In the world of microservices and cloud-native, customers want more than a partnership with their vendors. They desire a shared fate.
When Pivotal Cloud Foundry customers ship code at the speed of a startup, they win. We heard all about success stories at this week’s CF Summit:
Kicking off #cfsummit w/ @ab415 sharing Comcast's success w/ Pivotal Cloud Foundry. pic.twitter.com/ojRD9HFQ9c
— Pivotal CloudFoundry (@pivotalcf) June 13, 2017
That’s the shared fate: Pivotal’s success is tightly linked to the success of our customers.
We discuss our product roadmaps with customers under this backdrop. Often, customers want to know answers to existential questions like “what’s important to the product team?” More practically, they want a steady drumbeat of new capabilities, and investment in areas they care about. Above all, they want to know how Pivotal Cloud Foundry will help them boost feature velocity and shrink mean time to recovery.
Marriage of development practices and operations platforms is one of most exciting moments in my career–velocity and MTTR revolution
— James Watters (@wattersjames) June 2, 2017
Pivotal Cloud Foundry 1.11 – now GA – shows the outcome of these discussions. The release illustrates the three broad categories of enhancements customers have come to expect from us.
- Deliver on specific requests. “Bring more Spring Boot Actuators into Pivotal Cloud Foundry.” Check. We’ve integrated the heapdump, trace, and dump endpoints into Apps Manager.
- Solve the timeless problems for developers. With the new Java Buildpack 4.1, Pivotal has further optimized JVM memory management. Most importantly, we make sure you never have to care about it.
- Delight with solutions to unmet, unarticulated needs. Most enterprise security pros know that leaked credentials are the culprit behind many corporate breaches. The market is largely silent on how to deal with this problem at scale. Pivotal’s unique approach, CredHub, debuts in Pivotal Cloud Foundry 1.11.
Let’s examine these new features in more detail through the lens of Pivotal Cloud Foundry’s roadmap themes.
Meet CredHub, a Secure Place to Manage Credentials
Mount up! NFS v3 Volume Services Goes GA
Spring Cloud Data Flow 1.2 for Cloud Native Data
New Java Buildpack 4.1 Boosts JVM Memory Management
Additional Spring Boot Actuator Integrations Ease Troubleshooting
Deeper NSX Integration to Easily Control Access to VMs
Use Vault & Multiple Backends for Your Config Data with Spring Cloud Services 1.4
New On-Demand Services: MySQL and Redis
New Single Sign-On Tile Adds More Automation
Support for Azure Managed Disks
Support for Private Docker Repositories
Meet CredHub, a Secure Place to Manage Credentials
We've all read about it – a damaging security breach that loses your firm millions., and even lands you on the front page of the Wall Street Journal. This worst-case scenario comes up often in our discussions with customers.
The latest case study is SWIFT. The international banking exchange suffered an attack a few years ago as the Journal recently reported:
How hackers penetrated the world's most important money transfer system, by @KatyBurne & Robin Sidel https://t.co/IrZkUSpldF via @WSJ
— Greg Ip (@greg_ip) May 1, 2017
One vulnerability exploited at SWIFT was old passwords. Reducing risk from stale credentials is a hard problem to solve. But Pivotal set out to do just that with CredHub.
CredHub is a central point of control for credential generation, storage, lifecycle management, logging and access control. It debuts in Pivotal Cloud Foundry 1.11.
The gestalt of CF CredHub is protecting access to the key that provides access to the data.
— Justin Smith (@justinjsmith) May 28, 2017
Our goal with this initial launch of CredHub is simple: remove credentials from BOSH deployment manifests. To achieve this, Ops Manager deploys CredHub co-located with the Director VM.
From there, tile authors can define an authentication variables section in their 1.11 tiles. Credentials will then reside in CredHub. Over the next few weeks, Pivotal’s tile authors will migrate to Credhub in 1.11.x patch releases. Stay tuned!
The ultimate goal of CredHub: to “rotate” credentials often, in line with Pivotal’s 3 R’s cloud-native security vision. In this future state, leaked creds become far less damaging, and less valuable to hackers. This initial bootstrapping of CredHub is an important first step in helping customers run more securely.
Container Networking Goes GA
Cloud Foundry’s new container networking stack was a beta feature in the 1.10 release. It’s now GA in 1.11. Here’s how this improves your security posture: apps running on Pivotal Cloud Foundry can now directly communicate with each other. Developers can create networking policies for app-to-app interactions. There’s no need for workarounds like whitelisting traffic and using public routes for private apps. Container networking helps you move to a zero-trust model, as we discussed in April.
VMware and NSX administrators will want to revisit how container networking helps enable “developer-ready infrastructure.”
What are the benefits of @VMware & @Pivotal's developer-ready infrastructure? Find out how it helps both #dev & #IT https://t.co/D2enCkukzh
— Robin Matlock (@rmatlock) May 10, 2017
Note that this feature supports the CNI project. As such, container networking is compatible with a variety of overlay plugins. Pivotal Cloud Foundry 1.11 ships with Silk, a new plugin optimized for Cloud Foundry. You are free to choose alternatives like Flannel if you prefer.
Mount up! NFS v3 Volume Services Goes GA
The conventional wisdom says cloud-native apps must be “stateless.” That is, they must have state stored in backing services. It’s true, every greenfield app you write should follow this pattern.
But what about the thousands of apps you have running today that pre-date this guidance? More specifically, those that rely on a file system?
We want Pivotal Cloud Foundry to be a “big tent” – the home for many, many kinds of enterprise apps. Now, there’s better support for these workloads as support for NFS v3 Volume Services matures from beta to GA.
The Cloud Foundry community decided that these apps could benefit from running on a cloud-native platform. Engineering teams from many different companies then went to work, and built the project’s NFS v3 Volume Services feature.
Learn how your legacy apps can run on Cloud Foundry – read Luke’s post for more.
How to increase your application transformation velocity with @cloudfoundry: https://t.co/uvi1ewDpz8
— Luke W. (@Luke4OSS) April 17, 2017
Spring Cloud Data Flow 1.2 for Cloud Native Data
OK, fine – this open-source project isn’t technically part of the release. But it reflects a top roadmap priority for Pivotal’s engineers: to support streaming and batch data processing.
Our customers are keen to harness the power of data. Enterprises want to build apps around an exploding number of new data sources. And Pivotal wants to make this easy for them. How? By building atop the power of Spring Boot and Cloud Foundry for these use cases!
Spring Cloud Data Flow 1.2 includes several handy orchestration improvements for Spring Cloud Stream (for event-driven streaming) and Spring Cloud Task (for discrete workloads). Read the detailed post at the link below.
Some pretty cool work here from the @springcloud folks – Spring Cloud Data Flow 1.2 https://t.co/ARrbf082hO
— Fintan Ryan (@fintanr) May 29, 2017
What’s next for Spring Cloud Data Flow? We plan to make it even easier for Pivotal Cloud Foundry customers to use it. That means integrating SCDF with the UAA security model and adding it to the Services Marketplace. A "Spring Cloud Data Flow for PCF" tile is coming soon. Stay tuned for the beta!
New Java Buildpack 4.1 Boosts JVM Memory Management
What’s life like for a Java developer who doesn’t use Cloud Foundry? There’s a good chance they’re stuck fiddling with low-level tasks, like setting JVM memory arguments.
Thankfully, the Java buildpack in Cloud Foundry saves you from having to bother with such things!
It gets better. The new Java Buildpack 4.1 takes memory management to a new level. Push your apps with this new buildpack. You’ll notice two things:
-
Improved JVM memory calculation, resulting in fewer app terminations.
-
Improved JVM Out of Memory Behavior. JVM terminal failures now include useful troubleshooting data: a histogram of the heap to the logs.
What’s more, the new buildpack simplifies memory calculator configuration; it uses standard Java memory flags.
Quite simply, the new buildpack is the most elegant way to tackle the thorny issue of Java memory management on a cloud-native platform. It helps your container use as much memory as possible, but not one iota more.
Our own Ben Hale wrote an excellent deep-dive on the technical attributes of the new buildpack.
This week we announced the release of Java Buildpack 4.0. Learn more: https://t.co/8GsrH1AXcY
— Cloud Foundry (@cloudfoundry) April 26, 2017
Try it out today – it's included with your Pivotal Cloud Foundry subscription and available from Pivotal Network.
Note: the Java Buildpack 4.1 doesn’t ship as the default version in Pivotal Cloud Foundry 1.11. But it will be the default in the future.
Additional Spring Boot Actuator Integrations Ease Troubleshooting
Spring Boot is a Java developer's best friend. Why? It favors convention over configuration, giving the developer many modern architectural features “for free.” Spring Boot helps you quickly build web apps suitable for the cloud.
Monthly @springboot maven downloads at 19.7M (no gradle)
reminder: CI builds most often use private repos.
(March data unavailable)@java pic.twitter.com/NucAA38zg9— Pieter Humphrey (@PieterHumphrey) June 8, 2017
To make Pivotal Cloud Foundry the best place to run Spring apps, we’ve added new Spring Boot Actuator integrations. Developers can now see vital troubleshooting information in context. The new actuator endpoints in Apps Manager are:
-
heapdump. View a snapshot of the memory for a Java process.
-
trace. View status and header information for HTTP requests.
-
dump. Find out what every thread in the JVM is doing at a particular point in time. You can download this report as well.
View status and header information for HTTP requests in Apps Manager via the “trace” Spring Boot Actuator integration.
We released the first wave of Actuator endpoints in Pivotal Cloud Foundry 1.9 (info, health, loggers). With heapdump, trace, and dump, there’s now a total of 6 endpoints tightly (and securely!) integrated into the product.
Read more about integrations with Spring Boot Actuators in this tutorial.
Deeper NSX Integration to Easily Control Access to VMs
Operations Manager offers deeper integration with NSX in this release. Use new API endpoints to configure NSX security groups with the virtual machines running Cloud Foundry. Now, operators can manage access to VMs at a more granular level in four easy steps.
Fire up the vSphere console, then:
-
Define a security group.
-
Apply this security group to the desired VMs in your Cloud Foundry installation.
-
Define the firewall rule(s) for these VMs.
-
Associate the firewall rules with the security group. The firewall rules now apply to the VMs associated with the security group.
This makes it easier to apply corporate networking policies to your cloud-native apps and the platform that runs them. Dig into this engineering blog post if you’re curious about the underlying tech:
Leveraging NSX's Features with BOSH's vSphere CPI · Pivotal Engineering Journal https://t.co/Q7wUXl2X9g via @briancunnie
— Joshua McKenty (@jmckenty) February 13, 2017
Use Vault & Multiple Backends for Your Config Data with Spring Cloud Services 1.4
As Pivotal Cloud Foundry and Spring adoption grows, engineering teams have more sophisticated microservices requirements. Operators want secure storage of sensitive information like credentials and API keys. And developers want access and control over less sensitive application specific configuration.
Big news for SCS Config Server users: @HashiCorp Vault & multiple repos! https://t.co/zCMcgjo7Yz #microservices @springcloud @csterwa
— SpringCentral (@springcentral) June 6, 2017
With Spring Cloud Services 1.4, product teams can now use HashiCorp Vault and Git together as backends for Config Server. Vault is a popular open source project for managing access to secrets and storing them securely. Git continues to be a popular repository tool for developers that can be used to quickly manipulate configuration data such as feature flags and environment specific variables. Now your teams can use the right repository for the job.
Learn how to use these new features in this overview of Spring Cloud Services 1.4.
New On-Demand Services: MySQL and Redis
Two new on-demand data services available for download: MySQL and Redis. Both products are written with the on-demand services SDK. Developers provision isolated instances via self-service. Operators can define plans, configure upgrade rules, and set quotas too.
Now there’s four on-demand data services from Pivotal: MySQL, Redis, Rabbit, and Pivotal Cloud Cache. These services are all deeply integrated with Pivotal Cloud Foundry and give you uniform operations across any cloud.
Want to know more about the new MySQL tile? Watch this webinar and read the docs. Learn more about on-demand Redis at this upcoming webinar.
Support for Azure Managed Disks
How can deployment of Pivotal Cloud Foundry get any easier on Microsoft Azure? There’s already a useful template from the Azure Marketplace, with baked-in best practices. And the Pivotal Cloud Foundry on Azure reference architecture offers practical guidelines for operators.
Pivotal Cloud Foundry 1.11 goes further, with support for Azure Managed Disks! Now, when you deploy the platform on Managed Disks, you don’t need to create storage accounts ahead of your deployment. And you don’t need to worry about adding storage capacity as your Pivotal Cloud Foundry footprint expands. Managed Disks does it for you.
Support for Private Docker Repositories
Cloud Foundry supports running containers you've already built. This is important, because you may have existing processes and workflows that produce containers as an output. What about container images hosted in access-controlled repos? Now you can bring them to Pivotal Cloud Foundry!
When using the image, the developer can supply repository location and credentials to access said image. The feature is tightly integrated with Cloud Foundry. Append your cf push command like so:
cf push --docker-image <my-private-registry:5000/image/name:v2> --docker-username <username>
From there, the platform works its magic!
NOTE: If the environment variable CF_DOCKER_PASSWORD is not set, you will be prompted to enter the password.
BOSH Backup & Restore [BETA]
Responsible IT teams are always thinking about the bad things that can happen, from a data corruption to the complete loss of a data center. Responsible vendors think about it too. Pivotal’s approach to this in the past has been CFOps, an automation utility.
A few months back, it was clear we needed a better solution for our customers. Their Pivotal Cloud Foundry deployments are growing in complexity, and the platform itself is becoming more and more capable.
Our engineers have re-mastered the backup and restore workflow with a new beta feature in Pivotal Cloud Foundry 1.11 – BOSH Backup and Restore, or BBR for short.
BBR is a new BOSH extension to backup and restore BOSH deployments and BOSH Directors. Operators will use BBR to backup supported BOSH releases they have deployed.
This takes the idea of CFOps, and turns it on its head somewhat. It’s an approach that’s engineered with distributed systems in mind. Let’s review a few ways in which BBR offers customers advantages.
-
It’s more flexible. BBR works for any deployment or BOSH director that implements backup / restore. CFOps only supports Elastic Runtime and Operations Manager.
-
Decentralized responsibility. CFOps was the single source for backup/restore logic. Now, BOSH release authors control their own logic. This places ownership where it belongs, within the release itself.
-
It supports on-demand instances. Easily restore on-demand instances of Rabbit, Redis, and many other tiles that are BOSH-deployed. (The data for each instance is restored as each service implements its backup and restore script, per the previous bullet.)
The BOSH Backup and Restore beta supports these releases:
-
BOSH Director
-
Credhub
-
UAA (postgres)
-
Elastic Runtime
Support for open source Cloud Foundry and data services are coming soon. Want to learn more, or participate in our beta program? Contact us today!
Scheduler for PCF Tile [BETA]
Tasks – recently introduced into Pivotal Cloud Foundry – help developers contend with one-off jobs. As it happens, these ad hoc jobs often need to be done at regular intervals.
Scheduler for PCF, released as a public beta recently, adds automation to Tasks. It’s cron
Today, many developers still use an aging batch scheduling product. Common use cases include performing nightly updates to e-commerce sites, or to backup databases. Now Scheduler for PCF gives developers a flexible enterprise scheduler that easily integrates with their modern apps.
Scheduler for PCF tackles scheduling for any cf-deployed application. It’s also handy for scheduling and executing Spring Batch or Spring Cloud Task microservices.
Re-kindle Your Competitive Advantage in the Age of Software
Big companies often have decades of experience in their industry. Imagine what they’ll do when they figure out how to be great at software. With Pivotal Cloud Foundry 1.11, that path to new industry leadership via software gets a little easier.
Read the full documentation below, and start capitalizing on your new competitive advantage!
Take your Spring skills to the next level! Register for SpringOnePlatform before June 24 and save $400!
