F5 Logo MyF5
Search
  1. MyF5 Home
  2. Managing Applications in an Auto-Scaled Azure Cloud from BIG-IQ
  3. Standardize an Application Service for Self-service Deployment
Manual Chapter : Standardize an Application Service for Self-service Deployment

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 8.3.0, 8.2.0, 8.1.0, 8.0.0, 7.1.0
Manual Chapter

Standardize an Application Service for Self-service Deployment

Creating service templates for self-service application deployment

workflow graphic, create service template step
As a network engineer, you can create service templates with the objects and default parameter settings that you want your application manager to deploy. Using that template, and without having a lot of network expertise, the application manager can deploy the application service objects you want by simply specifying a few key values.
When you create a new service template, you can specify a set of objects that define an application service that can then be deployed to your BIG-IP devices. A service template is the baseline for creating a new application service. This allows you to maintain a consistent environment. Parameters that you define as editable are visible and can be revised.
For example, you can standardize your HTTPS application service to use a virtual server, a client SSL profile, a pool, and a node with specific default values. To do this, you create a service template that includes each of these objects. Parameters you don't want edited will be read-only, and those that can change for each application service show as editable. Then you assign permissions for this template to your application manager.
To create an application service, all the application manager needs to do is provide the editable values (virtual server address, number of nodes and their addresses, and so forth) and identify where the application service deploys to. When the application service deploys, BIG-IQ creates just the right objects and settings.
There are three ways to create a service template that defines the objects that you want to include in an application service. Select the option that works best for you.
  • Create the service template by cloning another service template.
  • Create the service template by importing object settings from a device managed by this BIG-IQ.
  • Create the service template manually, defining settings for each object included in the application service.
After you create a service template, it is listed on the Service Catalog Templates page. Note that there is no check mark in the Published column for it. This means two things:
  • The template can be edited. You can select it and revise any of the settings for that template.
  • You cannot use this template to create an application service.
Before you can use an unpublished (writeable) service template to create an application service, you must publish it. This locks the template, so that you can use it to create an application service.
To make a published template writeable so that you can make revisions, select the check box for it and click
Unpublish
.
You cannot make a template writeable if it is being used by an application service. To revise a template that is being used, you need to either clone that template or change the template that the application service uses.

Create a service catalog template starting with a clone of an existing template

BIG-IQ Centralized Management comes with several default service catalog templates for standard scenarios. Using the clone option, you make a copy of a service catalog template and then add or remove only the objects that need to change to produce the service catalog template you want. This allows you to maintain a consistent environment.
This workflow shows you how to clone a service catalog template that is already defined on this BIG-IQ. For details about other ways to define objects, refer to
Create a service catalog template by importing existing objects
 or
Create a service catalog template by manually specifying objects
 on
support.f5.com
.
  1. At the top of the screen, click
    Applications
    , then, on the left, click
    APPLICATION TEMPLATES
    .
    The screen lists the AS3 and service catalog templates defined on this BIG-IQ.
  2. Select the check box to the left of any service catalog template you want to clone.
  3. Click the
    More
     button and select
    Clone
    .
  4. Type a
    Name
     that you want to use for the clone, and then click
    Clone
    .
    The system creates a clone of the service catalog template and then opens the new template so you can make changes.
  5. Add or remove configuration objects to the cloned template until it meets your requirements.
    When you finish the edits to this new template, you can use it to create a new application service that deploys to your BIG-IP devices.
  6. If you manage version 15.0.1 or later BIG-IP devices, make sure that the virtual servers that deploy with this application use an HTTP profile compatible with the BIG-IP devices in your SSG.
    The default HTTP profile included in version 15.0.1 BIG-IP devices use a value (
    Sustain
    ) for the Response Chunking and Request Chunking parameters that is not compatible with the devices that deploy in an SSG. If you manage version 15.0.1 devices, you must make sure to specify virtual servers that use an HTTP profile that is compatible with the devices in an SSG.
    If you manage some BIG-IP devices that run version 15.0.1, but you also manage some devices that run a version earlier than 15.01:
    Use a version of HTTP profile compatible with the earlier versions so you can deploy an application to the SSG.
    1. On the Edit Template screen, under LOCAL TRAFFIC, select
      HTTP Profiles
      .
    2. Click
      Import
      .
    3. From the select list about half way down the screen, select HTTP Profiles.
    4. Select the check box for an HTTP profile that is compatible with BIG-IP versions earlier than 15.0.1.
    5. Click
      Add Selected
      .
    6. Click
      Import
      .
    If you manage only BIG-IP devices running versions earlier than 15.0.1,
    You need to create an HTTP profile that is compatible with the devices that run on an SSG, and make sure you use that HTTP profile when you deploy an application to the SSG.
    1. On the Edit Template screen, under LOCAL TRAFFIC, select HTTP Profiles.
    2. Click
      Create
      .
    3. For Request Chunking, select the
      Override
       check box and then specify a value other than
      Sustain
      .
    4. For Response Chunking, select the
      Override
       check box and then specify a value other than
      Sustain
      .
    5. Click
      Save & Close
      .
  7. Click
    Save & Close
    .
  8. When you are ready to use a template to create an application, select it and click
    Publish
    .
    BIG-IQ changes this template to read-only status, so you can use it to create a new application service that deploys to your BIG-IP devices.

Create a service catalog template by importing existing objects

Before you can import objects to an application template, you must have either created or imported the LTM objects from one of your managed BIG-IP devices.
When you create a new service catalog template, you specify a set of objects that can be used to create an application service. Later, when you use this service catalog template to create an application service, you can specify values for the objects that are defined as editable. Properties the template defines as not editable are not visible when you create an application service, but are included using the default values specified in the service catalog template. This allows you to maintain a consistent environment. When you use this template to create a service catalog template application service, BIG-IQ deploys the objects to your managed BIG-IP devices.
Specifying the objects by importing existing objects saves time and ensures that you get precisely the settings you are looking for.
  1. At the top of the screen, click
    Applications
    , then, on the left, click
    APPLICATION TEMPLATES
    .
    The screen lists the AS3 and service catalog templates defined on this BIG-IQ.
  2. Under Service Catalog Templates, click
    Create
    .
    The Create Service Template screen opens to General Properties.
  3. Type a
    Name
     and (optional)
    Description
     for the service catalog template you are creating, and then click
    Save
    .
    Once you define the name and save the template, you need to define the default objects for this template. This work flow shows you how to import objects that already exist on devices managed by this BIG-IQ. For details about other ways to define objects, refer to
    Create a service catalog template starting with a clone of an existing template
     or
    Create a service catalog template by manually specifying objects
     on
    support.f5.com
    .
  4. On the left, under
    PROPERTIES
    , expand
    LOCAL TRAFFIC
     or
    SECURITY POLICIES
     and then select any object type.
    For example, you could expand
    LOCAL TRAFFIC
    , and then click
    Virtual Servers
    .
    Until you configure at least one virtual server for this template, you cannot select any security policies to attach to the virtual servers in this template.
  5. Click
    Import
    .
    The Import Resources screen opens. The top half of the screen displays resources selected for importing. The bottom half provides controls for selecting objects to import to this template.
  6. From the select list about half way down the screen, select one of the object types you want to import.
    Objects of the type you selected that are currently defined on this BIG-IQ display just below the Select list.
  7. Select the check box for each object that you want to import.
    The lower right part of the screen displays preview information for the selected object. If you select multiple objects, the most recently selected item is previewed.
  8. When you have selected all of the objects that you want for a particular type, click
    Add Selected
    .
    The selected objects show in the list of objects to be imported.
  9. Repeat the previous three steps for each of the default object types that you want to import to this template.
  10. When you have assembled all of the objects that you want to import to this template, click
    Import
    .
    When you import an object created outside of the service catalog template user interface into a service catalog template, only the object name is set to be editable (and visible when someone uses this template to create a new application service ). For example, if a virtual server named
    SeattleServer
     is created on one of the BIG-IP devices that a BIG-IQ manages, that virtual server is imported to the BIG-IQ when you discover and import that device. You can then import
    SeattleServer
     into a service catalog template, but only the name (
    SeattleServer
    ) appears when that template is used to create an application service. You can edit the visibility setting on the Edit Template screen for the imported object.
    BIG-IQ adds the imported objects to the service catalog template. Objects that are set to be editable display when someone uses this template to create a new application service.
  11. If you want to edit any of the settings for the objects you imported, click the name of the object to access the edit screen for that object.
    When you save the changes for an object, the revisions you made become part of the template, and you can use it to create a new application service that deploys to your BIG-IP devices.
  12. Click
    Save & Close
    .
  13. When you are ready to use a template to create an application, select it and click
    Publish
    .
    BIG-IQ changes this template to read-only status, so you can use it to create a new application service that deploys to your BIG-IP devices.

Create a service catalog template by manually specifying objects

When you create a new service catalog template, you specify a set of objects that can be used to create an application service. Later, when you use this service catalog template to create an application service, you can specify values for the objects that are defined as editable. Properties the template defines as not editable are not visible when you create an application service, but are included using the default values specified in the service catalog template. This allows you to maintain a consistent environment. When you use this template to create a service catalog template application service, BIG-IQ deploys the objects to your managed BIG-IP devices.
  1. At the top of the screen, click
    Applications
    , then, on the left, click
    APPLICATION TEMPLATES
    .
    The screen lists the AS3 and service catalog templates defined on this BIG-IQ.
  2. Under Service Catalog Templates, click
    Create
    .
    The Create Service Template screen opens to General Properties.
  3. Type a
    Name
     and (optional)
    Description
     for the service catalog template you are creating, and then click
    Save
    .
    Once you define the name, you can define the default objects for this template. This work flow shows you how to manually define objects for this template. For details about other ways to create templates, refer to
    Create a service catalog template starting with a clone of an existing template
     or
    Create a service catalog template by importing existing objects
     on
    support.f5.com
    .
  4. If you have created any scripts that BIG-IQ should run before or after it creates this application service, or after you delete this application service, click
    PROPERTIES
    , and then select the ones you want.
    You can find the screen used to create scripts here:
    Devices
    SCRIPT MANAGEMENT
    Scripts
    .
  5. Click
    Save
    .
    BIG-IQ saves the name and your script selections. Now you can start adding the traffic management and security objects that you want to define for this application service.
  6. On the left, under
    PROPERTIES
    , expand
    LOCAL TRAFFIC
     or
    SECURITY POLICIES
     and then select any object type.
    For example, you could expand
    LOCAL TRAFFIC
    , and then click
    Virtual Servers
    .
    Until you configure at least one virtual server for this template, you cannot select any security policies to attach to the virtual servers in this template.
  7. Click
    Create
    .
    The screen you use to define the selected object type (for example, New Virtual Server) opens.
  8. In the
    Prompt
     field, type the text string that you want to display for this object when someone uses this template to create a new application service.
  9. If you want applications created with this template to be able to include more than one copy of the object you are adding, select
    Enable
     for
    Allow Multiple Instances
    .
  10. Specify all of the default parameters that you want to define for this object.
    Before you can add an object to the template, you must specify at least the required parameters for that object type. For example, to specify a virtual server, you only need to provide a name, a destination address, and a service port, even though there are another fifty or so settings you could specify.
  11. For each parameter that you specify, determine whether you want the person who deploys an application service using this template to be able to edit the default settings you are defining.
    If you check
    Editable
    When this template is used to create an application service, this parameter will be visible and the default values configurable.
    If you do not check
    Editable
    When this template is used to create an application service, this parameter will be included in the application service (with the settings that you specify here), but it will not be visible in the user interface.
    Only the parameters you select appear in the user interface when someone deploys an application service using this template.
  12. If you manage version 15.0.1 or later BIG-IP devices, make sure that the virtual servers that deploy with this application use an HTTP profile compatible with the BIG-IP devices in your SSG.
    The default HTTP profile included in version 15.0.1 BIG-IP devices use a value (
    Sustain
    ) for the Response Chunking and Request Chunking parameters that is not compatible with the devices that deploy in an SSG. If you manage version 15.0.1 devices, you must make sure to specify virtual servers that use an HTTP profile that is compatible with the devices in an SSG.
    If you manage some BIG-IP devices that run version 15.0.1, but you also manage some devices that run a version earlier than 15.01:
    Use a version of HTTP profile compatible with the earlier versions so you can deploy an application to the SSG.
    1. On the Edit Template screen, under LOCAL TRAFFIC, select
      HTTP Profiles
      .
    2. Click
      Import
      .
    3. From the select list about half way down the screen, select HTTP Profiles.
    4. Select the check box for an HTTP profile that is compatible with BIG-IP versions earlier than 15.0.1.
    5. Click
      Add Selected
      .
    6. Click
      Import
      .
    If you manage only BIG-IP devices running versions earlier than 15.0.1,
    You need to create an HTTP profile that is compatible with the devices that run on an SSG, and make sure you use that HTTP profile when you deploy an application to the SSG.
    1. On the Edit Template screen, under LOCAL TRAFFIC, select HTTP Profiles.
    2. Click
      Create
      .
    3. For Request Chunking, select the
      Override
       check box and then specify a value other than
      Sustain
      .
    4. For Response Chunking, select the
      Override
       check box and then specify a value other than
      Sustain
      .
    5. Click
      Save & Close
      .
  13. As you specify parameter values for this template object, you can click
    Preview
     in the upper right corner to see what the user interface will look like when someone uses this template to deploy an application service.
    For detailed information on the parameter settings to specify for particular use cases, refer to the documentation for that object type on
    support.F5.com
    . For example, for help understanding the parameters you specify for a client SSL profile, you would go to
    support.F5.com
    , select
    BIG-IQ Centralized Management
    , select the BIG-IP version you are using, and then select
    Managing Local Traffic Profiles
    .
  14. When you finish specifying parameters for this object, click
    Save
    .
    BIG-IQ adds the object you defined to the list of objects in this template. When you finish adding an object to a template, you can use it to create an application service.
  15. Continue this process until you have added all of the objects needed in this template.
    When you finish the edits to this new template, you can use it to create a new application service that deploys to your BIG-IP devices.
  16. Click
    Save & Close
    .
  17. When you are ready to use a template to create an application, select it and click
    Publish
    .
    BIG-IQ changes this template to read-only status, so you can use it to create a new application service that deploys to your BIG-IP devices.

When to use an SSG-compatible service template

If you manage version 15.0.1 or later BIG-IP devices, and want to deploy an application to a service scaling group (SSG), you must make sure that the virtual servers that deploy with the application services use an HTTP profile compatible with the BIG-IP devices in an SSG.
The default HTTP profile included in version 15.0.1 BIG-IP devices use a value (
Sustain
) for the Response Chunking and Request Chunking parameters that is not compatible with the devices that deploy in an SSG. If you manage version 15.0.1 devices, you must make sure to specify virtual servers that use an HTTP profile that is compatible with the devices in an SSG.
A BIG-IQ that currently manages version 15.0.1 BIG-IP devices and also manages BIG-IP devices that run earlier software versions, has HTTP profiles that are compatible with both versions. So you just need to choose the correct one when you deploy an application to an SSG.
If you currently manage version only version 15.0.1 BIG-IP devices you need to create an HTTP profile that is compatible with the devices in an SSG.

Create SSG-compatible service catalog template if you manage BIG-IP 15.0.1 devices

When you manage version 15.0.1 BIG-IP devices you need to make sure that the templates used to deploy applications to an SSG are compatible with the devices in an SSG.
The default HTTP profile included in version 15.0.1 BIG-IP devices uses a value (
Sustain
) for the Response Chunking and Request Chunking parameters that is not compatible with the devices that deploy in an SSG. If you manage version 15.0.1 devices, you must specify virtual servers that use an SSG-compatible HTTP profile.
  1. At the top of the screen, click
    Applications
    , then, on the left, click
    APPLICATION TEMPLATES
    .
    The screen lists the AS3 and service catalog templates defined on this BIG-IQ.
  2. Under Service Catalog Templates, click
    Create
    .
    The Create Service Template screen opens to General Properties.
  3. Type a
    Name
     and (optional)
    Description
     for the service catalog template you are creating, and then click
    Save
    .
  4. If you have created any scripts that BIG-IQ should run before or after it creates this application service, or after you delete this application service, click
    PROPERTIES
    , and then select the ones you want.
    You can find the screen used to create scripts here:
    Devices
    SCRIPT MANAGEMENT
    Scripts
    .
  5. Click
    Save
    .
    BIG-IQ saves the name and your script selections. Now you can start adding the traffic management and security objects that you want to define for this application service.
  6. Import the HTTP profile that you want the virtual servers specified in this template to use.
    If there is an HTTP profile on this BIG-IQ that is compatible with an SSG:
    Import an HTTP profile that is compatible with an SSG and make note of the profile name.
    1. On the Edit Template screen, under LOCAL TRAFFIC, select
      HTTP Profiles
      .
    2. Click
      Import
      .
    3. From the select list about half way down the screen, select
      HTTP Profiles
      .
    4. Select the check box for an HTTP profile that is compatible with BIG-IP versions earlier than 15.0.1.
    5. Click
      Add Selected
      .
    6. Click
      Import
      .
    If there is not an HTTP profile on this BIG-IQ that is compatible with an SSG:
    Import the HTTP profile you plan to use and then edit it so that it is compatible with the devices that run on an SSG. Make a note of the profile name.
    1. On the Edit Template screen, under LOCAL TRAFFIC, select
      HTTP Profiles
      .
    2. Click
      Import
      .
    3. From the select list about half way down the screen, select HTTP Profiles.
    4. Select the check box for the HTTP profile that you want to use in this application.
    5. Click
      Add Selected
      .
    6. Click
      Import
      .
    7. On the list of profiles included in this template, click on the Name of the profile you just imported.
    8. For Request Chunking, select the
      Override
       check box and then specify a value other than
      Sustain
      .
    9. For Response Chunking, select the
      Override
       check box and then specify a value other than
      Sustain
      .
    10. Click
      Save & Close
       to save the settings for this profile.
  7. Import the virtual servers that you want to include in this template and specify the correct HTTP profile for each one.
    1. On the left, under
      PROPERTIES
      , expand
      LOCAL TRAFFIC
       and then select
      Virtual Servers
      .
    2. Click
      Import
      .
    3. From the select list about half way down the screen, select
      Virtual Servers
      .
    4. Select the check box for the virtual servers that you want to import.
    5. Click
      Add Selected
      .
    6. Click
      Import
       to add the selected virtual servers to this template.
    7. On the list of virtual servers included in this template, click on the Name of the first virtual server you just imported.
    8. For the
      HTTP Profile
      , select the HTTP profile that you specified in the previous step.
      If you make the profile editable, instruct the person who deploys applications with this template that the HTTP profile used must be compatible with an SSG.
    9. Click
      Save & Close
       to save these settings for this virtual server.
    10. If you have additional virtual servers, repeat the last three sub-steps to make sure each one uses the correct HTTP profile.
    This template now specifies virtual servers that use an SSG-compatible HTTP profile. Now you just need to add the rest of the configuration objects needed in the application you plan to deploy with this template.
  8. On the left, under
    PROPERTIES
    , expand
    LOCAL TRAFFIC
     or
    SECURITY POLICIES
     and then select any object type.
    For example, you could expand
    LOCAL TRAFFIC
    , and then click
    Pools
    .
  9. Click
    Import
    .
    The Import Resources screen opens. The top half of the screen displays resources selected for importing. The bottom half provides controls for selecting objects to import to this template.
  10. From the select list about half way down the screen, select one of the object types you want to import.
    Objects of the type you selected that are currently defined on this BIG-IQ display just below the Select list.
  11. Select the check box for each object that you want to import.
    The lower right part of the screen displays preview information for the selected object. If you select multiple objects, the most recently selected item is previewed.
  12. When you have selected all of the objects that you want for a particular type, click
    Add Selected
    .
    The selected objects show in the list of objects to be imported.
  13. Repeat the previous three steps for each of the default object types that you want to import to this template.
  14. When you have assembled all of the objects that you want to import to this template, click
    Import
    .
    When you import an object created outside of the service catalog template user interface into a service catalog template, only the object name is set to be editable (and visible when someone uses this template to create a new application service ). For example, if a virtual server named
    SeattleServer
     is created on one of the BIG-IP devices that a BIG-IQ manages, that virtual server is imported to the BIG-IQ when you discover and import that device. You can then import
    SeattleServer
     into a service catalog template, but only the name (
    SeattleServer
    ) appears when that template is used to create an application service. You can edit the visibility setting on the Edit Template screen for the imported object.
    BIG-IQ adds the imported objects to the service catalog template. Objects that are set to be editable display when someone uses this template to create a new application service.
  15. If you want to edit any of the settings for the objects you imported, click the name of the object to access the edit screen for that object.
    When you save the changes for an object, the revisions you made become part of the template, and you can use it to create a new application service that deploys to your BIG-IP devices.
  16. Click
    Save & Close
    .
  17. When you are ready to use a template to create an application, select it and click
    Publish
    .
    BIG-IQ changes this template to read-only status, so you can use it to create a new application service that deploys to your BIG-IP devices.

Provide users access to self-serve applications in a scalable cloud

workflow graphic, assign permissions to end users step
After you create the templates and service scaling groups (SSG), you can provide access to these resources to application managers. You can provide different users access to different resources, according to their needs. With this access, application managers can create and monitor applications as needed, and interact with only those resources that they need to do their job. This simplifies the complexity of the objects that they have to be aware of, while allowing them the autonomy to create applications as they need them.
To provide access, you create a user, and associate the user to a custom application role with access to the resources they need to create and deploy applications into the scalable cloud.
  1. At the top of the screen, click
    System
    .
  2. On the left, click
    USER MANAGEMENT
    Users
    .
  3. Near the top of the screen, click the
    Add
     button.
  4. From the
    Auth Provider
     list, select the authentication method you want to use for this user.
    A user must belong to an LDAP group or have an assigned BIG-IQ role, or authentication will fail.
  5. In the
    User Name
     field, type the name for this user.
  6. In the
    Password
     and
    Confirm Password
     fields, type the password for this new user.
    You can change the password any time.
  7. On the left, click
    ROLE MANAGEMENT
    Roles
    .
  8. On the left, under
    CUSTOM ROLES
    , click
    Application Roles
    .
  9. Click
    Add
    .
  10. After you specify a
    Name
     and an optional
    Description
    , select the
    Active Users
     that you want to provide access to, and move them to the
    Selected
     list.
  11. For
    Service Catalog Templates
    , select each template you want to provide access to and move it to the
    Selected
     list.
  12. For
    Service Scaling Groups
    , select the service scaling group you created and move it to the
    Selected
     list.
  13. Click the
    Save & Close
     button.
It's a good idea to log in as this new user to confirm that the access you provided is correct. Once you verify that, you can give the user their user name and password for self-service access to application deployment.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information