F5 BIG-IQ Centralized Management Lab > BIG-IQ All Labs > Class 1: BIG-IQ Application Management and AS3 Source | Edit on
Module 5: Limit available devices for AS3 Application Services (new 7.1)¶
Note
Estimated time to complete: 10 minutes
In prior versions of BIG-IQ, there was no way to limit where application owners could deploy their applications.
In BIG-IQ 7.1, we can associate devices or device groups with a role.
Lab environment access¶
If you have not yet visited the page Getting Started, please do so.
Tasks¶
- Login to BIG-IQ as david .
- Navigate to System > User Management > Users
- Click on Add to create the user.
- Auth Provider:
local - User Name:
user-device-limit-as3 - Full Name:
Class 1 Lab 5 - Password:
password
Save & Close
- Navigate to System > Role Management > Roles > Custom Roles > Application Roles
- Click on Add and fill out below details to create the custom application role.
- Name:
lab-device-rbac - Active Users and Groups:
user-device-limit-as3
- Devices:
10.1.1.11 SJC-vBIGIP01.termmarc.com - Device Groups: Empty
Warning
Do not forget to remove the cm-bigip-allBigIpDevices from the Device Groups list.
- AS3 Templates:
AS3-F5-HTTP-lb-template-big-iq-default-v1
Save & Close
- Logout as david and log back in as user-device-limit-as3 using the local Auth Provider and click Create application.
- Click Create to create an Application Service:
| Application properties: |
|
| Select an Application Service Template: |
|
| General Properties: |
|
| HTTP_Profile. Keep default. |
| Pool |
|
| Service_HTTP |
|
| Analytics_Profile. Keep default. |
Note
Notice the user doesn’t have access to the other BIG-IPs available in the system.
- Click Create.
- Check the Application
LAB_module5has been created.
Note
If not visible, refresh the page. It can take few seconds for the application service to appear on the dashboard.
- Finally, remove the application service
https_app_service_2and the applicationLAB_module5.
