Más contenido relacionado

Presentaciones para ti(20)

Similar a Moving at the speed of startup with Pivotal Cloud Foundry 1.11(20)


Más de VMware Tanzu(20)



Moving at the speed of startup with Pivotal Cloud Foundry 1.11

  1. Moving at the speed of startup with Pivotal Cloud Foundry 1.11 July 19, 2017 Jared Ruckle @jaredruckle Pieter Humphrey @pieterhumphrey
  2. We believe transforming how the world builds software will shape the future of our world
  3. Transforming The Ops & Security Experience
  4. 4 Rotate, Repave, Repair Cloud Native Security Repair ■  App, Runtime, Server, OS within hrs of patch availability Repave ■  Servers and Apps from known good state Rotate ■  Credentials, API Keys, Secrets
  5. Setting the stage for CredHub 5 A central point of control for credential lifecycle management Ops Mgr deploys CredHub v1.0 in preparation for Pivotal’s planned changes to credential management ■  Today: Credentials are created by Ops Mgr and present in BOSH manifest files ■  PCF 1.11.x: Ops Mgr creates BOSH manifest files that request credentials from CredHub at the time of deployment ■  First step towards Pivotal’s larger “rotate” vision ■  Compatible tiles being released incrementally during 1.11 patches
  6. Single Sign-On Refresher 6 ■  Integrates with any enterprise identity federation systems (using SAML/ OpenID Connect) ■  Presents associated IDMs in a Cloud Foundry Marketplace, preconfigured for deployed applications to integrate with. ■  Converts complex SAML exchanges into basic OAuth tokens for applications to consume. ■  Allow for rapid security enablement of Java Spring Applications as Spring Security can process and enforce OAuth tokens.
  7. New in Single Sign-On 1.4 7 Adding lots of new UI, easier onboarding ■  Admin User Management UI ■  OIDC Identity Provider Management UI ■  LDAP Identity Provider Management UI ■  UserInfo Roles/User Attribute (UI) ■  Required User Groups (Bootstrap Only) ■  Application Configuration Bootstrapping
  8. NSX-V Security Group Integration 8 Leverage VMware networking for PCF ■  Operators use NSX-V Security Groups to apply network security policies to VMs that run PCF components ■  Operators specify pre-existing Security Group for each set of VMs - BOSH applies Security Group when creating VMs
  9. Other Security improvements 9 OPSMan VM Hardening ■  The Ops Mgr VM is now built using the BOSH stemcell, rather than a conventional Ubuntu base OS image TLS based syslog of component logs ■  Transport component logs to syslog consumers over TLS ■  ERT now packages Pivotal’s syslog BOSH release SHA2 checksums ■  Verify the data integrity of PCF ERT files by using each file's SHA2 checksum (rather than MD5 as in previous releases)
  10. Container to Container Networking GA 10 Firewall Rules at application level, across containers ■  Use “zero trust” principles to improve your security posture ■  Configure network permission policies between applications ■  The feature lays the foundation for additional providers like NSX and non-application destination policy ■  Enable and disable inter-application communication as a global policy ■  Developers specify which applications (and on which ports) direct communication is permitted B C A
  11. BOSH Backup & Restore (BBR) beta 11 Backup and restore ERT ■  Replaces CFOps ■  BBR works for any deployment or BOSH director that implements backup / restore. ■  Decentralized responsibility. BOSH release authors control their own logic. ■  Supports on-demand instances. ■  Reduced downtime for writing to ERT’s Cloud API
  12. OpsMan Audit, Compliance and Logging 12 ■  Apply Changes to BOSH Director only, defer others (helps with BBR) ■  The BOSH CLI enables collection of OpsMan logs from an instance group or all VMs in an entire deployment at once, delivered as tarball ■  OpsMan VM logs all commands via linux auditD, SSH and subequent user commands logged ■  BOSH Director sends logs to Syslog, for external monitoring integration
  13. 13 Other Operational improvements ■  Azure Managed Disks for PCF ■  UAA and CC Databases to embedded mySQL ■  Default to HA configuration on Install
  14. 14 MANAGE UPDATE AUTOMATE RESPOND UPTIME OPTIMIZE Running, configuration, troubleshooting, and proactive monitoring of the PCF platform Performing all software updates to Pivotal Cloud Foundry components and supporting software Completion of automation requests related to the operations of PCF, including installation of new tiles for supported services 24x7x365 15-minute response time SLA for emergency issues (i.e., when the PCF API is partially or wholly inoperable) 99.99% API uptime SLA, except for during Maintenance (see product terms and conditions for exceptions) Maintaining and updating the underlying IaaS to achieve optimal PCF platform performance* *Optional service; could be provided and managed by customer if preferred; additional scoping discussion required Rackspace Managed Pivotal Cloud Foundry Operations Solution that’s ready on Day 1 spins-up-managed-google-cloud-platform-beta/
  15. Transforming The Spring Experience
  16. PCF Metrics 1.4: Custom Metrics 16 Visualize and filter metrics by AI, reduced VM footprint ■  Send application metrics to the Firehose, and subsequently to PCF Metrics, for time series visualization ■  Supports Spring Boot Actuator metrics out-of-the-box
  17. Spring Cloud Services 1.4 17 Microservice Infrastructure ■  Spring Cloud Services updated to Dalston release ■  Config Server now supports Hashicorp Vault & multiple config repos ■  Spring Cloud Data Flow 1.2 (beta tile for PCF coming soon)
  18. Java Buildpack v4.1 18 Improvement memory management and OOM behavior ■  Improved JVM memory calculation, resulting in fewer app terminations ■  Improved JVM Out of Memory Behavior - JVM terminal failures now include useful troubleshooting data: a histogram of the heap to the logs ■  Memory calculator configuration is simplified, with the use of standard Java memory flags.
  19. 19 Apps Manager & Spring Boot Actuators New UI controls to create and manage these jobs ■  Boot Actuator Heap Dumps ■  Boot Actuator HTTP Request Traces ■  Boot Actuator Thread Dumps ■  Display custom /health heck
  20. Transforming The Dev Experience
  21. Support for Private Docker Repositories 21 Run your Docker packaged applications! Docker registry Diego Cells Garden runC OAuth Server (1) Get repository manifest (2) Requires token - points to OAuth server to use (3) Request token for repository (4) Receive token for repository (5) Get repository Manifest (w/ token) rep Diego Cloud Controller CLI Stored encrypted Stored encrypted
  22. NFS v3 Volume Services GA 22 Supporting filesystem-based data services in PCF What it is: ■  Access external NFS v3 filesystems as a service ■  Volume mount NFS v3 shares to apps What this isn’t ■  Linux only, no Windows support yet ■  Docker apps have not been tested ■  Read-write support (read-only support is untested) ■  Access-control is left to the app developer, the user binding to the service picks a UID to use with the NFS server (No LDAP integration) ■  NFSv4 is not supported which also means that EFS is not supported ■  No HA support (deploy one instance of your service broker)
  23. Redis v1.8 on-demand 23 In-memory Key-Value / Cache for Pivotal Cloud Foundry ■  Operator enabled plans ■  Operator set Redis properties ■  Optimized for cache use cases ■  Quotas ■  App Developer provisioned instances ■  App Developer set Redis properties via arbitrary parameters
  24. mySQL 2.0 on-demand 24 Popular Relational DB for Pivotal Cloud Foundry ■  MySQL as an on-demand service ■  Metrics from service instances ■  Metrics from service broker ■  Backups to S3 compatible blobstores, via SCP, GCS, or Azure ■  Optional audit and userstat logging
  25. Scheduler beta: cron for Pivotal Cloud Foundry 25 Flexible scheduling for your modern applications Schedule and execute Tasks in regular intervals ■  Common use cases: performing nightly updates to e-commerce sites & database backups ■  Use with Spring Batch & Spring Cloud Task microservices
  26. 26 Apps Manager improvements New UI controls to create and manage these jobs ■  App Search ■  Declare Route Services ■  Task Usage Report
  27. App Log Retention and capacity improvements 27 gRPC implementation ■  Scale App Logs with Loggregator to 4M logs / sec ■  Firehose and/or syslog drains delivers log data