How to: Manage FAST applications using BIG-IP Next Central Manager

Overview

Use this procedure to create, modify, or delete FAST application services using BIG-IP Next Central Manager.

For more information about application observability after the application service is deployed and is receiving traffic (including details about application health, alerts, security, and traffic data), see Overview: Application Observability.

What role do templates play in deploying an application?

When you deploy an application service, you use a template that defines the parameters and values you want to specify for that application service. BIG-IP Next Central Manager includes a default template that is designed for a variety of use cases. This template is not considered to be ready for production use; instead, it is intended to serve as a starting point.

A FAST template is a powerful tool because you can use specific parameters to customize an application service. When you create a template that uses this feature, you replace static, hard-coded parameters with variables that you fill in when you use this template to deploy an application service.

For more information on FAST templates, refer to F5 Application Services Templates. You can also see the schema reference for a list of available BIG-IP AS3 configuration objects.

Prerequisites

  • You must have Administrator or Application Manager user credentials to manage application services. Users with Instance Manager or Auditor credentials have read-only access to application services.

  • If you plan to use a template to create an application service, you need to decide which template you’re going to use. There are three options:

    • Use the fields on the standard template to specify the application service you want to create.

    • Clone the default template and revise it so it defines the application service you want to create.

    • Create a new template that defines the application service you want to create.
      For details on how to work with templates, refer to Manage FAST templates.

  • Parameter details (for example, server names or addresses, pool names, and pool member addresses or names) that are required by the application template you plan to use for this application service.

  • If you intend to attach a certificate to your application, you need to know the name of the certificate you plan to use. For details about managing certificates and keys, refer to: How to: Manage Instance Certificates and Keys using BIG-IP Next Central Manager.

  • You must be managing the BIG-IP Next instance you plan to deploy the application service to. For details, refer to How to: Create a BIG-IP Next instance in a VMware vSphere environment using an onboarding template.

Create an application service with multiple virtual servers

Use this procedure to create an application service with multiple virtual servers.

Use the BIG-IP Next Central Manager UI to deploy a new application if you have not created your own template

Use this procedure to deploy a new application service to a managed BIG-IP Next instance from the UI. This workflow creates an application service with multiple virtual servers. For example, you could specify one virtual server and pool for HTTP connections and  a second server and pool to handle HTTPS connections. You could also configure an application service with just one virtual server, but set it up with multiple pools. Just repeat the relevant steps to get to the configuration you are trying to create.

These steps assume you have not created your own applications service template.

  1. Log in to BIG-IP Next Central Manager, click the Workspace icon next to the F5 logo, and then click Applications.

  2. If this is the first application service you are adding to BIG-IP Next Central Manager, click Start Adding Apps. Otherwise, at the top of the screen, click Add Application.

  3. Under What kind of Application Service are you creating, specify which type you are creating.

    • To create a standard application service, select Standard.

    • To create an application service using a template, select From Template.

    • To create an application service from editor, select From Editor (AS3).

  4. Select Standard and write the Application Service Name.

  5. Click Start Creating.
    The Application Service Properties screen opens.

  6. For the Description, specify a description of the application service and then click Start Creating.
    The Virtual Servers tab of the Application Service Properties screen opens.
    To enable global resiliency, refer to How to: Enable a Global Resiliency

    Note: To create a virtual server, begin by setting up the application pools.

  7. Click the Pools tab. For more information about Pools, refer to About Pool and Pool Members.
    The Pools tab opens so you can specify the pools the application service will use.

    1. Click + Create to create a new pool.

    2. For the Pool Name, specify a name for the pool.

    3. Specify the Service Port to use for this pool.

    4. Select a Load-Balancing Mode for the pool from the dropdown.

    5. Select Monitor Type for the pool from the dropdown. To view, edit, or create a pool health monitor:

      1. Select Manage Monitors field. Refer to the Monitor Management page for more information on different monitors.

      2. Click the monitor name to view the monitor properties.

      3. To modify the monitor properties, or create a new monitor, click the edit button to the top right of the panel.

        Note: Default monitor settings cannot be changed. You can save the new monitor settings under a different name to create a custom monitor, which can be used in multiple pools.

      4. When you complete your changes, click Save. If you are editing a default monitor, or Save As you wish to create a custom monitor.

      5. The monitor settings are updated in the Monitors list.

  8. Click the Virtual Servers tab. For more information for Virtual Servers, refer to About Virtual Servers.
    The Virtual Servers tab opens.

    1. For the Virtual Server Name, specify a name for the virtual server.

    2. For the Virtual Port, specify the port number to use to access the virtual server.

    3. For Pool, select the pool that you want this virtual server to use.

    4. Select the Type from the dropdown.

    5. To specify Protocols or Profiles, click the edit icon under Protocols & Profiles. For more information on Protocols and profiles, refer to About Protocols and Profiles.
      The Protocols screen opens.

      1. Select the protocols you want to enable.

      2. If the protocol you selected requires a certificate, a field displays so you can choose one.

      3. When you have specified the protocols and profiles needed, click Save to return to the Application Service Properties screen.

    6. To specify security policies, click the edit icon under Security Policies. For more information on security policies, refer to About Security Policies in Virtual Servers.
      The Security Policies screen opens.

      Note: To control traffic managed by a security policy through specified VLANs configured to an instance’s network, see step 13 in the Review & Deploy process of application service creation.

      • To specify a WAF policy:

        1. Click Use a WAF Policy.

        2. Select the WAF Policy Name for the application service. Click Create to create a new WAF policy or click Clone to clone a selected policy. For more information about properties while creating a WAF policy, refer to Create a new WAF policy.

      • To specify an Access policy:

        1. Click Use an Access Policy.

        2. Select the Access Policy Name for the application service, you can also select per request access policy for the application. The drop-down lists the available access policies, to create an access policy, refer to How To: Create and manage policies using BIG-IP Central Manager.

      • To specify a SSL Orchestrator Policy:

        1. Click Use an SSL Orchestrator Policy.

        2. Select the SSLO Policy Name for the application service. The drop-down lists the available SSLO policies, to create a new SSLO policy, refer to How to: Manage Security Policies.

      • To specify a SSL Orchestrator Static Service Chain:

        1. Click Use an SSL Orchestrator Static Service Chain.

        2. Select the one or more inspection services or click Start Adding to add the inspection services for the application service. To know more about inspection services and how to create inspection services, refer to Overview: Inspection Services.

      • When you have specified the policies needed, click Save to return to the Application Service Properties screen.

    7. To specify iRules, click the edit icon under iRules. For more information on iRules, refer to About iRules in Virtual Servers.
      The iRules screen opens.

      1. To Enable iRules, click Use iRules.

      2. To specify iRules for this application service, click Add.

      3. Use the controls to specify the iRules (and version) for this application service and arrange the order in which they run.

      4. When the iRules are correctly specified, click Save to return to the Application Service Properties screen.

  9. Repeat step 8 to specify settings for additional virtual servers as needed.

  10. When you finish specifying settings for the application service, click Review & Deploy.
    The Deploy panel opens.

  11. Click Start Adding and then select the instances to which you want to deploy the application service, then click Add to List.
    The Deploy screen opens.

  12. For each instance/location you added in the previous step, under Virtual Address, specify the IP address(es) of the virtual server(s).

  13. Add Pool Members for each pool. For more information on Pool Members, refer to Manage Pool Members

    1. For the first pool, click the down arrow under Members, then click the + Pool Members button.
      The Pool Members (endpoints) panel opens.

    2. Click Add Row and then specify a Name and IP Address for the first pool member.

    3. To add additional members, click Add Row again.

    4. When you finish adding pool members, click Save.

    5. Repeat sub-steps 13.1 - 13.4 to add pool members for each pool.

  14. (Optional) Enable VLANs for each virtual server to control security security traffic through your instance’s network configuration:

    1. Click the icon found in the virtual server row of the Configure column.
      The Network panel opens.
      Note: You can only enable either VLANs or VRFs, not both simultaneously.

    2. Toggle the Enable VLAN’s button and choose the appropriate VLANs from the Enable VLANs to listen on dropdown menu to set up a client device or network interface to detect and manage traffic coming from specific VLANs. The default VLAN options are the list of VLANs that are available in the instance.

      Note: See your instance’s Network & Proxy settings to manage the instance’s VLANs.

    3. Toggle the Enable VRF’s button and choose the appropriate VRF from the VRF’s dropdown menu.

      1. Default is the pre-configured VRF.

        Note: The VRF’s will be disabled if you toggle the Enable VLANs on VRF(s) button.

      2. Toggle the Enable VLANs on VRF(s) button, then ‌the traffic within that VLAN is handled according to the routing policies defined in the associated VRF.

    4. Auto Last Hop is a feature that, when activated, allows the BIG-IP Next to send return traffic from pools to the MAC address of the original client, regardless of the network or interface listed in the routing table. This ensures that the client receives the return traffic even if there is no corresponding route, such as when the BIG-IP Next does not have a default route and the client is on a remote network. This feature is especially useful for load-balancing transparent devices that do not modify the source IP address of packets. Without Auto Last Hop, there is a risk of asymmetric routing if the BIG-IP Next sends return traffic to a different transparent node. In this feature, you can either:

      1. Enable, by default this is enabled.

      2. Disable

    5. Click Save.

  15. Repeat steps 14.1-14.4 to enable VLANs for each virtual server.

  16. To validate your pre-deployment updates for an instance, click Actions and select Validate.
    You can click Validate All to validate all changes on all instances. Once the validation is complete, you can click View Results to review the deployment details.

  17. When you finish adding pre-deployment configurations, click Deploy Changes.
    The Deploy Application Service screen displays a summary of the changes to be deployed.

  18. Click Yes Deploy to complete the deployment.

Use the BIG-IP Next Central Manager UI to deploy a new application service if you have created your own template

Use this procedure to deploy a new application service to a managed BIG-IP Next instance from the UI. This workflow creates an application service with multiple virtual servers. For example, you could specify one virtual server and pool for HTTP connections and  a second server and pool to handle HTTPS connections. You could also configure an application service with just one virtual server, but set it up with multiple pools. Just repeat the relevant steps to get to the configuration you are trying to create.

These steps assume you have created your own application services template.

  1. Log in to BIG-IP Next Central Manager, click the Workspace icon next to the F5 logo, and then click Applications.

  2. If this is the first application service you are adding to BIG-IP Next Central Manager, click Start Adding Apps. Otherwise, at the top of the screen, click Add Application.

  3. Under What kind of Application Service are you creating, specify which type you are creating.

    • To create a standard application service, select Standard.

    • To create an application service using a template, select From Template.

    • To create an application service from editor, select From Editor (AS3).

  4. Select From Template and write the Application Service Name.

  5. Click Start Creating.
    The What kind of App are you creating? page opens.

  6. Select the Applcation Template from the dropdown and click Start Creating The Application Service Properties screen opens.

  7. For the Description, specify a description of the application service and then click Start Creating.
    The Virtual Servers tab of the Application Service Properties screen opens.
    To enable global resiliency, refer to How to: Enable a Global Resiliency

    Note: To create a virtual server, begin by setting up the application pools.

  8. Click the Pools tab. For more information about Pools, refer to About Pool and Pool Members.
    The Pools tab opens so you can specify the pools the application service will use.

    1. Click + Create to create a new pool.

    2. For the Pool Name, specify a name for the pool.

    3. Specify the Service Port to use for this pool.

    4. Select a Load-Balancing Mode for the pool from the dropdown.

    5. Select Monitor Type for the pool from the dropdown. To view, edit, or create a pool health monitor:

      1. Select Manage Monitors field. Refer to the Monitor Management page for more information on different monitors.

      2. Click the monitor name to view the monitor properties.

      3. To modify the monitor properties, or create a new monitor, click the edit button to the top right of the panel.

        Note: Default monitor settings cannot be changed. You can save the new monitor settings under a different name to create a custom monitor, which can be used in multiple pools.

      4. When you complete your changes, click Save. If you are editing a default monitor, or Save As you wish to create a custom monitor.

      5. The monitor settings are updated in the Monitors list.

  9. Click the Virtual Servers tab. For more information for Virtual Servers, refer to About Virtual Servers.
    The Virtual Servers tab opens.

    1. For the Virtual Server Name, specify a name for the virtual server.

    2. For the Virtual Port, specify the port number to use to access the virtual server.

    3. For Pool, select the pool that you want this virtual server to use.

    4. Select the Type from the dropdown.

    5. To specify Protocols or Profiles, click the edit icon under Protocols & Profiles. For more information on Protocols and profiles, refer to About Protocols and Profiles.
      The Protocols screen opens.

      1. Select the protocols you want to enable.

      2. If the protocol you selected requires a certificate, a field displays so you can choose one.

      3. When you have specified the protocols and profiles needed, click Save to return to the Application Service Properties screen.

    6. To specify security policies, click the edit icon under Security Policies. For more information on security policies, refer to About Security Policies in Virtual Servers.
      The Security Policies screen opens.

      Note: To control traffic managed by a security policy through specified VLANs configured to an instance’s network, see step 15 in the Review & Deploy process of application service creation.

      • To specify a WAF policy:

        1. Click Use a WAF Policy.

        2. Select the WAF Policy Name for the application service. Click Create to create a new WAF policy or click Clone to clone a selected policy. For more information about properties while creating a WAF policy, refer to Create a new WAF policy.

      • To specify an Access policy:

        1. Click Use an Access Policy.

        2. Select the Access Policy Name for the application service, you can also select per request access policy for the application. The drop-down lists the available access policies, to create an access policy, refer to How To: Create and manage policies using BIG-IP Central Manager.

      • To specify a SSL Orchestrator Policy:

        1. Click Use an SSL Orchestrator Policy.

        2. Select the SSLO Policy Name for the application service. The drop-down lists the available SSLO policies, to create a new SSLO policy, refer to How to: Manage Security Policies.

      • To specify a SSL Orchestrator Static Service Chain:

        1. Click Use an SSL Orchestrator Static Service Chain.

        2. Select the one or more inspection services or click Start Adding to add the inspection services for the application service. To know more about inspection services and how to create inspection services, refer to Overview: Inspection Services.

      • When you have specified the policies needed, click Save to return to the Application Service Properties screen.

    7. To specify iRules, click the edit icon under iRules. For more information on iRules, refer to About iRules in Virtual Servers.
      The iRules screen opens.

      1. To Enable iRules, click Use iRules.

      2. To specify iRules for this application service, click Add.

      3. Use the controls to specify the iRules (and version) for this application service and arrange the order in which they run.

      4. When the iRules are correctly specified, click Save to return to the Application Service Properties screen.

  10. Repeat step 9 to specify settings for additional virtual servers as needed.

  11. When you finish specifying settings for the application service, click Review & Deploy.
    The Deploy panel opens.

  12. Click Start Adding and then select the instances to which you want to deploy the application service, then click Add to List.
    The Deploy screen opens.

  13. For each instance/location you added in the previous step, under Virtual Address, specify the IP address(es) of the virtual server(s).

  14. Add Pool Members for each pool. For more information on Pool Members, refer to Manage Pool Members

    1. For the first pool, click the down arrow under Members, then click the + Pool Members button.
      The Pool Members (endpoints) panel opens.

    2. Click Add Row and then specify a Name and IP Address for the first pool member.

    3. To add additional members, click Add Row again.

    4. When you finish adding pool members, click Save.

    5. Repeat sub-steps 14.1 - 14.4 to add pool members for each pool.

  15. (Optional) Enable VLANs for each virtual server to control security security traffic through your instance’s network configuration:

    1. Click the icon found in the virtual server row of the Configure column.
      The Network panel opens.
      Note: You can only enable either VLANs or VRFs, not both simultaneously.

    2. Toggle the Enable VLAN’s button and choose the appropriate VLANs from the Enable VLANs to listen on dropdown menu to set up a client device or network interface to detect and manage traffic coming from specific VLANs. The default VLAN options are the list of VLANs that are available in the instance.

      Note: See your instance’s Network & Proxy settings to manage the instance’s VLANs.

    3. Toggle the Enable VRF’s button and choose the appropriate VRF from the VRF’s dropdown menu.

      1. Default is the pre-configured VRF.

        Note: The VRF’s will be disabled if you toggle the Enable VLANs on VRF(s) button.

      2. Toggle the Enable VLANs on VRF(s) button, then ‌the traffic within that VLAN is handled according to the routing policies defined in the associated VRF.

    4. Auto Last Hop is a feature that, when activated, allows the BIG-IP Next to send return traffic from pools to the MAC address of the original client, regardless of the network or interface listed in the routing table. This ensures that the client receives the return traffic even if there is no corresponding route, such as when the BIG-IP Next does not have a default route and the client is on a remote network. This feature is especially useful for load-balancing transparent devices that do not modify the source IP address of packets. Without Auto Last Hop, there is a risk of asymmetric routing if the BIG-IP Next sends return traffic to a different transparent node. In this feature, you can either:

      1. Enable, by default this is enabled.

      2. Disable

    5. Click Save.

  16. Repeat steps 15.1-15.4 to enable VLANs for each virtual server.

  17. To validate your pre-deployment updates for an instance, click Actions and select Validate.
    You can click Validate All to validate all changes on all instances. Once the validation is complete, you can click View Results to review the deployment details.

  18. When you finish adding pre-deployment configurations, click Deploy Changes.
    The Deploy Application Service screen displays a summary of the changes to be deployed.

  19. Click Yes Deploy to complete the deployment.

Use the BIG-IP Next Central Manager API to deploy a new application

Use this procedure to deploy a new application service to a managed BIG-IP Next instance using the BIG-IP Next Central Manager API.

  1. Authenticate with the BIG-IP Next Central Manager API. For details refer to How to: Authenticate with the BIG-IP Next Central Manager API.

  2. Create the application service by sending a Post to the /api/v1/spaces/default/appsvcs/blueprints endpoint.

    POST https://<big-ip_next_cm_mgmt_ip>/api/v1/spaces/default/appsvcs/blueprints
    

    For the API body, use the following, substituting values appropriate for the application service you want to create.

    {
      "name": "app1",
      "set_name": "Examples",
      "template_name": "http",
      "parameters": {
        "globalResiliency": false,
        "pools": [
          {
            "servicePort": 80,
            "loadBalancingMode": "round-robin",
            "monitorType": [
              "http"
            ],
            "poolName": "pool01"
          }
        ],
        "virtuals": [
          {
            "virtualPort": 80,
            "virtualName": "vs01",
            "pool": "pool01"
          }
        ],
        "application_description": "application 01",
        "application_name": "app1"
      }
    }
    
  3. Deploy the application service by sending a Post to the /api/v1/spaces/default/appsvcs/blueprints/<id>/deployments endpoint.

    POST https://<big-ip_next_cm_mgmt_ip>/api/v1/spaces/default/appsvcs/blueprints/<id>/deployments
    

    For the API body, use the following, substituting values appropriate for the application service you want to deploy.

{
  "deployments": [
    {
      "parameters": {
        "pools": [
          {
            "poolName": "pool01",
            "poolMembers": [
              {
                "name": "member01",
                "address": "198.51.100.10"
              },
              {
                "name": "member02",
                "address": "198.51.100.11"
              }
            ]
          }
        ],
        "virtuals": [
          {
            "virtualName": "vs01",
            "virtualAddress": "192.0.2.10"
          }
        ]
      },
      "target": {
        "address": "203.0.113.10"
      },
      "allow_overwrite": true
    }
  ]
}

To know more about various use cases for FAST Application services, refer to FAST Application Examples for BIG-IP Next Central Manager.

Modify an application service

After you deploy an application service, there are some things that you cannot modify (the name of the application service, the tenant, or the template used to deploy the application service), but you can edit the other parameter values.

Use the BIG-IP Next Central Manager UI to modify an application

Use the following procedure to modify an application service using the BIG-IP Next Central Manager user interface.

For more information about reviewing the configuration map and drilling down into application service component details, see How to: Monitor application service health, configuration, and performance.

  1. Log in to BIG-IP Next Central Manager as admin, click the Workspace icon, and then click Applications.

  2. Select the name of the application service that you want to edit.
    BIG-IP Next Central Manager opens the application service panel.

  3. On the top right of the panel, click Edit.

  4. Locate the parameter(s) you want to change and select (or type) the new value.

  5. To validate your updates for an instance, click Actions and select Validate.
    You can click Validate All to validate all changes on all instances. Once the validation is complete, you can click View Results to review the deployment details.

  6. When the test completes satisfactorily, click Deploy to complete your edits to this application.
    BIG-IP Next Central Manager redeploys the application service, using the revised parameters that you specified.

Use the BIG-IP Next Central Manager API to modify an application

Use the following procedure to modify an application service using the BIG-IP Next Central Manager API.

  1. Authenticate with the BIG-IP Next Central Manager API. For details refer to How to: Authenticate with the BIG-IP Next Central Manager API.

  2. Modify the application service by sending a PATCH to the /api/v1/spaces/default/appsvcs/blueprints/<id> endpoint.

    PATCH https://<big-ip_next_cm_mgmt_ip>/api/v1/spaces/default/appsvcs/blueprints/<id>
    

    For the API body, use the following, substituting values appropriate for the application you want to modify:

    {
    "existing_deployments": [
       {
          "deployment_id": "7d0450c5-9f65-42d0-b3b4-b3f6b7470834",
          "parameters": {
          "pools": [
             {
                "poolName": "pool01",
                "poolMembers": [
                {
                   "name": "member01",
                   "address": "198.51.100.100"
                },
                {
                   "name": "member02",
                   "address": "198.51.100.101"
                }
                ]
             }
          ],
          "virtuals": [
             {
                "virtualName": "vs01",
                "virtualAddress": "192.0.2.10"
             }
          ]
          },
          "target": {
          "address": "203.0.113.10"
          }
       }
    ],
    "new_deployments": [],
    "delete_deployments": []
    }
    

Delete an application service

Use this procedure to remove an application service that resides on a managed BIG-IP Next instance.

Use the BIG-IP Next Central Manager UI to delete an application

  1. Log in to BIG-IP Next Central Manager as admin, click the Workspace icon, and then click Applications.

  2. Select the checkbox next to the name of the application service that you want to delete.

  3. At the top of the screen, click (Delete) Delete.

  4. In the Confirm Delete popup, click Delete.
    BIG-IP Next Central Manager removes the selected application service.

Use the BIG-IP Next Central Manager API to delete an application

To delete an application service using the API, you send a Delete to the /api/v1/spaces/default/appsvcs/blueprints/<id> endpoint.

  1. Authenticate with the BIG-IP Next Central Manager API. For details refer to How to: Authenticate with the BIG-IP Next Central Manager API.

  2. Delete the application service by sending a Delete to the /api/v1/spaces/default/appsvcs/blueprints/<id> endpoint. You must include the application service ID in your post.

    DELETE https://<big-ip_next_cm_mgmt_ip>/api/v1/spaces/default/appsvcs/blueprints/<id>
    

    No body is necessary for a Delete call.

Monitor application service alerts

If your application service’s virtual server, pool, or pool members (endpoints) are disabled or offline that can impact the ability of your application service to manage, protect, or provide services to your application services. A disabled/offline pool member will impact your application service’s health status.

You can use active alerts to find out more information about the application service’s pool members that are currently disabled or offline.

For more information about active alerts, see Reference: Application dashboard.

Use the following procedure to review alerts to an application service:

  1. Log in to BIG-IP Next Central Manager as admin, click the Workspace icon, and then click Applications.

  2. Select the name of the application service that you want to edit.
    BIG-IP Next Central Manager opens the application service panel.

  3. Click the bell icon () in the Active Alerts area at the top of the screen.

From the Alerts & Notifications panel you can review the list of all active alerts to your application services. You can click the Summary of the alert to view additional details about the alert.

For more information about alerts and alert management, see How to: Manage Alerts and Notifications on BIG-IP Next Central Manager.

Filtering application services

Create advanced filters to refine the application services shown. With advanced filters you can stack captured application service details with inclusive and exclusive operators.

  1. Log in to BIG-IP Next Central Manager as admin, click the Workspace icon, and then click Applications.

  2. Click + Add Filter.

  3. Select an application service detail from the list. You can type in key words to filter the option list.

  4. Select an operator from the list to determine whether the list filters the selection in or out. You must select an operator.

  5. Select or enter an application service detail to filter.

    Note: The My Application Services list updates immediately.

  6. To add more filters, click + Add Filter, and repeat the selection process.

The My Application Services list is refined according to the completed filter options. You can clear the filters by clicking X Clear All to the right of the filter list. See image below for adding and clearing filters with no results: