Manual Chapter : Reference

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 5.2.0
Manual Chapter

About iApps and Access

On a BIG-IP® system, a configuration that is created using an iApp can be updated only by using the same iApp. Access does not support iApps®. Access does not import, manage, or deploy resources that were created using an iApp.

Shared configuration resources

The tables list configurations that are shared or can be made shared.

Table 1. Access policies and related resources
Resource Description
Policies Access policies
Profiles Properties for the session
CAPTCHA configurations Specifies the CAPTCHA service
NTLM Auth Configuration Used to authenticate Exchange applications
Table 2. AAA servers
Resource Description
RADIUS* RADIUS accounting and RADIUS authentication
LDAP* LDAP and LDAPs authentication; LDAP queries
Active Directory* Active Directory authentication and query
Active Directory Trusted Domains Authenticate users across all trusted domains or forests for a customer
SecurID* RSA SecurID authentication
HTTP* HTTPS authentication; HTTP Basic/NTLM authentication
Oracle Access Manager* Native integration with Oracle Access Manager
OCSP Responder* Machine certificate revocation status; user certificate revocation status
CRLDP* Retrieve Certificate Revocation Lists from network locations (Distribution Points)
TACACS+* TACACS+ authentication and accounting
Kerberos* Kerberos end-user login; basic or Kerberos authentication
SAML* External SAML Identity Provider for the BIG-IP® system, as a SAML service provider, to communicate with
Endpoint Management Systems* Server properties
*This resource is device-specific but can be made shared
Table 3. ACLs
Resource Description
User-defined ACLs* ACLs that users create
All ACLs* The order of system-defined and user-defined ACLs
*This resource is device-specific but can be made shared
Table 4. SSO Configurations
Resource Description
HTTP Basic Single sign-on (SSO) using cached user identity and authorization header
NTLMV1 Challenge-response; proves user identity without sending password to server
NTLMV2 Challenge-response; proves user identity without sending password to server
Kerberos Transparent authentication of users to Windows Web application servers (IIS) joined to Active Directory domain
Forms Detects start URL match and uses cached user identity to construct and send HTTP form-based post request on behalf of the user
Forms - Client Initiated Detects login page request, puts generated JavaScript code into login page, and returns it to client, where it is automatically submitted by the inserted JavaScript
SAML SAML local Identity Provider (IdP) service is a type of SSO service that BIG-IP, configured as an IdP, provides
Table 5. SAML
Resource Description
Local SP Services BIG-IP system as Service Provider (SP) provides SP services
External IdP Connectors BIG-IP system as SP relies on external Identity Providers (IdPs) for authentication
Local IdP Services BIG-IP system as IdP provides SSO authentication services
External SP Connectors BIG-IP system as IdP works with external SPs
Artifact Resolution Services* Supports SAML artifacts on a BIG-IP system configured as a SAML IdP
BIG-IP IdP Automation Supports configuration automation
SAML Resources Resources to support the SAML configuration
*This resource is device-specific but can be made shared
Table 6. Local User DB
Resource Description
Manage Instances Local user database instances
Table 7. Hosted Content
Resource Description
Manage Files Hosted content files
Manage Profile Access Access control for hosted content files using access profiles
Table 8. Webtops
Resource Description
Webtops Webtop used in Portal Access or Network Access
Webtop Links Links for inclusion on a webtop
Webtop Sections Sections to organize content on a webtop
Table 9. Secure Web Gateway
Resource Description
URL Categories URL categories
URL Filters URL filters
Applications System-defined list of applications
Application Filters User-defined application filters
Report Settings Sets up statistics (for use with SWG subscription service)
Table 10. Network Access
Resource Description
Network Access resource* A Network Access resource allows user access to the local network through a secure VPN tunnel
Lease Pools* IPV4 or IPV6 lease pools associate a group of IP addresses with a Network Access resource
Client Traffic Classifiers* Used to shape traffic for Network Access client connections from Windows
Client Rate Classes Base and peak rates for traffic; associated with a client traffic classifier
*This resource is device-specific but can be made shared
Table 11. Application Access
Resource Description
App Tunnels* Provide secure, application-level TCP/IP connections from a client to the network
Remote Desktops* Allow users to access internal servers (Citrix, VMware View Connection, or Microsoft Remote Desktop) in virtual desktop sessions
VDI Profiles Virtual desktop interface profile for a remote desktop configuration
Citrix Bundles Hosted content used to deliver a Citrix Receiver client to a user's Windows computer
Microsoft Exchange Profile for Microsoft Exchange application authentication
*This resource is device-specific but can be made shared
Table 12. Portal Access
Resource Description
Portal Access resources* Provide user access to internal web applications with a web browser from outside the network
Rewrite profiles An LTM profile treated as a shared resource
*This resource is device-specific but can be made shared
Table 13. Resources that are not grouped in the user interface
Resource Description
Per-Request Policies Policies that run for requests made after a session is established
Secure Connectivity Connectivity profile for remote access
Event Logs Settings Log settings for APM, components within APM, and SWG
Table 14. Bandwidth Controllers
Resource Description
Policies A resource configured outside of APM at the system level and that is treated as a shared resource in Access.
Priority Groups A resource configured outside of APM at the system level and that is treated as a shared resource in Access.

Device-specific configuration resources

Theses tables list device-specific resources.

Table 15. AAA servers
Resource Description
RADIUS* RADIUS accounting and RADIUS authentication
LDAP* LDAP and LDAPs authentication; LDAP queries
Active Directory* Active Directory authentication and query
SecurID* RSA SecurID authentication
HTTP* HTTPS authentication; HTTP Basic/NTLM authentication
Oracle Access Manager* Native integration with Oracle Access Manager
OCSP Responder* Machine certificate revocation status; user certificate revocation status
CRLDP* Retrieve Certificate Revocation Lists from network locations (Distribution Points)
TACACS+* TACACS+ authentication and accounting
Kerberos* Kerberos end-user login; basic or Kerberos authentication
SAML* External SAML Identity Provider for the BIG-IP® system, as a SAML service provider, to communicate with
Endpoint Management Systems* Server properties
*This resource is device-specific but can be made shared
Table 16. ACLs
Resource Description
User-defined ACLs* ACLs that users create
All ACLs* The order of system-defined and user-defined ACLs
*This resource is device-specific but can be made shared
Table 17. SAML
Resource Description
Artifact Resolution Services* Supports SAML artifacts on a BIG-IP system configured as a SAML IdP
*This resource is device-specific but can be made shared
Table 18. Network Access
Resource Description
Network Access resource* A Network Access resource allows user access to the local network through a secure VPN tunnel
Lease Pools* IPV4 or IPV6 lease pools associate a group of IP addresses with a Network Access resource
Client Traffic Classifiers* Used to shape traffic for Network Access client connections from Windows
*This resource is device-specific but can be made shared
Table 19. Application Access
Resource Description
App Tunnels* Provide secure, application-level TCP/IP connections from a client to the network
Remote Desktops* Allow users to access internal servers (Citrix, VMware View Connection, or Microsoft Remote Desktop) in virtual desktop sessions
*This resource is device-specific but can be made shared
Table 20. Portal Access
Resource Description
Portal Access resources* Provide user access to internal web applications with a web browser from outside the network
*This resource is device-specific but can be made shared
Table 21. Portal Access resources that can be device-specific or made shared
Resource Description
Machine Account For Microsoft Exchange clients that use NTLM authentication