Lab 1: Manage AS3 Templates on BIG-IQ

Lab environment access

Once you connect to the UDF course portal, you will land on the Documentation tab where you can find the link to the lab guide.

Once you have the lab guide open, click on the Deployment tab to access the various systems in the lab.


In order to complete this lab, you will find 2 ways to access the different systems in this lab.

  1. Going directly to the BIG-IQ CM or BIG-IP TMUI or WEB SHELL/SSH (RECOMMENDED).

    To access the BIG-IQ directly, click on the ACCESS button under BIG-IQ CM and select TMUI. The credentials to access the BIG-IQ TMUI are david/david and paula/paula as directed in the labs.


    To ssh into a system, you can click on WEB SHELL or SSH (you will need your ssh keys setup in the lab environment for SSH).

    You can also click on DETAILS on each component to see the credentials (login/password).

  2. From the lab embeded Google Chrome browser.

    In your lab deployment, click on the ACCESS button of the Ubuntu Lamp Server system and click on Google Chrome.

    You can also use XRDP as an alternative, click on the resolution that works for your laptop. When the RDP session launches showing Session: Xorg, simply click OK, no credentials are needed. Modern laptops with higher resolutions you might want to use 1440x900 and once XRDP is launched Zoom to 200%.


Exercise 1.1 – Import AS3 templates

View AS3 templates section

  1. From within the LAMP server XRDP/noVNC session, logon to BIG-IQ as david (david\david)
    by opening a browser and go to: or directly via the TMUI. David represents the Enterprise NetOps persona with admin level priviledges to BIG-IQ.
  2. Go to Applications > Application Templates and review the top section
    which is titled AS3 Templates.

A new BIG-IQ v8.x deployment will NOT include AS3 templates out of the box. If you want to start using AS3 templates which are provided by F5, then those AS3 templates can be found through the following link:


If you receive a warning prompt that software updates are no longer provided for Ubuntu when first logging into the Lamp server. Click OK to bypass


The F5 default AS3 BIG-IQ templates are already imported in the lab environment blueprint.

Import AS3 BIG-IQ templates

  1. Select Import Templates at the right top corner. You will be taken to the BIG-IQ AS3 Template Library on GitHub.
  1. Make yourself familiar with the GitHub page and understand which AS3 templates are available.
  2. The AS3 templates are already imported in BIG-IQ and you don’t need to perform step 4.
  3. Use the provided instructions on the GitHub page to import the templates into BIG-IQ.


The F5 default AS3 BIG-IQ templates are already imported in the lab environment blueprint.

  1. Walk through the provided templates and select them to understand the structure. If familiar with AS3 you will notice the structure. Otherwise, visit AS3 Example declarations.

Exercise 1.2 – Deploy application via BIG-IQ using a default AS3 template

In this exercise we will create an application service using an AS3 template. The service will include a pool with two pool members (server addresses) listening on port 80, a virtual server listening on port 443 and various profiles to offload SSL to the pool members.

First we attempt to create an application service as application owner Paula.

  1. From within the LAMP server RDP/noVNC session, logon on BIG-IQ as paula (paula\paula)
    by opening a browser and go to: or directly via the TMUI as shown above. Paula represents an App owner. Note that the logout button is in the upper right-hand corner of the UI.
  2. In the Applications page click on Create to create an Application Service


You will notice that the template is not available. If we want paula to deploy this template, we first need to have those templates assigned to her via an administrator.


Application properties:
  • Grouping = New Application
  • Application Name = LAB 1.2
  • Description = My first AS3 template deployment with BIG-IQ
Select an Application Service Template:
  • Template Type = Select AS3-F5-HTTPS-offload-lb-existing-cert-template-big-iq-default-v1 [AS3]
  1. Logout as paula and login to BIG-IQ as david. (if asked: Leave site? Select: Leave)
  2. Select Applications > Application Templates and notice the ‘Published’ templates. The template Paula wants to use is listed as a ‘Published’ template.


  1. Go to System > Role Management > Roles and select Application Roles under the CUSTOM ROLES section. Here you will see the collection of the Custom Application Roles.


  1. Paula is assigned to the exiting Application Creator VMware custom role. Select it and scroll down to AS3 Templates. As you can see, Paula does not have permission to deploy an AS3 application using the AS3-F5-HTTPS-offload-lb-existing-cert-template-big-iq-default-v1 template.


  1. Select AS3-F5-HTTPS-offload-lb-existing-cert-template-big-iq-default-v1 AS3 Template and click the arrow to get it in the ‘Selected’ section. Then, select Save & Close.
  2. Logout as David and log back in as Paula and click Create to create an application.
  3. Select Create Application to Create an Application Service:


Application properties:
  • Grouping = New Application
  • Application Name = LAB 1.2
  • Description = My first AS3 template deployment with BIG-IQ
Select an Application Service Template:
  • Template Type = Select AS3-F5-HTTPS-offload-lb-existing-cert-template-big-iq-default [AS3]
General Properties:
  • Application Service Name = https_app_service
  • Target =
  • Tenant = tenant1
  • Members:, port 80
  • Members:, port 80
TLS_Server. Keep default.
Certificate. Keep default.
  • Virtual addresses:
Analytics_Profile. Keep default.


  1. Go to View Sample API Request in the right upper corner and select it. You will have a full AS3 declaration schema, scroll through it and hit close when done.


  1. Click Create. Note; the “Create” button is on the lower right corner.
  2. Check that the Application LAB 1.2 has been created.



If not visible, refresh the page.

  1. Select LAB 1.2 Application. You will notice LAB 1.2 acts as a group of Application Services where underneath multiple services can be grouped. The next window will show you that a new Application Service has been created named: tenant1_https_app_service.


  1. Now, let’s look on the BIG-IP and verify the application is correctly deployed in partition tenant1.

Logon to BIG-IP (IP address: as admin (admin\purple123) from the lab environment. Select the tenant1 partition and look at the objects created on the BIG-IP. You may need to click on one of the menu items like Local Traffic >> Virtual Servers before you can select the tenant1 partition from the dropdown menu.


  1. You can test the application service by opening a browser in the Ubuntu
    Jumphost and typing the Virtual Server IP address You should see the Hackazon website.
  2. Back on the BIG-IQ as paula,
    Select the Lab 2.1 tenant1_https_app_service >> Application Service and look for HTTP traffic analytics.



An HTTP traffic generator is running on the Jumphost.

Exercise 1.3 - Modify template

Through the GUI and when allowed, the application owner can make small modifications.

  1. In tenant1_https_app_service, select Servers >> Configuration and add a Pool Member.
  • Click the + next to the second Server Address and add:
  • Click Save & Close.


  1. Once the configuration change has completed in BIG-IQ, check (partition tenant1) Local Traffic > Pools and find Pool. It will have tenant1/https_app_service as the partition/path (or use search). Select Pool and go to members.


  1. Now back to the BIG-IQ and tenant1_https_app_service application and select Application Service > Configuration. Scroll down in the AS3 declaration and find that the schema has added the third pool member.



Using BIG-IQ to modify application services deployed via AS3 is only possible if the application was initially deployed via BIG-IQ. Services deployed via AS3 directly to the BIG-IP, whether via Postman, Ansible, or other toolchains, must continue to use that toolchain to modify the service.

The BIG-IQ GUI only allows you to modify what has been permitted (made ‘editable’) when the template was created. With a configuration deployed through the API directly to the BIG-IP and not via BIG-IQ, you would need to redeploy to add additional services.