How to: Manage applications using BIG-IP Next Central Manager and FAST templates¶
Overview¶
Use this procedure to create, modify, or delete application services using a template on the BIG-IP Next Central Manager.
For more information about application observability after the application service is deployed and receiving traffic (including details about application health, alerts, security, and traffic data), see Overview: Application Observability.
What role do templates play in deploying an application?¶
When you deploy an application service, you use a template that defines the parameters and values you want to specify for that application service. BIG-IP Next Central Manager includes a default template that is designed for a variety of use cases. This template is not considered to be ready for production use; instead, it is intended as a place to start.
A FAST template is a powerful tool because you can use specific parameters to customize an application service. When you create a template that uses this feature, you replace static, hard-coded parameters with variables that you fill in when you use this template to deploy an application service.
For more information on FAST templates, refer to F5 Application Services Templates. You can also see the schema reference for a list of available BIG-IP configuration objects.
Prerequisites¶
You must have Administrator or Application Manager user credentials to manage application services. Users with Instance Manager or Auditor credentials have read-only access to application services.
If you plan to use an template to create an application service, you need to decide which template you’re going to use. There are three options:
Use the fields on the standard template to specify the application service you want to create.
Clone the default template and revise it so it defines the application service you want to create.
Create a new template that defines the application service you want to create.
For details on how to work with templates, refer to Manage FAST templates.
Parameter details (for example, server names or addresses, pool names, and pool member addresses or names) that are required by the application template you plan to use for this application service.
If you intend to attach a certificate to your application, you need to know the name of the certificate you plan to use. For details about managing certificates and keys, refer to: How to: Manage Instance Certificates and Keys using BIG-IP Next Central Manager.
You must be managing the BIG-IP Next instance you plan to deploy the application service to. For details, refer to How to: Create a BIG-IP Next instance in a VMware vSphere environment using an onboarding template.
Procedures¶
Create an application service with multiple virtual servers¶
You can use either the user interface (UI) or the application programming interface (API) to create an application service.
Use the BIG-IP Next Central Manager UI to deploy a new application if you have not created your own template¶
Use this procedure to deploy a new application service to a managed BIG-IP Next instance from the UI. This workflow creates an application service with multiple virtual servers. For example, you could specify one virtual server and pool for HTTP connections and a second server and pool to handle HTTPS connections. You could also configure an application service with just one virtual server, but set it up with multiple pools. Just repeat the relevant steps to get to the configuration you are trying to create.
These steps assume you have not created your own applications service template.
Log in to BIG-IP Next Central Manager, click the Workspace icon next to the F5 logo, and then click Applications.
If this is the first application service you are adding to BIG-IP Next Central Manager, click Start Adding Apps. Otherwise, at the top of the screen, click Add Application.
For Application Service Name, specify a name for the application service.
Under What kind of Application Service are you creating, specify which type you are creating.
To create a standard application service, click Standard, and then click Start Creating.
The Application Service Properties screen opens.To create an application service using a template, click From Template, and then click Select Template.
Under Application Template select a template, and then click Start Creating.
The Application Service Properties screen opens.
For the Description, specify a description of the application service and then click Start Creating.
The Virtual Servers tab of the Application Service Properties screen opens.
To enable global resiliency, refer to How to: Enable a Global ResiliencyClick the Pools tab.
The Pools tab opens so you can specify the pools the application service will use.For the Name of pool, specify a name for the pool.
Specify the Service Port to use for this pool.
Select a Load-Balancing Mode for the pool.
Select Monitors for the pool.
To view, edit, or create a pool health monitor:
Select the icon to the right of the Monitors field.
Click the monitor name to view the monitor properties.
To modify the monitor properties, or create a new monitor, click the edit button to the top right of the panel.
Note: Default monitor settings cannot be changed. You can save the new monitor settings under a different name to create a custom monitor, which can be used in multiple pools. Note: Monitor types can contain different settings.
Interval (in seconds) - The time period of connection attempts before the server marks the pool member as down.
Timeout (in seconds)- The timeout for a monitor request to the server.
Send string and Receive String - Specifies the string value for the monitor to send, and the expected received value.
Receive Disable String - A value used in conjunction with the Receive String value to determine the endpoint state. When configured, this adds a second monitor response match to determine the endpoint state.
Username and Password - Values are not provided by default. These are optional fields that are not required.
(Inband) Failures - The number of failures (TCP RSTs or delayed responses) in a Failure Interval that trigger a down state.
(Inband) Failure Interval (in seconds) - The time period in which the allowed number of failures must occur to trigger a down state.
(Inband) Response Time (in seconds) - The time period in which the endpoint must respond to a packet from the BIG-IP system before the packet is delayed and a failure.
(Inband) Retry time (in seconds) - The time period before a reconnection attempt is selnd to the endpoint for load balancing, when the endpoint is in a down state.
When you complete your changes, click Save. If you are editing a default monitor, or Save As you wish to create a custom monitor.
The monitor settings are updated in the Monitors list.
Click the Virtual Servers tab.
The Virtual Servers tab opens.For the Virtual Server Name, specify a name for the virtual server.
For Pool, select the pool that you want this virtual server to use.
For the Virtual Port, specify the port number to use to access the virtual server.
To specify Protocols or Profiles, click the edit icon under Protocols & Profiles.
The Protocols screen opens.Select the protocols you want to enable.
If the protocol you selected requires a certificate, a field displays so you can choose one.
When you have specified the protocols and profiles needed, click Save to return to the Application Service Properties screen.
To specify security policies, click the edit icon under Security Policies.
The Security Policies screen opens.Note: To control traffic managed by a security policy through specified VLANs configured to an instance’s network, see step 23 in the Review & Deploy process of application service creation.
To specify a WAF policy:
Click Use a WAF Policy.
Select the WAF Policy Name for the application service.
To specify an Access policy:
Click Use an Access Policy.
Select the Access Policy Name for the application service.
When you have specified the policies needed, click Save to return to the Application Service Properties screen.
To specify iRules, click the edit icon under iRules.
The iRules screen opens.To Enable iRules, click Use iRules.
To specify iRules for this application service, click Add.
Use the controls to specify the iRules (and version) for this application service and arrange the order in which they run.
When the iRules are correctly specified, click Save to return to the Application Service Properties screen.
Repeat steps 11-16 to specify settings for additional virtual servers as needed.
When you finish specifying settings for the application service, click Review & Deploy.
The Instance/Locations panel opens.Click Start Adding and then select the instances to which you want to deploy the application service, then click Add to List.
The Deploy screen opens.For each instance/location you added in the previous step, under Virtual Address, specify the IP address(es) of the virtual server(s).
Add Pool Members for each pool.
For the first pool, click the down arrow under Members, then click the + Pool Members button.
The Pool Members (endpoints) panel opens.Click Add Row and then specify a Name and IP Address for the first pool member.
To add additional members, click Add Row again.
When you finish adding pool members, click Save.
Repeat sub-steps 22.1 - 22.4 to add pool members for each pool.
(Optional) Enable VLANs for each virtual server to control security security traffic through your instance’s network configuration:
Click the icon found in the virtual server row of the Configure column.
The Network panel opens.Toggle to the Enable VLANs to listen on button.
Select one or more VLANs configured to the instance’s network settings.
See your instance’s Network & Proxy settings to manage the instance’s VLANs.
Click Save.
Repeat steps 23.1-23.4 to enable VLANs for each virtual server.
To validate your pre-deployment updates for an instance, click Actions and select Validate.
You can click Validate All to validate all changes on all instances. Once the validation is complete, you can click View Results to review the deployment details.When you finish adding pre-deployment configurations, click Deploy Changes.
The Deploy Application Service screen displays a summary of the changes to be deployed.Click Yes Deploy to complete the deployment.
Use the BIG-IP Next Central Manager UI to deploy a new application service if you have created your own template¶
Use this procedure to deploy a new application service to a managed BIG-IP Next instance from the UI. This workflow creates an application service with multiple virtual servers. For example, you could specify one virtual server and pool for HTTP connections and a second server and pool to handle HTTPS connections. You could also configure an application service with just one virtual server, but set it up with multiple pools. Just repeat the relevant steps to get to the configuration you are trying to create.
These steps assume you have created your own application services template.
Log in to BIG-IP Next Central Manager, click the Workspace icon next to the F5 logo, and then click Applications.
If this is the first application service you are adding to BIG-IP Next Central Manager, click Start Adding Apps. Otherwise, at the top of the screen, click Add Application.
For Application Service Name, specify a name for the application service.
Under What kind of Application Service are you creating, specify which type you are creating.
To create a standard application service, click Standard, and then click Start Creating.
The Application Service Properties screen opens.To create an application service using a template, click From Template, and then click Select Template.
Under Application Template select a template, and then click Start Creating.
The Application Service Properties screen opens.
For the Description, specify a description of the application service and then click Start Creating.
The Virtual Servers tab of the Application Service Properties screen opens.Click the Pools tab.
The Pools tab opens so you can specify the pools the application service will use.For the Name of pool, specify a name for the pool.
Specify the Service Port to use for this pool.
Select a Load-Balancing Mode for the pool.
Select a Monitor Type for the pool.
Click the Virtual Servers tab.
The Virtual Servers tab opens.For the Virtual Server Name, specify a name for the virtual server.
For Pool, select the pool that you want this virtual server to use.
For the Virtual Port, specify the port number to use to access the virtual server.
To specify Protocols or Profiles, click the edit icon under Protocols & Profiles.
The Protocols screen opens.Select the protocols you want to enable.
If the protocol you selected requires a certificate, a field displays so you can choose one.
When you have specified the protocols and profiles needed, click Save to return to the Application Service Properties screen.
To specify security policies, click the edit icon under Security Policies.
The Security Policies screen opens.Note: To control traffic managed by a security policy through specified VLANs configured to an instance’s network, see step 23 in the Review & Deploy process of application service creation.
To specify a WAF policy:
Click Use a WAF Policy.
Select the WAF Policy Name for the application service.
To specify an Access policy:
Click Use an Access Policy.
Select the Access Policy Name for the application service.
When you have specified the policies needed, click Save to return to the Application Service Properties screen.
To specify iRules, click the edit icon under iRules.
The iRules screen opens.To Enable iRules, click Use iRules.
To specify iRules for this application service, click Add.
Use the controls to specify the iRules (and version) for this application service and arrange the order in which they run.
When the iRules are correctly specified, click Save to return to the Application Service Properties screen.
Repeat steps 13-18 to specify settings for additional virtual servers as needed.
When you finish specifying settings for the application service, click Review & Deploy.
The Instance/Locations page opens.Click Start Adding and then select the instances to which you want to deploy the application service, then click Add to List.
The Deploy screen opens.For each instance/location you added in the previous step, under Virtual Address, specify the IP address(es) of the virtual server(s).
Add Pool Members for each pool.
For the first pool, click the down arrow under Members, then click the + Pool Members button.
The Pool Members (endpoints) screen opens.Click Add Row and then specify a Name and IP Address for the first pool member.
To add additional members, click Add Row again.
When you finish adding pool members, click Save.
Repeat sub-steps 22.1 - 22.4 to add pool members for each pool.
(Optional) Enable VLANs for each virtual server to control security security traffic through your instance’s network configuration:
Click the icon found in the virtual server row of the Configure column.
The Network panel opens.Toggle to the Enable VLANs to listen on button.
Select one or more VLANs configured to the instance’s network settings.
See your instance’s Network & Proxy settings to manage the instance’s VLANs.
Click Save.
Repeat steps 23.1-23.4 to enable VLANs for each virtual server.
To validate your pre-deployment updates for an instance, click Actions and select Validate.
You can click Validate All to validate all changes on all instances. Once the validation is complete, you can click View Results to review the deployment details.When you finish adding pre-deployment configurations, click Deploy Changes.
The Deploy Application Service screen displays a summary of the changes to be deployed.Click Yes Deploy to complete the deployment.
When you finish adding pool members to each pool, click Deploy Changes.
The Deploy Application Service screen displays a summary of the changes to be deployed.Click Yes Deploy to complete the deployment.
Use the BIG-IP Next Central Manager API to deploy a new application¶
Use this procedure to deploy a new application service to a managed BIG-IP Next instance using the BIG-IP Next Central Manager API.
Authenticate with the BIG-IP Next Central Manager API. For details refer to How to: Authenticate with the BIG-IP Next Central Manager API.
Create the application service by sending a Post to the
/api/v1/spaces/default/appsvcs/blueprintsendpoint.POST https://<big-ip_next_cm_mgmt_ip>/api/v1/spaces/default/appsvcs/blueprintsFor the API body, use the following, substituting values appropriate for the application service you want to create.
{ "name": "app1", "set_name": "Examples", "template_name": "http", "parameters": { "globalResiliency": false, "pools": [ { "servicePort": 80, "loadBalancingMode": "round-robin", "monitorType": [ "http" ], "poolName": "pool01" } ], "virtuals": [ { "virtualPort": 80, "virtualName": "vs01", "pool": "pool01" } ], "application_description": "application 01", "application_name": "app1" } }
Deploy the application service by sending a Post to the
/api/v1/spaces/default/appsvcs/blueprints/<id>/deploymentsendpoint.POST https://<big-ip_next_cm_mgmt_ip>/api/v1/spaces/default/appsvcs/blueprints/<id>/deploymentsFor the API body, use the following, substituting values appropriate for the application service you want to deploy.
{
"deployments": [
{
"parameters": {
"pools": [
{
"poolName": "pool01",
"poolMembers": [
{
"name": "member01",
"address": "198.51.100.10"
},
{
"name": "member02",
"address": "198.51.100.11"
}
]
}
],
"virtuals": [
{
"virtualName": "vs01",
"virtualAddress": "192.0.2.10"
}
]
},
"target": {
"address": "203.0.113.10"
},
"allow_overwrite": true
}
]
}
Modify an application service¶
After you deploy an application service, there are some things that you cannot modify (the name of the application service, the tenant, or the template used to deploy the application service), but you can edit the other parameter values.
Use the BIG-IP Next Central Manager UI to modify an application¶
Use the following procedure to modify an application service using the BIG-IP Next Central Manager user interface.
For more information about reviewing the configuration map and drilling down into application service component details, see How to: Monitor application service health, configuration, and performance.
Log in to BIG-IP Next Central Manager as admin, click the Workspace icon, and then click Applications.
Select the name of the application service that you want to edit.
BIG-IP Next Central Manager opens the application service panel.On the top right of the panel, click Edit.
Locate the parameter(s) you want to change and select (or type) the new value.
To validate your updates for an instance, click Actions and select Validate.
You can click Validate All to validate all changes on all instances. Once the validation is complete, you can click View Results to review the deployment details.When the test completes satisfactorily, click Deploy to complete your edits to this application.
BIG-IP Next Central Manager redeploys the application service, using the revised parameters that you specified.
Use the BIG-IP Next Central Manager API to modify an application¶
Use the following procedure to modify an application service using the BIG-IP Next Central Manager API.
Authenticate with the BIG-IP Next Central Manager API. For details refer to How to: Authenticate with the BIG-IP Next Central Manager API.
Modify the application service by sending a PATCH to the
/api/v1/spaces/default/appsvcs/blueprints/<id>endpoint.PATCH https://<big-ip_next_cm_mgmt_ip>/api/v1/spaces/default/appsvcs/blueprints/<id>For the API body, use the following, substituting values appropriate for the application you want to modify:
{ "existing_deployments": [ { "deployment_id": "7d0450c5-9f65-42d0-b3b4-b3f6b7470834", "parameters": { "pools": [ { "poolName": "pool01", "poolMembers": [ { "name": "member01", "address": "198.51.100.100" }, { "name": "member02", "address": "198.51.100.101" } ] } ], "virtuals": [ { "virtualName": "vs01", "virtualAddress": "192.0.2.10" } ] }, "target": { "address": "203.0.113.10" } } ], "new_deployments": [], "delete_deployments": [] }
Delete an application service¶
Use this procedure to remove an application service that resides on a managed BIG-IP Next instance.
Use the BIG-IP Next Central Manager UI to delete an application¶
Log in to BIG-IP Next Central Manager as admin, click the Workspace icon, and then click Applications.
Select the checkbox next to the name of the application service that you want to delete.
At the top of the screen, click (
) Delete.In the Confirm Delete popup, click Delete.
BIG-IP Next Central Manager removes the selected application service.
Use the BIG-IP Next Central Manager API to delete an application¶
To delete an application service using the API, you send a Delete to the /api/v1/spaces/default/appsvcs/blueprints/<id> endpoint.
Authenticate with the BIG-IP Next Central Manager API. For details refer to How to: Authenticate with the BIG-IP Next Central Manager API.
Delete the application service by sending a Delete to the
/api/v1/spaces/default/appsvcs/blueprints/<id>endpoint. You must include the application service ID in your post.DELETE https://<big-ip_next_cm_mgmt_ip>/api/v1/spaces/default/appsvcs/blueprints/<id>No body is necessary for a Delete call.
Monitor application service alerts¶
If your application service’s virtual server, pool, or pool members (endpoints) are disabled or offline that can impact the ability of your application service to manage, protect, or provide services to your application services. A disabled/offline pool member will impact your application service’s health status.
You can use active alerts to find out more information about the application service’s pool members that are currently disabled or offline.
For more information about active alerts, see Reference: Application dashboard.
Use the following procedure to review alerts to an application service:
Log in to BIG-IP Next Central Manager as admin, click the Workspace icon, and then click Applications.
Select the name of the application service that you want to edit.
BIG-IP Next Central Manager opens the application service panel.Click the bell icon (
) in the Active Alerts area at the top of the screen.
From the Alerts & Notifications panel you can review the list of all active alerts to your application services. You can click the Summary of the alert to view additional details about the alert.
For more information about alerts and alert management, see How to: Manage Alerts and Notifications on BIG-IP Next Central Manager.
Filtering application services¶
Create advanced filters to refine the application services shown. With advanced filters you can stack captured application service details with inclusive and exclusive operators.
Log in to BIG-IP Next Central Manager as admin, click the Workspace icon, and then click Applications.
Click + Add Filter.
Select an application service detail from the list. You can type in key words to filter the option list.
Select an operator from the list to determine whether the list filters the selection in or out. You must select an operator.
Select or enter an application service detail to filter.
Note: The My Application Services list updates immediately.
To add more filters, click + Add Filter, and repeat the selection process.
The My Application Services list is refined according to the completed filter options. You can clear the filters by clicking X Clear All to the right of the filter list. See image below for adding and clearing filters with no results:
