Manual Chapter : Configuring Webtops

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 14.1.0
Manual Chapter

Configuring Webtops

About webtops

There are three webtop types you can define on Access Policy Manager® (APM®). You can define a network access only webtop, a portal access webtop, or a full webtop.
Do not assign a webtop for a portal access connection configured for minimal patching mode. This configuration does not work.
  • A network access webtop provides a webtop for an access policy branch to which you assign only a network access resource for starting a network access connection that provides full network access.
  • A portal access webtop provides a webtop for an access policy branch to which you assign only portal access resources. When a user selects a resource, APM communicates with back-end servers and rewrites links in application web pages so that further requests from the client browser are directed back to the APM server.
  • A full webtop provides an access policy ending for an access policy branch to which you can optionally assign portal access resources, app tunnels, remote desktops, and webtop links, in addition to network access tunnels. Then, the full webtop provides your clients with a web page on which they can choose resources, including a network access connection to start.
    If you add a network access resource with Auto launch enabled to the full webtop, the network access resource starts when the user reaches the webtop. You can add multiple network access resources to a webtop, but only one can have Auto launch enabled.
Resource assign action with resources and a webtop assigned
resource assign with resources and webtop

Configuring a full webtop

A full webtop allows your users to connect and disconnect from a network access connection, portal access resources, SAML resources, app tunnels, remote desktops, and administrator-defined links.
  1. On the Main tab, click
    Access
    Webtops
    Webtop Lists
    .
    The Webtops screen displays.
  2. Click
    Create
    .
    The New Webtop screen opens.
  3. In the
    Name
    field, type a name for the webtop.
  4. From the
    Type
    list, select
    Full
    .
    The Configuration area displays with additional settings configured at default values.
  5. Click
    Finished
    .
The webtop is now configured, and appears in the list. You can edit the webtop further, or assign it to an access policy.
To use this webtop, it must be assigned to an access policy with an advanced resource assign action or with a webtop, links, and sections assign action. All resources assigned to the full webtop are displayed on the full webtop.

Creating a webtop link

You can create and customize links that you can assign to full webtops. In this context,
links
are defined applications and websites that appear on a webtop, and can be clicked to open a web page or application. You can customize these links with descriptions and icons.
  1. On the Main tab, click
    Access
    Webtops
    Webtop Links
    .
  2. Click
    Create
    .
    The New Webtop Link screen opens.
  3. In the
    Name
    field, type a name for the webtop link.
  4. From the
    Link Type
    list, select whether the link is a URI or hosted content.
    • If you selected
      Application URI
      , in the
      Application URI
      field, type the application URI.
    • If you selected
      Hosted Content
      , select the hosted file to use for the webtop link.
  5. In the
    Caption
    field, type a descriptive caption.
    The
    Caption
    field is pre-populated with the text from the
    Name
    field. Type the link text that you want to appear on the web link.
  6. If you want to add a detailed description, type it in the
    Detailed Description
    field.
  7. To specify an icon image for the item on the webtop, click in the
    Image
    field and choose an image, or click the
    Browse
    button.
    Click the
    View/Hide
    link to show or hide the currently selected image.
  8. Click
    Finished
    .
The webtop link is now configured, and appears in the list, and on a full webtop assigned with the same action. You can edit the webtop link further, or assign it to an access policy.
Before you can use this webtop link, it must be assigned to an access policy with a full webtop, using either an advanced resource assign action or a webtop, links and sections assign action.

Customizing a webtop link

You can customize links that you assign to full webtops.
  1. On the Main tab, click
    Access
    Webtops
    Webtop Links
    .
  2. Click the name of the webtop link you want to customize.
    The properties screen for the webtop link appears.
  3. To change the description of the link, in the
    Description
    field, type a new description.
  4. To change the URI of the link, in the
    Application URI
    field, type the application URI.
  5. If you made changes on the properties screen, click
    Update
    .
  6. Click the Customization tab.
  7. Select the
    Language
    to customize, or click the
    Create
    button to create a new language customization.
  8. If you clicked
    Create
    to create a new language customization, from the
    Language
    list, select the language to customize.
  9. In the
    Caption
    field, type a descriptive caption.
  10. In the
    Detailed Description
    field, type a detailed description.
  11. In the
    Image
    field, click
    Browse
    to select an image to show on the webtop to represent the webtop link. Click the
    View/Hide
    link to show the currently assigned image.
    A webtop link image can be a GIF, BMP, JPG or PNG image up to 32 x 32 pixels in size.
  12. Click
    Finished
    .
The webtop link is now configured, and appears in the list, and on a full webtop assigned with the same action. You can edit the webtop link further, or assign it to an access policy.
Before you can use this webtop link, it must be assigned to an access policy with a full webtop, using either an advanced resource assign action or a webtop, links and sections assign action.

Overview: Organizing resources on a full webtop

At your option, you can override the default display for resources on a full webtop by organizing resources into user-defined sections. A
webtop section
specifies a caption, a list of resources that can be included in the section, and a display order for the resources. The order in which to display webtop sections is also configurable.

Task summary

About the default order of resources on a full webtop

By default, resources display on a webtop in these sections: Applications and Links, and Network Access. Within the sections, resources display in alphabetical order.

Creating a webtop section

Create a webtop section to specify a caption to display on a full webtop for a list of resources. Specify the order of the webtop section relative to other webtop sections.
  1. On the Main tab, click
    Access
    Webtops
    Webtop Sections
    .
    The Webtop Sections screen displays.
  2. In the
    Name
    field, type a name for the webtop section.
  3. From the
    Display Order
    list, select one the options.
    Specify the display order of this webtop section relative to others on the webtop.
    • First
      : Places this webtop section first.
    • After
      : When selected, an additional list displays; select a webtop section from it to place this webtop section after it in order.
    • Specify
      : When selected, an additional field displays. Type an integer in it to specify the absolute order for this webtop section.
  4. From the
    Initial State
    list, select the initial display state:
    • Expanded
      : Displays the webtop section with the resource list expanded.
    • Collapsed
      : Displays the webtop section with the resource list collapsed.
  5. Click
    Finished
    .
The webtop section is created.
Specify resources for this webtop section.

Specifying resources for a webtop section

Specify the resources to display in a webtop section.
When these resources are assigned to a session along with the webtop section, they display in the section on the webtop.
  1. On the Main tab, click
    Access
    Webtops
    Webtop Sections
    .
    The Webtop Sections screen displays.
  2. In the table, click the name of the webtop section that you want to update.
    The Properties screen displays.
  3. Repeat these steps until you have added all the resources that you require:
    1. Click
      Add
      .
      A properties screen displays the list of resources.
    2. Locate the appropriate resources, select them, and click
      Update
      .
      The Webtop Sections screen displays.
Webtop sections can be assigned in an access policy using Webtop, Links and Sections, or Advanced Resource Assign actions.

Adding a webtop, links, and sections to an access policy

You must have an access profile set up before you can add a webtop, links, and sections to an access policy.
You can add an action to an access policy to add a webtop, webtop links, and webtop sections to an access policy branch. Webtop links and webtop sections are displayed on a full webtop.
Do not assign a webtop for a portal access connection configured for minimal patching mode; this configuration does not work.
  1. On the Main tab, click
    Access
    Profiles / Policies
    .
    The Access Profiles (Per-Session Policies) screen opens.
  2. Click the name of the access profile for which you want to edit the access policy.
    The properties screen opens for the profile you want to edit.
  3. On the menu bar, click
    Access Policy
    .
  4. In the General Properties area, click the
    Edit Access Policy for Profile
    profile_name
    link.
    The visual policy editor opens the access policy in a separate screen.
  5. On a policy branch, click the
    (+)
    icon to add an item to the policy.
    A popup screen displays actions on tabs, such as General Purpose and Authentication, and provides a search field.
  6. On the Assignment tab, select the
    Webtop, Links and Sections Assign
    agent and click
    Add Item
    .
    The Webtop, Links and Sections Assignment screen opens.
  7. In the
    Name
    field, type a name for the policy item.
    This name is displayed in the action field for the policy.
  8. For each type of resource that you want assign:
    1. Click the
      Add/Delete
      link next to the resource type (
      Webtop Links
      ,
      Webtop Sections
      , or
      Webtop
      ).
      Available resources are listed.
    2. Select from the list of available resources.
      Select only one webtop.
    3. Click
      Save
      .
  9. Click the
    Save
    button to save changes to the access policy item.
You can now configure further actions on the successful and fallback rule branches of this access policy item.
Click the
Apply Access Policy
link to apply and activate your changes to this access policy.
To ensure that logging is configured to meet your requirements, verify the log settings for the access profile.

Assigning resources to a user

Before you can assign resources to a user, you must have created an access profile.
You can add the advanced resource assign action to an access policy to add a network access resource, portal access resources, application tunnel resources, SAML resources, and remote desktop resources to an access policy branch. You can also assign ACLs, webtops, webtop links, and webtop sections with the advanced resource assign action.
Do not assign a webtop for a portal access connection configured for minimal patching mode; this configuration does not work.
  1. On the Main tab, click
    Access
    Profiles / Policies
    .
    The Access Profiles (Per-Session Policies) screen opens.
  2. Click the name of the access profile for which you want to edit the access policy.
    The properties screen opens for the profile you want to edit.
  3. On the menu bar, click
    Access Policy
    .
  4. In the General Properties area, click the
    Edit Access Policy for Profile
    profile_name
    link.
    The visual policy editor opens the access policy in a separate screen.
  5. On a policy branch, click the
    (+)
    icon to add an item to the policy.
    A popup screen displays actions on tabs, such as General Purpose and Authentication, and provides a search field.
  6. On the Assignment tab, select
    Advanced Resource Assign
    and click the
    Add Item
    button.
    The Advanced Resource Assign popup screen opens.
  7. In the
    Name
    field, type a name for the policy item.
    This name is displayed in the action field for the policy.
  8. Click the
    Add new entry
    button.
    A new resource line is added to the list.
  9. To assign resources, in the Expression area, click the
    Add/Delete
    link.
    The Resource Assignment popup screen opens.
  10. Assign resources to the access policy using the available tabs.
    Tab
    Description
    Static ACLs
    Allows you to select one or more ACLs defined on the system. Each ACL you select is assigned to the access policy branch on which this resource assign action operates.
    Network Access
    Allows you to select a single network access resource from the system. You can select only one network access resource. The network access resource you select is assigned to the access policy branch on which this resource assign action operates.
    Portal Access
    Allows you to select one or more portal access resources from the system. The portal access resources you select are assigned to the access policy branch on which this resource assign action operates.
    App Tunnel
    Allows you to select one or more application tunnel resources from the system. The application tunnel resources you select are assigned to the access policy branch on which this resource assign action operates.
    Remote Desktop
    Allows you to select one or more remote desktop (terminal server) resources from the system. The remote desktop resources you select are assigned to the access policy branch on which this resource assign action operates.
    SAML
    Allows you to select one or more SAML resources from the system. The SAML resources you select are assigned to the access policy branch on which this resource assign action operates. Select a full webtop to display SAML resources.
    Webtop
    Allows you to select a webtop from the system. The webtop resource you select is assigned to the access policy branch on which this resource assign action operates. You can select a webtop that matches the resource type, or a full webtop.
    Webtop Links
    Allows you to select links to pages and applications defined on the system to display on the full webtop. A full webtop must be assigned to display webtop links.
    Webtop Sections
    Allows you to select one or more sections into which to organize the selected resources on the webtop. A full webtop must be assigned to display webtop sections.
    Static Pool
    Allows you to dynamically assign a predefined LTM pool to a session. This value takes precedence over any existing assigned pool attached to the virtual server. The static pool you select is assigned to the access policy branch on which this resource assign action operates.
    You can also search for a resource by name in the current tab or all tabs.
  11. Click the
    Save
    button to save changes to the access policy item.
You can now configure further actions on the successful and fallback rule branches of this access policy item.
Click the
Apply Access Policy
link to apply and activate your changes to this access policy.
To ensure that logging is configured to meet your requirements, verify the log settings for the access profile.

Verifying log settings for the access profile

Confirm that the correct log settings are selected for the access profile to ensure that events are logged as you intend.
Log settings are configured in the
Access
Overview
Event Log
Settings
area of the product. They enable and disable logging for access system and URL request filtering events. Log settings also specify log publishers that send log messages to specified destinations.
  1. On the Main tab, click
    Access
    Profiles / Policies
    .
    The Access Profiles (Per-Session Policies) screen opens.
  2. Click the name of the access profile that you want to edit.
    The properties screen opens.
  3. On the menu bar, click
    Logs
    .
    The access profile log settings display.
  4. Move log settings between the
    Available
    and
    Selected
    lists.
    You can assign up to three log settings that enable access system logging to an access profile. You can assign additional log settings to an access profile provided that they enable logging for URl request logging only.
    Logging is disabled when the
    Selected
    list is empty.
  5. Click
    Update
    .
An access profile is in effect when it is assigned to a virtual server.

Webtop properties

Use these properties to configure a webtop.
Property setting
Value
Description
Type
Network Access
,
Portal Access
, or
Full
  • Use
    Network Access
    for a webtop to which you assign only a single network access resource.
  • Use
    Portal Access
    for a webtop to which you assign only portal access resources.
  • Use
    Full
    for a webtop to which you assign one or more network access resources, multiple portal access resources, and multiple application access application tunnel resources, or any combination of the three types.
Portal Access Start URI
URI.
Specifies the URI that the web application starts. For full webtops, portal access resources are published on the webtop with the associated URI you define when you select the
Publish on Webtop
option.
Minimize to Tray
Enable
or
Disable
.
If this check box is selected, the webtop is minimized to the system tray automatically after the network access connection starts. With a network access webtop, the webtop automatically minimizes to the tray. With a full webtop, the webtop minimizes to the system tray only after the network access connection is started.
The
Enable
option does not work, however, for web browsers that do not support NPAPI plugins. The result is the main APM web browser window is not minimized to the system tray after network access connects successfully.