From Pivotal Cloud Foundry (PCF) to TAS

Previously known as Pivotal Cloud Foundry (PCF), Tanzu Application Service (TAS) is an open-source, scalable platform as a service (PaaS) cloud application that allows users to manage Kubernetes-backed container services. TAS is designed to manage containers, Kubernetes, and microservices. An advantage of using this with a government client is that there seems to be a solid push to adopt this technology as a standard for Kubernetes-backed services. Allowing TAS to manage infrastructure lets users not worry about building configuration files for Kubernetes. This allows more time spent on developing the product for the customer.

What Are the Prerequisites?

  • The application that wants to be hosted by TAS needs to be “cloud-ready.”
    • There are specific buildpacks that TAS has built into it
    • More URL-backed buildpacks can be used if the one needed is not built into TAS.
  • TAS supports the application technology.
  • Credentials to the TAS service.
  • Application services (PostgreSQL, Redis, etc.) are available if the application needs to utilize them.
  • Access to the Organization and Space that your administrator set up.
  • Install the latest version of Cloud Foundry-Command Line Interface (cf-cli) on the machines that push apps to TAS. You can utilize many commands to maintain and push your applications to TAS. This article uses a few key commands to get started.

If desired, the Cloud Foundry Docs:

How Do I Log into TAS?

Utilizing cf-cli, you can log into the organization and space you or your administrator set up. The `cf login -a api-url ` command handles this and will prompt for credentials, org, and space if they are required. Alternatively, flags can be passed in the command to provide credentials, the org you belong to, and the space where you would like your code pushed. The -a flag of the cf login command is to specify the URL where TAS is located. If required, your administrator may have set up two-factor authentication. Once the proper login command is entered, a message will display a URL to get a code to supply to the command line to finish logging in. Once you have finished logging in, you are ready to push your first application.

Pushing Your Application into TAS

Install and Manage Your Applications in TAS

  • TAS applications can be managed in two different ways: with the Apps Manager user interface (if enabled by your administrator) or using cf-cli. Utilizing the command line is the most versatile way of managing your application after it is set up. This must be installed on the machine used to push the applications to TAS. If your administrator allows, Spaces and Orgs can be created by you using cf-cli or through the web user interface. The structure for what is needed for an application to run in TAS is as follows:
  • Access to the TAS API (credentials and/or 2FA).
  • cf-cli installed on the machines that will be performing maintenance and installations.
  • Access to a company Organization (Org) in TAS.
  • Access to the Space in the Org.
  • Ability to bind Services to the application that you are installing.
  • Utilizing the built-in buildpacks or adding your own that is not built-in.

After logging into the org and space in the TAS instance you have access to, you can utilize cf-cli to push your app package to the space.

In this example, we are pushing a Spring Boot application to TAS. We need a manifest.yml file to exist in the root of the project files.

manifest.yml file to exist in the root of the project files

This manifest file is an application deployment file that contains the information needed to deploy the application to the TAZ instance. This file always starts with three dashes (—) at the start of the file. Critical attributes are explicitly used in the manifest to describe deployment needs. We use a select few here, but the rest can be found in the App Manifest Attribute Reference (

App Manifest Attribute Reference Window

  • The applications attribute describes the application(s) you want to deploy to TAS.
  • The name attribute is the name of your app to be deployed.
  • The path is the target of your build package for your app.
  • The memory attribute specifies how much memory to allocate for your app when running.
  • The disk_quota attribute specifies how much disk space to allocate for your app when running.
  • The instance attribute specifies how many instances should be running for your app. This can be scaled via the user interface or through cf-cli after the app is deployed.
  • The buildpacks attribute specifies which build pack to use when deploying your app. In this instance, we are building a Spring Boot application. We have selected to use the java buildpack.
  • The env attribute specifies any environment variables that are needed for build or run time.

Once your manifest.yml file is created, use the -f flag in the push command to specify where the manifest is located. Then, you are ready to push your app. The `cf push` command will pick up the manifest.yml file you specified and push it to the org and space you are logged into. If you do not want to allow the app to start right after pushing the app, use the `–no-start flag in the command. You may not want the app to auto-start after the push if you need to bind a service to the app before it runs. That can be achieved via the TAS UI or via the command line. The docs will provide more information as to how you bind services. After set up is complete and pushed, you can now run your app with `cf start your-app-name.

After logging into the Apps Manager for your Org, your spaces will be displayed.

Spaces Displayed in App Manager

Under one of those spaces will be your app you have pushed via cf-cli. The right-most column displays the route that was created for your app. Below is the published URL for your application where your users will have access.

Route Created for Your Application

Once you are into the app, you have pushed in the Apps Manager user interface. All the info about your running app will be displayed. From here, you can manage your application.

Manage Your Application with your User Interface

Let’s Wrap Up

With TAS, you can migrate any running applications into a cloud platform that can run and scale at any given time. It provides the back-end clustering capabilities that many applications use in a cloud environment without the user having to set it up. Its open-source code enables companies to offer their own ‘in-house’ service for their engineers to utilize for their customers.

A Level of Certification to Consider

Obtaining a Secuirty+ certification allows individuals that are pursuing a career in an information technology field many opportunities. A good portion of DoD jobs requires this level of certification to maintain secure systems utilized daily. This training ensures that the minimum-security requirements convey. The exam is difficult because it covers an extensive range of topics under Information Technology Security.

There are multiple ways to study for the Security+ exam. This article demonstrates one way to follow. It has been a proven method to achieve a passing score the first time taking the exam. When this article was written, the SYO-501 was the current exam offered.

What You Need

Below are suggested materials to guide you towards the exam, with specific examples outlined in the subsequent sections:

  • Books (there are two specific titles mentioned in this blog)
  • Additional Subscription Study materials (this is not required, but suggested)
  • Friends to study with (or to keep you awake when you are supposed to be studying)
  • A well-rested mind
  • One month to prepare (suggested if you are new to the material)

Step 1: Read the Fun Manual (RTFM)

StudyingFirst of all, the best way to get a good grasp of the material is to take a class offered by qualified and licensed entities. These courses usually last five days and will follow a book, or multiple books, for education material. Attendance is either via an online course taken at your leisure or in person at a facility. If you can have a company host the professional to teach an on-site/virtual class, that is the best way to get involved in a course. You can purchase two useful books at many major retailers that sell course material for CompTIA:

  • CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide by Darril Gibson
  • CompTIA Security+ SY0-501 Cert Guide by David L. Prowse.

Reading these books is recommended, regardless of if you take the course or not. Allow plenty of time to get through both of them. Both cover topics in length on different subjects and give you an excellent grasp of all the exam material. Ensure that the proper books purchased are for the current exam that is offered. Failure to do so will result in information missed that may be on the exam. If time is of the essence, reading the book by Darril Gibson would be recommended. Then use the David Prowse book and skim through the sections that expand a bit more on the topics not covered in the first book.

Step 2: Online Videos (they are free!)

An excellent online resource to use is Professor Messer’s CompTIA SY0-501 Security+ Course. The videos are a completely free way to cram a lot of information quickly after reading the books. I’d recommend doing so in this order. You can do the reverse if you like. However, listening to the videos as you are driving or going about your day after reading the material makes it easier to retain the information. There are also other study materials offered for sale to help aid in the passing of the exam. Listening to all the videos after reading the material is thoroughly suggested to help retain the information. There is also information covered in these videos that had not been discovered in the books recommended to use.

Security Studying

Step 3: Get Certified and Get Ahead Study Material

If you can afford to do so, purchase the full study guide at GCGAPremiumPass. There is a package that is great to use after completing the books and videos. The study package follows Darril Gibson’s book recommended above. A package is offered that contains the book and the study guide to save some money. This is the recommended way to get both if you have not taken a course that includes the book in the purchase. The full study guide includes:

  • Multiple-choice Security+ practice test questions
  • Performance-based questions
  • Audio from the Study Guide
  • Online flashcards

The audio “Remember This” material is one of the best things you can use to retain the information in this book’s chapters. Reading a chapter and listening to the accompanying audio file for it will help immensely. If there is something in the audio file that you do not understand, go back and read the section in question. Then, listen to the remember this audio file again. Each of these files is ten minutes or less. Using these to listen to while you are driving or folding laundry will help you retain what you have read from each chapter. These short audio clips are handy to keep the information fresh in your mind. Using the flashcards in this manner will also help you remember specific details like ports and acronyms useful for the test. Acronyms are the most significant thing to commit to memory. The exam will not spell these out for you. If you do not know all of them, you will spend a lot of your time on questions trying to figure out their context.

The practice questions are a great way to get yourself prepared for the exam. With one caveat: do not just memorize where the answer is in the order of the list. The order of the answers will change between chapter exams and full exams. Taking these in order of the chapters, then taking the complete exams is the best course of action. This helps eliminate your brain tricking you into choosing the answer’s letter rather than identifying the correct answer by knowledge. Please note that no matter how many times you will take these practice exams, the real exam will not have questions on it that are the same.

Step 4: Test Day

Prepare yourself by taking some time off before the exam to let the information sink in. Cramming right up until the test time will only confuse you for the information you need to know. A fresh mind and a calm attitude will go a long way. The exam is timed, so you will see the time the whole way through. Try not to pay too much attention to it without ignoring it. There are scenario-based questions included in the exam. These questions will take much set up time to figure out an answer. Building networks or figuring out access points will be common questions. The rest will be multiple choice. The best plan of action will be to answer all the questions you know as quickly as possible, allowing time to go back through to think about the questions you are not sure of. Usually, your first answer that you put down will be the correct one if you studied enough. Spending too much time on a question will lead you to second guess yourself, and you may settle on the wrong answer. There is an option to flag questions you are unsure of so that you can return to them at a later time. The best advice here is to make sure you answer the question you are unsure of and flag it when you move on. This way, if you run out of time, the question is answered. It may be wrong, but it is better than leaving a question empty.

After the exam time has run out the clock, a survey will be presented for you to take. You will not see your score before your survey is complete. Don’t worry that some technical glitch may be happening. If you passed the test, a certificate would be mailed to you. You can then present this to your organization. If not, you will be able to retake the exam. It is suggested that you give yourself some more study time and focus on the areas the summary lets you know where you are not strong in your knowledge.


The suggestions stated here are just that: suggestions that have worked for some people. Others require less time to prepare and study, and some require a lot. If you put enough work into preparing for the exam and ensure you have a positive attitude about it, you will do great. Don’t worry if you do not pass the first time. The exam is challenging to prepare for in a limited amount of time. No matter how much preparation you have put in, there will still be questions presented to you that you feel you have not covered. The exam is tailored that way to collect statistics and catch cheaters. Getting with a group of people for the exam prep is the best way to study for this. Instructors can be hired to teach you the exam’s ins and outs and the history of the questions presented. Good luck!