This event has ended. Create your own event on Sched.

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Core Project Updates [clear filter]
Wednesday, June 14

11:00am PDT

Core Project Updates Track Introduction - Colin Humphreys, Pivotal & Julian Friedman, IBM
avatar for Julz Friedman

Julz Friedman

Open Sourceror, IBM
Julian Friedman (julz) is an IBMer and the project lead for Cloud Foundy's low-level container engine ("Garden") and Eirini (the project to allow Kubernetes to be used as the container scheduler in CF). He has previously worked on various Cloud Foundry projects, performance optimization... Read More →
avatar for Colin Humphreys

Colin Humphreys

CTO, Pivotal
As CTO for Cloud at Pivotal, Colin Humphreys is responsible for the company’s big picture strategy and roadmap for our cloud platform offerings. Colin joins Pivotal from its acquisition of CloudCredo, where Colin was co-founder and CEO. Colin led the installation of the first SLA-driven... Read More →

Wednesday June 14, 2017 11:00am - 11:10am PDT
Grand Ballroom AB

11:10am PDT

Cloud Foundry Diego Overview - Eric Malm, Pivotal
Do you love the simplicity and ease of pushing your application to Cloud Foundry but want to know what happens to your app instances under the hood? Do you operate a Cloud Foundry deployment and need to understand how all its different components work together to keep applications running?

After years of development, Diego has now replaced the previous DEA system as the official container runtime at the heart of Cloud Foundry, capable of running even the largest CF deployments. In this talk, the project lead for the Diego team will survey how the Diego components interact with each other and with the other subsystems inside of CF to run application instances, how those interactions have changed over the past year to improve system stability, security, and scale, and how to use tooling such as the CF Diego Operator Toolkit ("cfdot") to inspect the app instances and tasks in a deployment. This talk will also review how Diego enables powerful platform features such as container networking and volume plugins, and discuss other upcoming features that CF teams are actively working on and exploring today.

After attending this talk, you'll be ready to operate your Diego-backed CF deployment with confidence and to take advantage of the powerful features it unlocks for your applications.

avatar for Eric Malm

Eric Malm

Staff Software Engineer, Pivotal Software
Eric works at Pivotal Software as a product manager and as the lead for the CF App Runtime PMC. Prior to that, he was the Project Lead for the CF Diego team and a software engineer on the Diego and CF Runtime teams. He has presented at several previous Cloud Foundry Summit events... Read More →

Wednesday June 14, 2017 11:10am - 11:40am PDT
Grand Ballroom AB

11:50am PDT

Unlocking Diego: Achieving Distributed Robustness Through Simplicity and Reliability [A] - Nima Kaviani, IBM & Adrian Zankich, Pivotal
Cloud Foundry makes extensive use of Consul as a distributed key/value store in order to achieve active-passive high availability for components that are harder to operate in parallel. This is done through implementing a distributed locking mechanism that allows the active component to claim ownership of the lock and take responsibility on execution.

However, Consul’s underlying RAFT algorithm becomes fragile when the entire environment undergoes multiple BOSH re-deployments. This results in an array of different failures, e.g., Consul not being able to elect a leader or mistakenly choosing multiple nodes as leaders. These recurring inconsistencies in Consul can potentially reduce reliability in a distributed system like Cloud Foundry.

In Diego, as one of the primary subsystems of Cloud Foundry, we have taken advantage of Consul’s distributed locking mechanism in several components such as the Diego database (BBS), the auctioneer, and the route emitters. As such, we have spent extensive amount of time to understand how these distributed locks can potentially be avoided or redesigned in order to reduce dependencies to Consul. To this point, two of the Diego components, i.e., the route emitters and the database have adopted alternative solutions to achieve high availability.

In this talk, we will go over lessons learned from using Consul in Cloud Foundry, and how we are trying to find alternative solutions that can help with improving robustness and reliability of Diego components without having to use a complex system like Consul.



Adrian is an engineer with Pivotal and has worked on several teams contributing to different components in Cloud Foundry. He has been the anchor and also the PM for the infrastructure team and currently a contributor to BOSH.

Nima Kaviani

senior software engineer, IBM
Nima Kaviani is a senior cloud engineer with IBM. He is a contributor to Knative and Cloud Foundry's Eirini. Prior to that Nima was the contributor to Cloud Foundry's Diego for over two years. Nima holds a PhD in computer science and tweets and blogs about Serverless, Kubernetes... Read More →

Wednesday June 14, 2017 11:50am - 12:20pm PDT
Grand Ballroom AB

12:30pm PDT

Garden Project Update [I] - Julz Friedman, IBM
You may know that Cloud Foundry uses Garden as its API for Container Management. But why does CF use Garden rather than Docker? What are the major features and advantages of the Garden Container Engine? How does Garden relate to other container technology you may have heard of (like OCI, runC, CRI-O, containerd and docker)? What security features does Garden give you out-of-the-box that other technologies make you configure?

In addition, this talk will provide an update on some of the major advances in Cloud Foundry Containers over the past year, including:

The Move to RunC - ensuring CF uses the exact same low-level open-standards-based container-runtime as other platforms (e.g. Kubernetes, Docker etc).

Plugin API - allowing extension and experimentation in the platform, including container to container networking and more performance and supported overlayfs-based root filesystem management.

Security Advances - Garden is the most secure container-runtime *out of the box* for multi-tenant deployments. We now take the guess-work out of configuring your container engine for multi-tenant deployments by enabling and configuring the needed features out of the box.

Docker Auth, CPU Maximums, Better DNS Support - lots of new work for operability in large-scale environments, including support for CPU maximums, better DNS auto-configuration and support for username and passwords when pushing Docker Images.

avatar for Julz Friedman

Julz Friedman

Open Sourceror, IBM
Julian Friedman (julz) is an IBMer and the project lead for Cloud Foundy's low-level container engine ("Garden") and Eirini (the project to allow Kubernetes to be used as the container scheduler in CF). He has previously worked on various Cloud Foundry projects, performance optimization... Read More →

Wednesday June 14, 2017 12:30pm - 1:00pm PDT
Grand Ballroom AB

2:25pm PDT

CF Networking: All Your Packets are Belong to Us - Usha Ramachandran & Jay Dunkelberger, Pivotal
Is your network admin losing sleep over whitelisting your entire deployment? Worried about public routes to your backend apps? Can’t tell which application is hammering your production database?

Worry no more! Cloud Foundry has a brand new container networking stack, that enables application level policies and direct container-to-container communication. Join us for an overview of the new feature set and the use cases it solves. See it how it works through a demonstration and learn about where we plan to go next.

avatar for Jay Dunkelberger

Jay Dunkelberger

Software Engineer, Pivotal
Jay Dunkelberger is a Software Engineer at Pivotal who has worked on Cloud Foundry for the last year after a previous life in physics.
avatar for Usha Ramachandran

Usha Ramachandran

Staff Product Manager, Pivotal
Usha is a Staff Product Manager at Pivotal and currently doing a rotation on the Platform Architecture team. Over her tenure at Pivotal, she was responsible for prioritizing and delivering networking and policy capabilities for Cloud Foundry. Usha has over 15 years of networking experience... Read More →

Wednesday June 14, 2017 2:25pm - 2:55pm PDT
Grand Ballroom AB

3:05pm PDT

Stay Out of My Yard! Isolation Segments - a New Feature for Isolating Workloads in Cloud Foundry [I] - Sandy Cash & Dan Lavine, IBM
Tenancy in Cloud Foundry only provides a logical sort of separation currently - access and ownership of orgs, apps, and spaces is restricted to the appropriate individuals, e.g. But with the introduction of Isolation Segments for compute in CF 250 and later, deployers have the option of providing their tenants with true workload isolation at the compute layer. Sandy and Dan describe the ins and outs of this exciting new feature, the benefits and the limitations, and how best to take advantage of it. They will describe not only how it functions today, but also how they see it progressing to provide an even fuller set of isolation capabilities in future CF releases.


Sandy Cash

Senior SW Engineer and Cloud Architect, IBM
Sandy is a Senior Software Engineer and Cloud Architect for IBM who has worked in a variety of roles, including development, architecture, and consulting. Past projects have included designing and implementing enterprise and hybrid clouds, as well as advising clients on their cloud... Read More →

Dan Lavine

Dan has spent the last couple of years with IBM working extensively on Cloud Foundry and worked with a number of teams, including: CLI, Diego, Routing, CAPI, RuntimeOG, and Release Integration. With his vast knowledge of Cloud Foundry, Dan has been working alongside many of those... Read More →

Wednesday June 14, 2017 3:05pm - 3:35pm PDT
Grand Ballroom AB

3:45pm PDT

Coming Soon to a Cloud Near You: Multiple Buildpack Support - Keaty Gross & Stephen Levine, Pivotal
"The Buildpacks Team just wrapped work on multiple buildpack support and we want to share the good news!
This latest Cloud Foundry feature allows applications to leverage a mixture of different technologies in one `push`, permitting strategic use of multiple languages in one app or app-embedded additional processes. This will come as welcome news to users interested in building apps of this type in the future, or to users who already have but had to switch to Docker containers or custom buildpacks to achieve these ends.
Attend this talk if you’d like to learn more about what multi-buildpacks do under the hood, how they differ from their predecessor the multi-buildpack buildpack, or where this feature might come in handy in the future. As an added bonus for the uninitiated, we’ll even provide a bit of insight into what exactly happens when you `cf push`. Appropriate for all experience levels."

avatar for Keaty Gross

Keaty Gross

Software Engineer, Pivotal
Keaty Gross is a Pivotal CF Engineering Manager, currently enjoying allocation to the Buildpacks team. She has given talks about (P)CF products at CF Summit in Santa Clara and Shanghai, as well as SpringOne Platform in Las Vegas.

Stephen Levine

Engineering Lead / Principal Software Engineer, Pivotal
Stephen Levine is an Engineering Lead at Pivotal. He is the Cloud Foundry Project Lead for CF Local, CF Dev, and the core CF Buildpacks, as well as a co-owner of the Cloud Native Buildpacks project in the CNCF's Cloud Native Sandbox.

Wednesday June 14, 2017 3:45pm - 4:15pm PDT
Grand Ballroom AB

4:45pm PDT

UAA Feature Updates and 2017 Roadmap [I] - Sree Tummidi, Pivotal
In the past year, multiple features have been introduced in UAA which have accelerated its adoption in the CF ecosystem.

OpenID Connect Enhancements:
Multiple enhancements around OpenID Connect have been introduced for UAA as an Identity Provider and Relying Party including support for discovery profile, custom user claims in id_token and /userinfo , account chooser, authentication method reference and much more.

Keys and Secrets Rotation:
At last year’s CF Summit Justin Smith introduced his vision for Cloud Native Security with three R’s(https://www.youtube.com/watch?v=NUXpz0Dni50). Now UAA supports canary style rotation of signing keys and OAuth clients secrets and will soon add support for rotation of SAML Keys.

Opaque Tokens:
UAA since its inception has supported JSON Web Tokens which has the advantage of offline validation. However with the the addition of stateful opaque tokens UAA now supports on-demand token revocation.

In addition to this Sree Tummidi will also provide a sneak peek of the UAA roadmap for FY 2017 with features like Multi-Factor Authentication, additional token exchange flows and fine grained authorization support.

avatar for Sree Tummidi

Sree Tummidi

Sr. Manager Product Management, Pivotal
Sree Tummidi is currently the Product Lead for Security at Pivotal. She has been with Pivotal for 4+ years driving the open source and proprietary roadmap for security including product management of Cloud Foundry UAA. She brings in more than 14 years of experience in the security... Read More →

Wednesday June 14, 2017 4:45pm - 5:15pm PDT
Grand Ballroom AB

5:25pm PDT

Evolving the Cloud Foundry CLI UX - Dies Köper, Fujitsu & Mike Long, Pivotal
Starting with an overview of what the Cloud Foundry CLI is and what has been added and improved since last year’s Summit, Dies and Mike will give the audience a peek under the covers of the design process they follow for new features for the cf CLI.

CLI anchor Nick will explain how the team converts Dies & Mike’s output into code.

The cf CLI gets about half a million downloads per month and is used by users of all Cloud Foundry products and offerings. Supporting new features and workflows, as well as improving the user experience of existing workflows without breaking user’s scripts, requires diligent work. Or just luck? Take a peek with us!

avatar for Dies Koper

Dies Koper

CF CLI PM, Fujitsu
Dies Köper evolved from a Java developer to project manager of the Cloud team at Fujitsu in Sydney, Australia. Since Fujitsu started a Cloud Foundry based aPaaS, Dies has been promoting Fujitsu's involvement in the CF community. Dies became the Product Manager of the Cloud Foundry... Read More →
avatar for Mike Long

Mike Long

Product Designer, Pivotal
"Mike Long has worked on Cloud Foundry as a product designer for nearly three years, and designing tools for developers for about six years. In his spare time, Mike enjoys hacking on web apps and running a large designer meetup group in San Francisco."

Wednesday June 14, 2017 5:25pm - 5:55pm PDT
Grand Ballroom AB
Thursday, June 15

11:30am PDT

BOSH CLI v2: the evolution of the BOSH command line interface - Shatarupa Nandi & Danny Berger, Pivotal
BOSH operators spend an enormous amount of time using the bosh command line interface (CLI). Any interaction with BOSH or the clusters it manages, is essentially an invocation of the CLI with some parameters. While the current Ruby-based CLI has served the community well, it suffered from many shortcomings. Some important ones are:
- It is slow and difficult to install (especially on Windows)
- It lacked a consistent user experience when using the commands
Additionally, BOSH init (replacement for micro BOSH) introduced it's own CLI.

To remedy these issues and streamline the BOSH operator's experience, the BOSH team has created a new, Golang-based, CLI which addresses existing feedback and:
- Adds enhancements to existing commands
- Encourages more secure usage patterns
- Reduces the need for several different manifest generation tools
- Provides a Golang-based client to securely access the BOSH Director API

This talk will provide a complete overview of BOSH CLI v2, including discussions on how to migrate your environments and scripts to the next evolution of the CLI. It will also introduce the audience to 'bosh-deployment', the preferred way of installing the BOSH Director.

avatar for Danny Berger

Danny Berger

Software Engineer, Pivotal Software, Inc.
Danny is a software engineer at heart who has worn many hats across several different industries with the goal of making sure businesses can succeed technically. He first discovered BOSH when researching open source infrastructure management tools, and soon he was creating BOSH releases... Read More →

Shatarupa Nandi

Director of Engineering, Pivotal
Shatarupa Nandi is a Director of Engineering at Pivotal. She has led various technical initiatives across the company, most recently focusing on running Pivotal products on Kubernetes.

Thursday June 15, 2017 11:30am - 12:00pm PDT
Grand Ballroom AB

12:10pm PDT

Deploying Cloud Foundry with BBL, BOSH 2.0 and CF-Deployment [I] - Angela Chin & Christian Ang, Pivotal
Have you ever spent all day trying to deploy open source Cloud Foundry and thought there must be a better way? Want to deploy Cloud Foundry from scratch in no time as the core development teams do? Core CF teams have been enjoying a new world where they don’t have to waste days figuring out how to manually deploy BOSH and CF. Now Christian and Angela want to share it with you! In the past year, major inroads have been made to create new tools that automate much of the process of deploying BOSH and CF. Using new tools, BOSH-Bootloader, BOSH 2.0 and CF-Deployment, developed and used by core Cloud Foundry teams, attendees will learn how to deploy Cloud Foundry in an automated, reproducible, and user-friendly way!


Christian Ang

Software Engineer, Pivotal
Christian is a software engineer at Pivotal Cloud Foundry on the Container Networking team. Previously, he worked on the CFCR and Infrastructure teams.
avatar for Angela Chin

Angela Chin

Senior Software Engineer, Pivotal
Angela is a software engineer at Pivotal, currently working on all things networking and service mesh related. She has contributed to open source Cloud Foundry, primarily in areas related to networking and routing, and also previously worked on improving the Day 2 experience of Kubernetes... Read More →

Thursday June 15, 2017 12:10pm - 12:40pm PDT
Grand Ballroom AB

12:50pm PDT

Configuring a More Secure BOSH [I] - Saman Alvi & Dale Wick, Pivotal
As BOSH evolves, grows, and improves, it allows you to focus on making your deployments more secure. The addition of config server allows you to generate, store, and update credentials easily and securely for your deployments. It also allows you to share credentials between deployments, as it is possible to have hundreds for all components to talk to each other. It will also help prevent poor credential choices, which can create security breaches. This talk will go into details about how config server works, how credential generation and storage is handled, and how you can use the reference implementation to choose your own credential generation and storage strategy.

avatar for Saman Alvi

Saman Alvi

Senior Software Enginner, Pivotal
Saman is a core project contributor on the BOSH team, and has spoken at the Toronto Cloud Foundry meetup events and previous CF Summits as an advocate of everything BOSH and CF.
avatar for Dale Wick

Dale Wick

Staff Software Engineer, Pivotal Software
With over 20 years of industry experience, Dale Wick has a wide range of experience with app deployment in the cloud.  He was a pioneer of the large deployment with several hand rolled Debian, Red Hat and Ubuntu distributions as elements of distributed systems for customers such... Read More →

Thursday June 15, 2017 12:50pm - 1:20pm PDT
Grand Ballroom AB

2:30pm PDT

There and Back Again: The BOSH Windows Story [I] - Matthew Horan & Natalie Arellano, Pivotal
Pivotal's Windows Experience team has been working hard to improve the Windows Operator Experience. The early days of Windows Diego cell installation involved a series of MSI installers, command line install generator utilities, and PowerShell scripts. Automation was difficult and error prone. We learned a lot from our experience in decomposing BOSH releases into their component parts, and distributing MSI installers. Just over a year ago, we embarked on an effort to port the BOSH agent to Windows. In this talk, we'll discuss what we learned when porting the BOSH agent to Windows, and the choices we made when designing the interface for Windows BOSH releases. We'll also discuss the benefits we found in moving to BOSH, instead of maintaining an alternative installation mechanism like MSI installers.


Natalie Arellano

Software Engineer, Pivotal
Natalie Arellano is a software engineer on the Garden Windows team at Pivotal in New York City.
avatar for Matthew Horan

Matthew Horan

Software Engineer, Pivotal
Matthew Horan has spent over a decade developing Web applications. Before becoming a developer, he worked as a systems administrator at various startups and hosting providers. Having worked with just about every configuration management tool, and being a developer by trade, he was... Read More →

Thursday June 15, 2017 2:30pm - 3:00pm PDT
Grand Ballroom AB

3:10pm PDT

Addressing Delivery Reliability in Loggregator - Adam Hevenor, Pivotal
In this session Adam will discuss Loggregator's evolving architecture influenced by customer requests for more reliable log delivery. Loggregator has undertaken a series of low level changes that addresses loss due to network (UDP), back pressure isolation (buffers) and service discovery reliance. Adam will describe current state and improvements in Loggregator as well as introduce roadmap and future work for Loggregator.   

avatar for Adam Hevenor

Adam Hevenor

Product Manager, Pivotal
I work at Pivotal on Enterprise PKS.

Thursday June 15, 2017 3:10pm - 3:40pm PDT
Grand Ballroom AB

4:10pm PDT

PCI Compliance using Cloud Foundry and BOSH Add-ons - Mark DCunha & Slawek Ligus, Pivotal
If your company accepts, transmits or stores any cardholder data you already know that PCI Compliance is a difficult process. This session will examine how Cloud Foundry and BOSH Add-ons can be used support compliance. It will cover our own journey through stemcell hardening, network encryption, antivirus scanning, file integrity monitoring and many other aspects affecting modern cloud platform security.

The continual onslaught of hackers against our networks means that every enterprise needs to know what they should be doing and how to do it. By adopting Cloud Foundry, you’ve taken an important step forward - but it’s not enough! Join this session to find out how companies are using Cloud Foundry to build a more secure computing platform. 

avatar for Mark DCunha

Mark DCunha

Mobile & Cloud Platforms, Pivotal
Mark D’Cunha is a Product Manager at Pivotal with a strong computer engineering and systems engineering background. He specializes in security, cloud and mobile solutions, helping customers to improve their productivity and transform their business through the power of platforms... Read More →
avatar for Slawek Ligus

Slawek Ligus

Slawek is a member of the PCI Security Engineering team. He is a systems and software engineer with a background in web development and operations and service-oriented architectures.

Thursday June 15, 2017 4:10pm - 4:40pm PDT
Grand Ballroom AB

4:50pm PDT

What's New in Cloud Foundry Volume Services [I] - Julian Hjortshoj & Paul Warren, Dell EMC

We’ve made some great strides in CF Volume Services since our last talk in October.

We’ll start with a quick reminder of what Volume Services support means, and how it works in CloudFoundry.  We will then highlight some of the new support we’ve added, including:

  • Support for existing NFS shares, with user<->app mapping to control app identity on the NFS server

  • Support for LDAP authentication (planned as of this writing)

  • Experimental Kerberos support

  • Support for Volume Services in PCFDev for easy ramp-up

  • Bosh runtime-configuration support for easier deployment of volume drivers

Finally we’ll do a 0-60 live demo showing how easy it can be to get started with shared filesystems in your own CF applications.

avatar for Julian Hjortshoj

Julian Hjortshoj

CF Volume Services PM, Dell EMC
Julian is the PM of the Cloud Foundry Persistence team, and an employee of the Dell EMC Office of the CTO. In his spare time, Julian enjoys traveling, cooking, sporadic exercise, and building stuff that isn’t software.

Thursday June 15, 2017 4:50pm - 5:20pm PDT
Grand Ballroom AB