F5 Logo MyF5
Search
  1. MyF5 Home
  2. Knowledge Center
  3. Managing DDoS Attacks using BIG-IQ
  4. CE file for application management
Manual Chapter : CE file for application management

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 7.1.0
Manual Chapter

CE file for application management

When you create a new service catalog template, you specify a set of objects that can be used to create an application service. Later, when you use this service catalog template to create an application service, you can specify values for the objects that are defined as editable. Properties the template defines as not editable are not visible when you create an application service, but are included using the default values specified in the service catalog template. This allows you to maintain a consistent environment. When you use this template to create a service catalog template application service, BIG-IQ deploys the objects to your managed BIG-IP devices.
BIG-IQ provides user interface screens that help you to create and edit Application Services 3 Extension (AS3) templates. A finished template is actually the body of a JSON declaration that the AS3 service can use to deploy applications to your managed devices. But the BIG-IQ user interface builds the JSON body for you, so you don't need to learn to create well-formed JSON to create an AS3 application service.
You create a new device template to specify a base configuration to create devices in a service scaling group (SSG). When you deploy the SSG, BIG-IQ uses the device template settings to create new virtual devices in your cloud environment. Not all objects are required in every environment. The table lists the object types that you can configure along with details about how the SSG uses those details.
When you specify the properties for an AS3 class that requires a block of text (for example, a certificate, a private key, or an iRule), you must use extra care to make sure that BIG-IQ can process the text that you provide. If you must type this text, do not use the backslash character (for example:
\n
 as a new line or
\r
as a return). AS3 does not process text that contains these characters. If you find these characters in text that you need to use, you can:
  1. Copy the body text to a text editor.
  2. Replace any instances of
    \n
    or
    \r
     with an actual new line (press the Return or Enter key to get a new line).
  3. Remove any instances of
    \
     (For example
    \”10”\
     becomes
    “10”
    ).
  4. Copy the resulting text string and paste it in the text box.
When you deploy the application service, AS3 processes the text that you pasted in.
One potentially common scenario that requires moving or merging application services occurs when you use an API to create an AS3 application service. The AS3 API creates these services as components of an application named
Unknown Applications
. You can organize these API-created services (using the
Move
 or
Merge
 button) to organize these services into the application that works best for you.
You cannot merge or move an application service to an application created with a different template type. That is, a service catalog application service cannot be a part of an AS3 application, and vice versa. Further, a legacy application service cannot be part of an application created with either type of template.
You cannot use this work flow to make substantive changes to a legacy application (one that uses virtual servers previously deployed to a managed device). Except for enabling, disabling or forcing offline virtual servers, pools, or pool members, you make changes to legacy applications by editing the virtual server settings. Refer to
Managing Virtual Servers
 in the
BIG-IQ Centralized Management: Local Traffic and Network Implementations
guide on
support.f5.com
.
  1. At the top of the screen, click
    Applications
    , then, on the left, click
    APPLICATION TEMPLATES
    .
    The screen lists the AS3 and service catalog templates defined on this BIG-IQ.
  2. At the top of the screen, click
    Applications
     then, on the left, click
    APPLICATIONS
    .
    The screen lists the applications currently defined on this device.
  3. In the list of applications, click the name of the one that you want to add an application service to.
    The screen displays the list of application services defined for this application.
  4. At the top of the screen, click
    Applications
     then, on the left, click
    ENVIRONMENTS
    Cloud Environments
    .
  5. At the top of the screen, click
    Applications
     then, on the left, click
    ENVIRONMENTS
    Cloud Providers
    .
  6. Under Service Catalog Templates, click
    Create
    .
    The Create Service Template screen opens to General Properties.
  7. Under AS3 Templates, click
    Create
    .
  8. Click
    Create
    .
    The New Cloud Environment screen opens.
  9. Click
    Create
    .
    The New Cloud Provider screen opens.
  10. Click
    Create
    .
    The Create Application Service screen opens.
  11. Click
    Create
    .
    The Create Application Services screen opens and, because you are editing an existing application, the
    Grouping
     and
    Application Name
     settings are disabled.
  12. Decide whether you want to add a service to an existing application or to create a new application and application service.
    To add a service to a new application:
    1. For Grouping, select
      New Application
      .
    2. For
      Application Name
      , type a name for the new application.
    3. You can type a
      Description
       to identify the new application.
    To add a service to an existing application:
    1. For Grouping, select
      Part of an Existing Application
      .
    2. From
      Application Name
      , select the name of the application to which you want to add this application service.
    3. You can type a
      Description
       to identify the application.
  13. If you manage version 15.0.1 or later BIG-IP devices, make sure that the virtual servers that deploy with this application use an HTTP profile compatible with the BIG-IP devices in your SSG.
    The default HTTP profile included in version 15.0.1 BIG-IP devices use a value (
    Sustain
    ) for the Response Chunking and Request Chunking parameters that is not compatible with the devices that deploy in an SSG. If you manage version 15.0.1 devices, you must make sure to specify virtual servers that use an HTTP profile that is compatible with the devices in an SSG.
    If you manage some BIG-IP devices that run version 15.0.1, but you also manage some devices that run a version earlier than 15.01:
    Use a version of HTTP profile compatible with the earlier versions so you can deploy an application to the SSG.
    1. On the Edit Template screen, under LOCAL TRAFFIC, select
      HTTP Profiles
      .
    2. Click
      Import
      .
    3. From the select list about half way down the screen, select HTTP Profiles.
    4. Select the check box for an HTTP profile that is compatible with BIG-IP versions earlier than 15.0.1.
    5. Click
      Add Selected
      .
    6. Click
      Import
      .
    If you manage only BIG-IP devices running versions earlier than 15.0.1,
    You need to create an HTTP profile that is compatible with the devices that run on an SSG, and make sure you use that HTTP profile when you deploy an application to the SSG.
    1. On the Edit Template screen, under LOCAL TRAFFIC, select HTTP Profiles.
    2. Click
      Create
      .
    3. For Request Chunking, select the
      Override
       check box and then specify a value other than
      Sustain
      .
    4. For Response Chunking, select the
      Override
       check box and then specify a value other than
      Sustain
      .
    5. Click
      Save & Close
      .
  14. Specify property values for the remaining objects that deploy with this application service.
  15. When you have configured the objects that you want to include in this application, click
    Create
    .
    BIG-IQ creates the application with the application service you defined, then deploys it to the target you specified.
  16. Use the
    Application Name
     and
    Description
     settings under Application Properties to identify this application.
  17. Select the template you want to use to create an application from, and then click
    Create Application
    .
  18. Use the
    Application Service Name
     and
    Description
     settings under General Properties to identify the application service.
  19. For the
    Template Type
    , select the service catalog template you want to use to create this application from.
  20. For the
    Template
    , select the service catalog template you want to use to create this application from.
    You must use one of these following templates:
    • Default-AWS-f5-HTTPS-WAF-lb-template
    • Default-AWS-f5-HTTPS-offload-lb-template
    • A custom template cloned from either of these two templates.
  21. At the top of the screen, click
    Devices
     then, on the left, click
    DEVICE TEMPLATES
    .
  22. Click
    Create
    .
  23. Type a
    Name
     and (optional)
    Description
     for the service catalog template you are creating.
    Once you define the name, you can either save the template and define the default objects for this template later, or you can define them now. This workflow continues on, showing you how to import objects that already exist on devices managed by this BIG-IQ. For details about other ways to define objects, refer to
    Create a service catalog template starting with a clone of an existing template
     or
    Create a service catalog template by manually specifying objects
     on
    support.f5.com
    .
  24. Type a brief
    Description
     for the service catalog template you are creating, to help identify it when you want to use it later.
  25. On the left, under
    PROPERTIES
    , expand
    LOCAL TRAFFIC
    SECURITY POLICIES
    Security
    , and then select any object type.
    For example, you could expand
    LOCAL TRAFFIC
    , and then click
    Virtual Servers
    .
    The screen lists any objects defined for this template along with buttons you can use to import or create new objects.
  26. On the left, under
    PROPERTIES
    , expand
    LOCAL TRAFFIC
     or
    SECURITY POLICIES
     and then select any object type.
    For example, you could expand
    LOCAL TRAFFIC
    , and then click
    Virtual Servers
    .
    Until you configure at least one virtual server for this template, you cannot select any security policies to attach to the virtual servers in this template.
  27. On the left, under
    Properties
    , expand
    Local Traffic
     or
    Security
     and then select the object type you want to edit.
    For example, you could expand
    Local Traffic
    , and then click
    Virtual Servers
    .
    You can edit the settings for this template either manually or by importing existing objects.
  28. Click the name of the AS3 template that you want to edit.
    You cannot edit a published template. If the template has been published, but has not been used to deploy an application, you can unpublish it to make it writable. If the template has been used to deploy an application, you have two options:
    • Make a clone of the published template and make your changes to the clone. For details, refer to
      Clone an AS3 template
       on
      support.f5.com.
      .
    • Use the
      Switch to template
       button to change the template that the application uses. For details, refer to
      Change the template for a deployed application
       on
      support.f5.com.
      .
    The properties area displays the list of currently defined services for the selected template.
  29. Specify the
    Tenant
     name for this template.
    • To allow the name to be specified when this template is used to deploy an application service, select
      Editable
      .
    • To specify the name here, clear the
      Editable
       check box and type a name for the
      Tenant
      .
    If you have deployed configuration objects to BIG-IP devices and you plan to use this template to deploy application services to those same devices, do not choose a
    Tenant
     name that might match the name of partitions on which your previously deployed configuration objects reside. For more detail on how AS3 uses the tenant name and guidelines for using this control effectively, see AS3 tenant name details.
  30. Review the classes defined in the template you selected, and revise any values that need to be tailored to your specific requirements.
    1. To add or remove classes defined in this template, on the left, under
      PROPERTIES
      , click
      Add/Remove
      .
    2. Select or clear check boxes for the classes that you want to add or remove from this template, until all of the objects your application service needs are included. Then click
      Save
       to display the new list of classes below the template Properties on the left.
      For detailed AS3 class definitions and descriptions of what each property controls, refer to schema-reference.html#service-https.
      The AS3 JSON schema defines default values for each class property. You can either leave a property at the default, or specify a new default value. You can also specify which property values can be seen and revised when this template is used to create an application service
  31. For each class you added, decide which properties you want to specify, and which properties must be specified when this template is used to deploy an application service.
    When you use this template to create an application service, BIG-IQ uses your specifications to define the class properties that make up the AS3 declaration that deploys the application service. If you do not specify values for a property, the declaration uses default values from the AS3 JSON schema.
    • To specify a default value and make sure that BIG-IQ uses that value for that property, specify a value for that property, but do not select
      Editable
      .
    • To specify a default value but allow it to be changed when the template is used to deploy an application, specify a value for that property and select
      Editable
      .
    • To leave the default property value as is, but allow it to be specified during deployment, select
      Editable
      , but do not specify a default value for that property.
    Some AS3 classes support a different set of property fields depending on the type of schema used to parse the AS3 class definition. For these classes, you can choose the type of schema (
    Basic Schema
     or
    Advanced Schema
    ). Each schema type uses a different set of fields to specify the class. For these class properties you can toggle between the schema types to display the set of fields needed to specify the AS3 class to meet your business needs.
    When you configure properties that need to have a new value specified each time you use this template to deploy an application service, make sure they are
    Editable
    . Then, when you (or your designate) deploy this application service, it's obvious which properties to supply values for: If it is visible, supply a value.
    As you specify property values for each class, the JSON Detail area displays the AS3 declaration for that class as you have defined it.
    Templates often create objects that are used by other objects that are created in the same template. However, when you use these objects in your template, you need to use care. If you specify a name for an object, and also allow it to be edited, then when the application deploys, BIG-IQ looks for the name specified in the template. However, if you made the object editable, the person deploying the application service could edit that name to something else, in which case BIG-IQ will not find that object and the deployment fails. To ensure successful application deployment, the best practice is to leave editable objects in the template un-named so that the application deployer can use the name that best suits their need at the time.
  32. When you are ready to use a template to create an application, select it and click
    Publish
    .
    BIG-IQ changes this template to read-only status, so you can use it to create a new application service that deploys to your BIG-IP devices.
  33. If you are ready to use this template to create an application service, click
    Publish & Close
    .
    BIG-IQ changes this template to read-only status, so you can use it to create a new application service that deploys to your BIG-IP devices.
  34. If you are done with this template, but not ready to use it to create a new application service, click
    Save & Close
    .
  35. Blank Step
    BIG-IQ creates the application and deploys the application service to the target you specified.
When you to deploy an AS3 application service, BIG-IQ creates or updates the configuration objects defined by that service on the managed device you targeted. You can view these objects, as they perform their function as part of an application service, on the application services dashboard.
Before you can view these newly-deployed objects on the Configuration tab, you must rediscover and re-import services for each service impacted by the deployment. Keep in mind that objects deployed with AS3 are view-only on the Configuration tab. To make changes to these objects, you make changes to the AS3 application.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information