azure google pcf_metrics pivotal_cloud_foundry scalability security spring_cloud

Pivotal Cloud Foundry 1.9 Sets The Bar On Massive Scale

PVSO-PCF-Newsletter-Graphic-PCF-880x440-f1-1216-JP

Pivotal Cloud Foundry 1.9—available today—centers on scale.

Let’s start with platform scale. The Elastic Runtime within Pivotal Cloud Foundry (PCF) recently proved its worth with an amazing benchmark of 250,000 containers running concurrently.

 

Thanks to “Diego,” Cloud Foundry can scale to 250,000 #containers in a single cluster. More via @TechCrunch https://t.co/t6cfIEKi1F #cloud

— Cloud Foundry (@cloudfoundry) September 19, 2016

A Pivotal-led team conducted a comprehensive performance test of Cloud Foundry atop Google Cloud Platform—read our blog post for all the details. The important bit: we tested the whole platform. After all, what good is a world-class container scheduler if the stuff around it doesn’t work when you expand?

Speaking of Google, there’s multi-cloud scale with PCF 1.9, with official support for Google Cloud Platform and Microsoft Azure. You can now deploy PCF with just about any cloud provider, and have a uniform developer and operator experience. You can see why multi-cloud is such a popular enterprise pattern these days. It’s an easy call to make when you see the top clouds embracing this too:

Google joins the Cloud Foundry foundation! https://t.co/2HV30jMkIe by @addvin

— Tino Tereshko (@thetinot) December 15, 2016

What about the apps themselves? There’s now scaling for your apps with more a powerful PCF App Autoscaler. Add more capacity to your PCF apps when the user experience starts to degrade, according to thresholds you set. Then scale back down as traffic returns to normal. And because the platform handles the scaling, the new capacity is available to your app within 5 seconds. You don’t need to wait for the IaaS to chug through creating a VM, then adding it to a load balancer. PCF App Autoscaler does it all for you instantly! Scale at your fingertips is useless if you can’t harness it to deliver a snappy user experience.

What does all this scale mean to you, the enterprise leader? You don’t have to spend time thinking about it. (After all, would your CEO ever say “thanks for using a container scheduler?”) No matter where you are on your cloud-native journey, we’ll be ready to help you grow your business with a platform that’s built to scale across every dimension.

Here’s a closer look at the showcase features of PCF 1.9.

PCF App Autoscaler: New Metrics & API

PCF Apps Autoscaler UI and API includes new triggers for scaling events.

PCF Apps Autoscaler UI and API includes new triggers for scaling events.

You have to deliver a great user experience in the face of unpredictable traffic (hello Cyber Monday!). And you need to deftly manage capacity so you save every dollar possible. Enter PCF App Autoscaler.

With PCF App Autoscaler, you can harness the scaling power within Pivotal Cloud Foundry, and scale your app based on two new metrics: HTTP Latency and HTTP Throughput.

Why these two? Because they best approximate the experience of user. PCF App Autoscaler will automatically add capacity to apps that seem sluggish, then remove resources when they are no longer required. Don’t want to fiddle with the autoscaling UI? Use the newly-published API instead!

All the IaaS providers give you auto-scaling APIs. But the implementation is different on each cloud (and takes longer). PCF App Autoscaler offers an alternative way to handle variable load: a consistent scaling mechanism, regardless of the underlying IaaS. Life gets that much easier.

Multi-Cloud: The Foundation Of Your Digital Strategy

It’s official: PCF now supports Google Cloud Platform and Microsoft Azure. This adds to our long-standing support for AWS, OpenStack, and vSphere. Run PCF wherever you like, with a high-degree of portability between clouds, should you need it. Perhaps best of all, each IaaS offers a distinct experience with PCF. Differentiated infrastructure, Service Brokers, geographic locations, and pricing put you in the driver’s seat when it comes to deciding where (and how) to run Pivotal Cloud Foundry.

“There’s a fundamental belief I have that multi-cloud is the future.” – @wattersjames #reInvent https://t.co/uOXCOcaf6Z

— Pivotal (@pivotal) December 1, 2016

Enterprise Containers In PCF Get More Secure

What good is scale without security? That’s where commercial open source comes in. A provider packages up the goodness from the community and makes it easy to run. The vendor also builds adjacent, proprietary features. Patches for malware and other threats are quickly issued, along with a steady flow of important security capabilities. This is our play with Pivotal Cloud Foundry, and the new security enhancements in 1.9 are a great example. New features include:

What’s more, customers get these battle-hardened capabilities backported and tested with Elastic Runtime 1.6 and higher. Run more secure, no matter what version of PCF you’re running!

Spring Boot Actuator In PCF

Consider this one scaling the developer experience. Why does Pivotal Cloud Foundry strive to be the best place to run Spring Boot apps? Because developers love Spring!

@springboot downloads in Nov 2015: 2.4M/month.
Nov 2016? 10.2M/month, or ~425% increase congrats to @springboot team! @wattersjames @java

— Pieter Humphrey (@PieterHumphrey) December 12, 2016

Spring Boot Actuator exposes information about a running Spring Boot application via an http endpoint. Get useful diagnostics about an app programmatically using these RESTful APIs:  health, git commit, build information, and so on. Now, developers can view some of this data in PCF Apps Manager. It’s easier to debug and monitor your apps in production, since Apps Manager shows this diagnostics info in context.

Spring Boot Actuator’s logging endpoint shown in PCF Apps Manager. Use this to perform bulk updates to logging levels for your app on the fly, without a restart.

Spring Boot Actuator’s logging endpoint shown in PCF Apps Manager. Use this to perform bulk updates to logging levels for your app on the fly, without a restart.

Let’s examine some of the technical details of Pivotal Cloud Foundry 1.9.

For Developers:

For Security:

For Teams:

DEVELOPERS

PCF App Autoscaler: New Metrics & API

Autoscaling helps users balance app performance and cost, according to custom triggers and thresholds. Use the App Autoscaler UI and API to:

  • Configure rules that adjust instance counts based on metrics thresholds such as CPU Usage, HTTP Latency, and HTTP Throughput. The PCF Firehose sends these metrics to the PCF App Autoscaler. Scaling events are then triggered from this data.
  • Modify the maximum and minimum number of instances for an app, either manually or following a schedule.

To use Autoscaler, you must create an instance of the Autoscaler service and bind it to any app you want to autoscale. You can do this using either the Apps Manager or from the Cloud Foundry CLI. Users can then view a history of scaling events, and receive notifications of events in real-time as they occur.

As mentioned above, this offers a better developer experience compared to autoscaling at the IaaS layer. PCF is leveraged to immediately scale the app up and distribute traffic to the new instances. There’s no need for a clumsy monitor-alert-respond process. The App Autoscaler is always doing that for you.

Spring Boot Actuator In PCF: Useful Diagnostics In Apps Manager

Spring Boot Actuator is a collection of REST API endpoints with useful diagnostics information for Spring Boot apps. In PCF 1.9, three of these endpoints are integrated to Apps Manager:

  • info—displays git commit information & build information.
  • health—shows health checks & custom health checks.
  • loggers—enables bulk updates to logging levels for your app on the fly, without a restart. Updates here are not a stateful change, just a run-time config change.

Sure, you’ve been able to connect Actuators with PCF previously, but viewing those endpoints required using curl or another tool, and securing them required explicit configuration. Now, Actuators are now directly integrated into the PCF Apps Manager. Further, the PCF Apps Manager authentication with Actuators uses a short-lived, reduced-scope token from UAA, the identity management service from Cloud Foundry.

Tasks: One-Off Processes With A Clean Exit

Web app developers often find themselves scripting singular jobs. These jobs typically fall into two categories:

  • Those that improve how a web app runs (performing a database migration, or processing images)
  • Those that run adjacent to the web app (running reports, processing data, uploading data to object storage).

Developers can now easily handle both scenarios in Cloud Foundry with Tasks—there’s no need to create a new web app for these simple activities. Here’s a quick summary of Tasks and their properties:

  • A task is a command run in the context of an app
  • A task is only ever run at most once (an important characteristic when automating business processes, like extracting data or running a report)
  • A task can either fail or succeed
  • A task includes the command to start the process, disk size, and memory allocation
  • A task is a single-use object which can be checked for state and success/failure message
  • To re-execute a task, a new task must be created
  • A task is cancellable
  • Task execution history is kept for one month

Tasks are pretty handy things, and you’ll soon discover more and more reasons to use them in your PCF apps, and indirectly for many other scenarios!

A quick billing note: Tasks consume application instances, just like apps that run on PCF. As such, they are priced the same way. And since Tasks are one-off processes that cleanly exit the Elastic Runtime, it saves compute charges compared to worker processes.

Tasks—commands run in the context of an app—are tightly integrated with Cloud Foundry.

Tasks—commands run in the context of an app—are tightly integrated with Cloud Foundry.

PCF Metrics 1.2.1: Longer Retention of Data & New UI Features

PCF Metrics 1.2.1 includes four new features to help teams troubleshoot issues more efficiently:

  • Metrics & Logs stored for 2 weeks, up from 24 hours. Customers can now use this additional data to identify and fix issues—an especially useful enhancement to resolve those thornier incidents.
  • Improved time slice navigation. Manipulating the Metrics time slice gets easier. We’ve attempted to bring this UX in light with what’s common in other modern web apps, so it should be immediately familiar.
  • App Events—now more prominent in the UI. Many triage efforts start with an app event. We’ve made it easier to kick off your investigation by boosting the profile of App Events in the Metrics UI.
  • Logs Histogram display, when filtering and highlighting. Digging through the mounds of data stored in logs is a pain. But it’s a less painful if you can understand the frequency of a given string, that snippet of text that might contain a clue to what caused a problem in the system. What if you could see the frequency of a given text string in the logs, across a slice of time?  That’s exactly what the new logs histogram control does.
The new log histogram feature in PCF Metrics 1.2.1.

The new log histogram feature in PCF Metrics 1.2.1.

Review the PCF Metrics 1.2 launch post for more details, including how we tested it on Pivotal Web Services before its release.

Spring Cloud Services 1.3.1: Peer Replication & Camden

Microservice architectures are everywhere! A big reason why: Spring Cloud Services (SCS), a collection of tools that make microservices easier to work with. In SCS 1.2, we added support for peer replication of Service Registry service instances. And in SCS 1.3.1, we’ve updated the suite to support the new Spring Cloud Camden release, with several  enhancements including Netflix OSS updates, Config Server, improved TLS/SSL support and more.

Zipkin HTTP Headers: Performance Troubleshooting Gets A Little Easier

Identifying and fixing performance bottlenecks in distributed systems is never easy. But Zipkin has emerged as a popular way to visualize latency (thanks Twitter!). Have you instrumented your app to support Zipkin-compatible HTTP headers? Sweet! Because with PCF 1.9, the ERT HTTP Router (aka Gorouter) supports logging and propagation of Zipkin headers. You can better understand and troubleshoot requests as they flow through a distributed system of microservices running on PCF. Zipkin is supported by many frameworks—and yes, even .NET.

Using Spring Boot? Then check out Spring Cloud Sleuth, Spring’s distributed tracing module built for Zipkin.

MySQL 1.8.0: Introducing Multi-AZ Support On AWS & Multiple Configured Service Plans

There are several new features in MySQL 1.8.0, but two in particular stand out:

  • For PCF customers running on AWS, MySQL 1.8.0 can now be deployed across multiple availability zones. This configuration makes high availability for your database that much easier.
  • The second feature is a multiple Operator configured service plans. Now, you can control the capacity allocated to your database—no more one-size-fits-all! How might this work in the real world?  Operators could standardize on a 100mb plan and a 1gb plan for the majority of apps, while keeping a 10gb plan handy for those special apps that need the extra space.

There are many more updates to this popular service (including enhanced backups, a new replication canary, and several operability improvements), check out the full release notes for more details.

SECURITY

Security At Every Layer (And A Boost To Interoperability)

Containers exploded onto the scene 24 months ago. What usually follows a hyper-popular new piece of tech? Features to make it actually secure and usable in production.

So it goes for containers, and the container tech at the core of Cloud Foundry. My colleague Pieter Humphrey richly describes each of these new security features in detail; they are summarized here:

  • Garden-runC. This replaces Garden-Linux as Diego’s containerization layer within Cloud Foundry. It’s simpler, more modular, and allows for pluggable networking and container image management. What’s more, Garden-runC uses the same low-level container execution code as popular container orchestrators. So your container images run the same in PCF as elsewhere.
  • AppArmor. This security module restricts a given program’s access to system resources (such network, disk, etc). In Cloud Foundry, AppArmor is pre-configured with a default policy and enforced by default for all unprivileged containers.
  • seccomp. This handy “whitelisting” feature restricts the set of system calls a container can access. This, in turn, reduces the surface area for break-out exploits. In fact, Docker asserts that their default seccomp profile disables around 44 system calls out of over 300.
  • Unprivileged containers. Unprivileged containers are the safest containers! Why? Unprivileged containers map the root user inside the container to a regular user at the Linux operating system level that has no privileges. So an application can’t inherit root access on the host if it breaks out of the container. In other words, root escalation inside the container is no longer a threat to the host OS.

All of these features are part of open source Cloud Foundry; Pivotal Cloud Foundry customers will get these features backported & tested with Elastic RunTime 1.6 and higher.

FOR TEAMS

Google Cloud Platform Support

IT leaders have always admired the engineering prowess of Google. Now, their organizations can “run like Google”, with Pivotal Cloud Foundry atop Google Cloud Platform. Use the same compute, storage, and network infrastructure that powers Google’s portfolio of billion-user products. Deploy in any of Google’s 6 cloud regions. Operators, “let Google be your SRE!”

GCP support offers upside for developers too. With the GCP Service Broker for PCF, devs can easily bring Google’s data and analytics services into their apps. Unlock value from terabytes of enterprise data with BigQuery. Continuously improve your online experiences with Machine Learning APIs. It’s never been easier with PCF and GCP—in fact, we did a webinar together to show you how this works in the real world. We’re continuing to work with our friends at Google make PCF on GCP even better—stay tuned for more goodness in 2017!

Microsoft Azure Support

From the worst-kept secret department: customers love PCF on Azure! Over the last year, Pivotal and Microsoft worked alongside our joint customers to deliver a simple, elegant PCF experience on Azure. That collaboration bore fruit in this release. With the new Ops Manager tile for PCF on Azure, installation is highly automated. Run PCF in any of Azure’s 34 regions—even China!

Developers: want to bring Azure services into your PCF apps? There’s the Azure Service Broker for that. Engineering leadership: want to run .NET (and Java) apps on Azure? PCF’s first-class support for Spring, Spring Boot, and Spring Cloud make Azure a great place to run Java. And Pivotal has released several new features recently to support .NET developers on PCF—such as the .NET Core Buildpack and Steeltoe RC2:

That moment when a leading industry analyst calls Steeltoe a "no-brainer"
Resilient #Microservices for @dotnethttps://t.co/2YMpSMebVc

— Steeltoe (@SteeltoeOSS) November 19, 2016

As always, there is more to explore. The PCF 1.9 release notes detail what’s new, and how to deploy and operate that describe additional capabilities and new experimental features.