director Config pane. For unlockable fields, you can also modify the values of these settings by using the /api/v0/staged/director/properties Ops Manager API endpoint in Advanced Mode.

Support for Virtual-Hosted-Style URLs for Amazon S3 Blobstores

Ops Manager supports virtual-hosted-style, or domain-style, URLs for Amazon S3-compatible blobstores. Operators can use virtual-hosted-style URLs for S3-compatible blobstores before AWS ends support for path-style URLs.

This feature allows operators to:

  • Use host-style S3 bucket URLs
  • View and update proxy settings using the API
  • Update the decryption passphrase using the API
  • Use an encrypted private key for a CredHub HSM
  • Re-create the BOSH Director VM during an Apply Change

API Documentation Follows OpenAPI Specification

Ops Manager API documentation follows the OpenAPI Specification as documented in OpenAPI Specification in GitHub.

This update provides operators with a machine-parsable version of the Ops Manager API documentation and improves general formatting.


VMware Tanzu Application Service for VMs Highlights

TAS for VMs v2.9 includes the following important major features. For additional information about these and other features included in TAS for VMs v2.9, see VMware Tanzu Application Service for VMs v2.9 Release Notes.

Configurable App Logging Rate Limits

Operators can limit the number of log entries that each app instance generates per second by configuring the App log rate limit (beta) in the App Containers pane.

These limits prevent app instances from overloading the Loggregator Agent with logs, so that the Loggregator Agent does not drop logs for other app instances co-located on a Diego Cell. These limits can also keep excessive logging from depleting critical resources required by Diego to remain in a healthy state.

Operators can set a limit for TAS for VMs Diego Cells and a separate limit for isolated Diego Cells.

Configurable App Graceful Shutdown Period

Operators can configure the timeout interval between TERM and KILL signals for graceful shutdowns in the App graceful shutdown period field in the Advanced Features pane. TAS for VMs sends these signals to containers during a graceful shutdown to handle in-flight requests. When a process requires more than the default 10-second timeout interval to complete properly, the Operator can increase the timeout interval to an appropriate value.

Operators can set a timeout interval for TAS for VMs Diego Cells and a separate timeout interval for isolated Diego Cells.

Route Emitter to NATS Encrypted Communication

Operators can configure the Diego Route Emitter to send encrypted messages to NATS over TLS.

This feature reduces reliance on security policy exceptions or security add-ons to meet security compliance requirements.


VMware Tanzu Application Service for VMs [Windows] Highlights

VMware Tanzu Application Service for VMs [Windows] v2.9 (TAS for VMs [Windows]) includes the following important major features. For additional information about these and other features included in TAS for VMs [Windows] v2.9, see VMware Tanzu Application Service for VMs [Windows] v2.9 Release Notes.

Configurable App Logging Rate Limits

Operators can limit the number of log entries that each app instance in an isolation segment generates per second by configuring the App log rate limit (beta) in the App Containers pane of the Isolation Segment tile.

These limits prevent app instances from overloading the Loggregator Agent with logs, so that the Loggregator Agent does not drop logs for other app instances co-located on a Diego Cell. These limits can also prevents app from reporting inaccurate app metrics in the Cloud Foundry Command Line Interface (cf CLI) or increasing the CPU usage on the Diego Cell.

Externalized Event Logs

Operators can use the EventLog.Stream.Console NuGet Package to stream app and Windows event logs to the console.

Signed URL Support for Windows VMs

Operators can use signed URLs for communication between the BOSH agent and the blobstore for Windows VMs.

Improvements to Stembuild

Stembuild improvements include:

  • Automatically obtain updated root certificates from the Windows Update Server
  • Keeps up-to-date with the most recent version of OpenSSH

Note: Stembuild requires outbound network access to the Windows Update Server. Without this access, operators must update root certificates when necessary.

VMware Enterprise PKS (PKS) v1.7 Highlights

PKS v1.7 includes the following important major features. For additional information about these and other features included in PKS v1.7, see Release Notes in the PKS documentation.

Enhanced Internal Component Communication Security

PKS v1.7 uses TLS v1.2+ with strong ciphers for all internal component communication.

VMware Tanzu Service Mesh Support

PKS v1.7 supports integration with the VMware Tanzu Service Mesh by VMware NSX (NSX-SM).
For more information, see VMware Tanzu Service Mesh by VMware NSX (Beta).

Kubernetes Profile Support

PKS v1.7 adds Kubernetes Profile support enabling cluster administrators and cluster managers to customize Kubernetes component settings for any clusters that they provision. For more information, see Validated vs Experimental Customizations in Using Kubernetes Profiles.

Support for Backing Up and Restoring Stateless Workloads

PKS v1.7 supports backing up and restoring stateless workloads networked with vSphere with NSX-T.

Enhanced Monitoring

PKS v1.7 adds new Kubernetes monitoring enhancements and support for monitoring Node Exporter metrics. For more information, see Telegraf in the Installation topic for your IaaS.