This document provides an overview and agenda for Pivotal Cloud Foundry 2.2 updates. The key updates include improved platform security with CredHub for centralized credential management, enhanced platform stability with support for multiple vSphere regions/datacenters, and increased developer productivity with new services and tools like Log Cache, PCF Metrics, and PCF App Autoscaler. It also outlines updates to Pivotal Container Service and Spring Cloud Services. In summary, the document outlines enhancements in Pivotal Cloud Foundry 2.2 focused on security, stability, and developer experience.

1. © C o p y r ig h t 2 0 1 7 P iv o ta l S o ftw a r e , In c . A ll r ig h ts R e s e r v e d . V e r s io n 1 .0
Pivotal Cloud Foundry 2.2 Updates
김민석 (MinSeok, Kim)
Senior Platform Architect
Pivotal Cloud Foundry
mkim@pivotal.io

2. Agenda
■ Cloud Native Platform
■ Ops Manager
■ Pivotal Application Service
■ Pivotal Container Service
■ Services
■ Partner Ecosystem

3. Cloud Native = PROCESS + TECHNOLOGY

4. Cloud Native Platform의 요건
APPLICATION
Scaling통합로그
수집
SSO
연동
자동복구
성능및
분산모니
터링
네트워킹
로드밸런싱
InfrastructureAgnostic
andUtilization
플랫폼보안
데이터보안
DataServices
연동자동화
자동화된
CI/CD
플랫폼
고가용성
성능및
분산모니
터링
데이터보안

5. 개발자의 속도와 운영상의 안정성을 모두 만족하는 플랫폼
운 영 자 의 안 정 성
● AZ, VM 에 서 App까 지 모 든 레 이 어 의
실 패 에 대 비
● 플 랫 폼 의 무 중 단 업 데 이 트
● 플 랫 폼 CI/CD 파 이 프 라 인
● Platform as Product
● 모 니 터 링
● 멀 티 클 라 우 드
보 안 관 리 자 의 보 안
● CVE 48시 간 내 업 데 이 트
● Repair, Repave, Rotate
● 다 운 타 임 없 는 보 안 패 치
● Credential 관 리 및 Rotate
● 컨 테 이 너 보 안
개 발 자 의 속 도
● 빌 드 팩 기 반 의 컨 테 이 너 배 포
● 무 중 단 /자 동 화 배 포 (A/B, Blue/Green,
Canary)
● M SA 컴 포 넌 트 지 원 (Circuit Breaker,
Broker, Registry, GW )
● 실 시 간 로 그 /모 니 터 링
● 무 중 단 스 케 일 업 , 스 케 일 아 웃
● 오 토 스 케 일 링
● Native W indows + .NET 지 원
● 모 놀 리 틱 구 조 의 분 해 와 마 이 크 로
서 비 스 화 (App tx)
● Spring Boot 의 지 원
Agile Platform

6. The platform can deliver on all of these outcomes as efficiently on day 1000 as it does on day 1.
Operators can serve
thousands of devs
within tight budget
constraints.
Operators have choice
around which cloud to
run on.
Developers reduce
waste through small
batch delivery and fast
feedback.
Operators can trust a
secure-by-default
platform that solves
their security needs
without introducing toil.
Developers experience
the safety to
experiment and iterate
rapidly..
Operators can provide
a platform that meets
their scale needs.
Developers can ramp
productivity linearly
with personnel.
Developers can run
applications that handle
large-scale loads.
Operators can reason
about the stability of
the platform and
provide well-
understood SLOs.
Developers can rely on
the platform to allow
them to deliver
outcomes with low
volatility.
Operators can
efficiently manage the
platform and onboard
new teams.
Developers can iterate
on delivering consumer
value rapidly.
성공 척도 – 지속 가능한 5S
Speed Stability Scalability Security Savings
Sustained

7. Embedded OS
(W in d o w s & L in u x )
NSX-T
CPI (15 methods)
v1
v2
v3 ...
CVEs
ProductUpdates
Pivotal Application
Service(PAS)
Pivotal Container
Service(PKS)
v S p h e r e
A z u r e &
A z u r e S ta c kG o o g le C lo u dA W SO p e n s ta c k
Pivotal
Network
“3Rs”
Github
C o n c o u r s e
C o n c o u r s e
Pivotal Services
Marketplace
Pivotal and
PartnerProducts
Continuous
delivery
PublicCloudServices
Customer
Managed
Services
OpenServiceBrokerAPI
Repair— C V E s
Repave Rotate— C r e d h u b
Pivotal Cloud Foundry
PCF Ops Manager(플랫폼 관리도구)
Cloud-native app,
(Dependency 약함)
…
COTS app
(Dependency 강함)
Managed
Service

9. Agenda
■ Cloud Native Platform
■ Ops Manager
■ Pivotal Application Service
■ Pivotal Container Service
■ Services
■ Partner Ecosystem

10. BOSH
Infrastructure
인프라 제공
환경 구축
VM 업그레이드
VM 모니터링
VM 상태 점검
Day2
Day1

11. IaaS Paving
● Automation of IaaS paving for PAS
● We now publish Terraform templates + instructions
for using them for each IaaS
○ New in PCF 2.2: vSphere + NSX-T! [docs
forthcoming]
○ Current templates: AWS, GCP, Azure
● Customers can prepare the load balancers, networks
and databases needed by PAS in a way that is
reproducible, automatable, accurate and extensible.
● This working example supports our efforts to
transform IT Operations through the application of
SRE principles.
Scalability

12. Release Target: June 2018
PCF Operations
Manager 2.2
Scalability
OM now supports Azure Stack [blog]

13. PCF Operations
Manager 2.2
Speed
● Operators can specify a single set of tags to apply to
all VMs, including the Director VM
○ More easily identify PCF-related IaaS
resources
● When operators specify tags for identifying PCF-
related IaaS resources, those tag should be applied
to all disks (in addition to VMs)

14. PCF Operations
Manager 2.2
Stability
● Ops Manager supports multiple
regions/datacenters/tenants for vSphere
○ Add multiple vCenter configs & map those
configs to specific AZs. At that point, an AZ
becomes an abstraction for a given tile so a
single PAS (i.e. foundation) can use two AZs in
different locations.
○ Note that latency guarantees are operator’s
responsibility.
● Operator should be able to access all past deployed
manifests after upgrade

15. multiple regions/datacenters/tenants for vSphere

16. multiple regions/datacenters/tenants for vSphere

17. multiple regions/datacenters/tenants for vSphere

18. multiple regions/datacenters/tenants for vSphere

19. multiple regions/datacenters/tenants for vSphere

20. PCF Operations
Manager 2.2
Stability
Speed
● Operators can selectively deploy tiles
○ Operators can deploy individual tiles and opt
out of deploying “the whole world”
○ More control over the impact of a given “Apply
Changes” command
○ Protections are in place to safeguard against
incompatibility and other possible issues

21. Operators can selectively deploy tiles

22. Operators can selectively deploy tiles

23. Operators can selectively deploy tiles

24. 플랫폼 데이터 보안개선 CredHub는 플랫폼 및 어플리케이션
크리덴셜을 중앙 관리
● 크리덴셜은클라우드에서신뢰할수있는
기반
● CredHub의목적: 크리덴셜에대한
전반적인관리(생성, 접근제어, 분배, 회전,
로깅)
● 암호, 인증서, ssh 키, RSA 키, 임의의
값(문자열및JSON blob) 관리
● 모든크리덴셜은회전(rotate)되는키로
암호화됨(OSS에서HSM 지원, 곧
PCF로도제공됨)
Hardware Security Modules (HSMs)

25. PCF Operations
Manager 2.2
Security
● BOSH deployment manifests generated by Ops
Manager do not contain sensitive credentials
(except for the Director's own deployment manifest)
● A OM Director may connect to a remote database
via TLS (using a custom CA to trust)
● A OM Director and all agents may communicate to a
blobstore via TLS
● /credentials endpoints include secrets listed
under selectors and collections

26. Ops Manager – 관리자 권한을 세분화하여 플랫폼관련 조직요건에
세세히 적용

27. PCF Healthwatch:플랫폼 운영자를 위해 플랫폼의 현재상황/메트릭
추이를 한눈에 보여주는 대시보드를 제공하여 플랫폼 운영의 통찰을 제공

28. PCF HealthWatch 1.3
Stability
● Syslog Drain Available for Tile VM BOSH Logs.
● Configure what app the Canary Health Check pings.
● UI/UX Improvements to Side Navigation & Page
Orientation.

29. PCF Healthwatch 1.3
Configure what app the Canary Health
Check pings
Out-of-the-box config still pings Apps Manager, but
Customers can now point this Service Level Indicator
test at another PCF app they believe is a better canary
for them.

30. PCF Healthwatch 1.3: New Flyout Menu

31. Agenda
■ Cloud Native Platform
■ Ops Manager
■ Pivotal Application Service
■ Pivotal Container Service
■ Services
■ Partner Ecosystem

32. Spring Cloud Netflix Components
Ribbon Archaius
Eureka
FeignHystrix
Turbine
Zuul
ClientServer

33. Netflix Realtime Monitoring – Atlas / Servo / Spectator

34. 개발자용 어플리케이션 관리/실시간모니터링 도구 – Apps manager PAS

35. Circuit Breaker
Dashboard for PCF
마 이 크 로 서 비 스 나
애 플 리 케 이 션 내 부 의
회 로 차 단 기 에 서 Turbine
상 태 및
메 트 릭 데 이 터 스 트 림 을
시 각 화
Service Registry for
PCF
NetflixOSS Eureka Service
Discovery 패 턴 의 구 현 을
서 비 스 로 제 공
Config Server for PCF
전 환 경 에 걸 쳐
애 플 리 케 이 션 의
외 부 프 로 퍼 티 를
관 리 하 는
동 적 중 앙 설 정 서 비 스
제 공
마이크로서비스를 위한 기반 서비스를 플랫폼에서 관리형으로 제공 PAS

36. 앱 성능 분석 및 통합로그수집- PCF-metrics PAS

37. 분산 추적 및 통합로그수집 - PCF metrics PAS

38. PCF Metrics 1.5
App Metrics and Events Monitors and Alerting
● Create and manage app monitors:
○ for standard gauge metrics, including CPU, disk, memory,
average request latency, requests per minute, request
errors per minute
○ for spring boot app metrics, including JVM and HTTP route
metrics
○ for app events, including app starts, stops, updates,
crashes, stage fail, and SSH
● Define Warn and Critical alerting thresholds
● Webhook support for alerting
● All this, and more, available on PWS now
Speed
Stability

39. App Metrics and Events Monitors and Alerting PAS

40. Custom Metric PAS

41. Spring boot support
https://docs.spring.io/spring-boot/docs/2.0.x/reference/html/production-ready-cloudfoundry.html

42. Log Cache
A new API that allows both
operators and app developers to
explore and create automation
using a simple restful interface.
Stability
Scalability
Powerful New Restful Interface
● Integrate via a pull model rather than receiving a
stream
● Install the log-cache cli to get new commands
○ cf-tail - supports both logs and metrics, and most
unix tail flags
○ Log-meta - inspect what logs and metrics you
have access to (works for both app devs +
Operators)
● Simple restful / JSON interface is easy to integrate with
● Restful API’s allow for more complete view by app
developers
○ App developers can now see service instance
metrics from supported services

43. Log Cache

44. PCF App
Autoscaler
Scalability
Stability
New Autoscaling Rule Types: Custom & Compare Rules
● Autoscaler now consumes Log Cache, allowing users to
create scaling rules on any metrics emitted by an app
● Available via CLI / API only for PCF 2.2.0

45. PCF App
Autoscaler
Speed
Scheduled Instance Limit Management via CLI
● Create and manage Autoscaling Scheduled Instance Limit
changes via CLI

46. PCF App
Autoscaler
Speed
New Autoscaler UI in Apps Manager
● Fully-integrated Autoscaler UI in AppsMan for seamless user
experience
● Consumes the new v2 Autoscaler API that was released in
PCF 2.1, allowing for deprecation of outdated v1 Autoscaler
API

47. Service Discovery
Container
Networking
Speed
Security
Savings
Polyglot Service Discovery for Container Networking
[cf.org blog]
● Application Developers who want to use C2C have DNS-
based service discovery built into the platform
● Operators can opt-in to enable this feature on the PAS tile
(it is not enabled by default in 2.2)
● A new shared domain called apps.internal is created when
the feature is enabled
● App developers can configure internal routes using create-
route and map-route with the apps.internal domain
● Container networking policy is still required to enable
communication between apps
● Reduce F5 license costs, because you don’t go through the
router

48. Service Discovery Container Networking – secure & cluster

49. Service Discovery Container Networking – blue green testing

50. PCF 서비스 바인딩 – credhub적용 전

51. PCF 서비스 바인딩 – credhub적용 후

52. PCF 서비스 바인딩 – credhub적용 후

53. Dotnet framework 지원 개선
- Container to container
networking 지원
MS와 공동으로 새로운
native container기술
개발로 기존 IronFrame
Library의 virtual
container한계 극복
- cf ssh지원
windows 2012의
파일시스템의 한계 극복
- Volume service지원
SMB volume

54. Agenda
■ Cloud Native Platform
■ Ops Manager
■ Pivotal Application Service
■ Pivotal Container Service
■ Services
■ Partner Ecosystem

55. PKS 1.1
● OSS K8s 1.10
● Multi-AZ
● Multi-master / etcds
● UAA for PKS (LDAP/AD & SAML)
● vRLI Integration (log aggregation)
● Wavefront integration (monitoring)
● Network Automation with NSX-T
● Supported in Pivotal Ready Architecture 1.1 [blog]
Stability
Scalability
Security

56. Agenda
■ Cloud Native Platform
■ Ops Manager
■ Pivotal Application Service
■ Pivotal Container Service
■ Services
■ Partner Ecosystem

57. Spring Cloud
Services 2.0
● Spring Cloud Finchley and Spring Boot 2 support
○ Service Instance backing applications
○ Service Broker
○ Spring Cloud Services Connectors for client
applications
● Custom Domain configuration support
● Target deployment to PCF 2.0+
Speed

58. MySQL 2.3 for PCF
Security
Speed
● All service instance network traffic is encrypted via TLS
● Synchronous replication between leader and follower
● Secure storage of service instance binding credentials in
Credhub
● Faster upgrades of the MySQL tile with parallel service
instance upgrades
● Developers can specify a custom charset & collation when
creating/updating a service instance [docs]
● Developers now have permissions in their service
instances, such as the ability to create multiple schemas

59. Release Target: June 2018
Pivotal Cloud
Cache v1.4 for PCF
Speed
Stability
● Support for more than one WAN connected cluster
● Create memory usage statistics
● Operator can make safer, more informed decisions on
VM and disk types
● Compatible with PAS 2.1 (PCC v1.5, late June release will
be compatible with PAS 2.2)

60. Agenda
■ Cloud Native Platform
■ Ops Manager
■ Pivotal Application Service
■ Pivotal Container Service
■ Services
■ Partner Ecosystem

62. New Partner Content
● Joint customer Case Studies
○ TIBCO - TMobile
○ Apigee + GCP - West Corp
○ Dynatrace - Humana(CF Summit)
○ MongoDB - Merrill
● Joint Webinars and Podcasts
○ MongoDB
○ RedisLabs
○ New Relic
○ PagerDuty
○ Contrast Security
● Media and Blogs
○ CrunchyDB
○ Confluent - PR, blog2
○ Apigee
○ Aqua Security

63. Transforming How The World Builds Software
© C o p y r ig h t 2 0 1 7 P iv o ta l S o ftw a r e , In c . A ll r ig h ts R e s e r v e d .