ADCaaS Delivery Mode

ADCaaS is a multi-container Docker application that functions as the control plane for cloud-based ADC management and services deployment.

Using docker-compose, you can rebuild/deploy an application to anywhere as a container cluster.

Before running an ADCaaS application, install Docker. ADCaas is not concerned with the OS type (Windows, Mac OS, Linux), hypervisor layer (KVM, VMware, Xen), and hardware architecture (x86_64, ARM); these are all handled by Docker runtime.


From the docker-compose.yml, the ADCaaS runtime consists of the following containers:


    ADCaaS is the main application responsible for providing RESTful APIs for the following:

    • Provisioning ADC (BIG-IP VEs) on cloud platforms (Note: Currently only OpenStack)
    • Configuring LTM applications (Virtual Server in LTMs) piece-by-piece.
    • Assembling and deploying LTM applications configured as AS3 declarations.
    • Uploading/enabling WAF policies on LTM applications.
  • ASG

    Application Service Gateway (ASG) provides some useful APIs for BIG-IP VE orchestration. It is extendable by installing iControlLx extensions. The following are the current extenstions in the ASG container:

    • TrustedDevices: Trust BIG-IP VE in the declarative model; later access with no password.
    • TrustedProxy: Proxy iControl REST deployment requests to trusted devices.
    • TrustedExtensions: Publish iControlLX extensions to trusted devices (example: AS3 package).
    • TrustedASMPolicies: Export ASM policies from and import onto trusted devices.

    The ASG’s /var/config folder is mounted as the volume for data persistence.


    In addition to RESTful APIs, ADCaaS provides a portal for ADC management and application deployment.

    The portal is a horizon-based web application running in a container.

  • E / F / K

    EFK is enabled as an installation option, which refers to three different containers:

    From the docker-compose.yml, other containers’ logs are collected by the Fluentd logging driver and sent to a Fluentd container. By accessing Kibana, DevOps can do log agression or issue locating.

    Each API call can be traced by a unique request ID.


    Postgres is the database layer storing kinds of service model and management data. The database schema is auto-migrated at startup. In production, it is possible to switch to a own database of a customer.

Container Interactions

The following chart shows the container interactions in the ADCaaS service:

                           |   PORTAL   |
                   |                              |
+-------------------------------------+     +------------+
|     LTMAAS/DNSAAS/..(TBD)           |     |   WAFAAS   |
+-------------------------------------+     +------------+
                   |                              |
        |                |             |          |            |
        |                |             |          |            |
  +---+---+---+   +------------+    +-----+   +------+         |
  | E | F | K |   |  POSTGRES  |    | ASG |   | (DO) |         |
  +---+---+---+   +------------+    +-----+   +------+         |
                                       |          |            |
                                       +-----+----+            |
                                             |            [ OPENSTACK ]
                                        (BIG-IP VE)       [  BIG-IQ   ]


  • Rectangles are container instances.
  • LTMAAS/DNSAAS/..(TBD): To be delivered. In the future, there may be more F5 *AAS functionalities.
  • (DO): is now a container, but may be installed to a BIG-IP instance; thus, calls to DO change to BIG-IP.
  • (BIG-IP VE): is the provisioned unit for declaration deployments.
  • [ OPENSTACK ], [ BIG-IQ ]: are ADCaaS dependencies. BIG-IQ is the license manager. OpenStack is the cloud platform to provision BIG-IP VE.