Lab 1: Deploying an Application with F5 Distributed Cloud

Warning

If you are using multiple labs in one course, understand that some steps below may be redundant depending on labs deployed. To gain full benefits from this lab, please delete any objects created in your prior lab and continue with this lab as all necessary objects will be recreated.

Lab 1 will focus on the deployment and security of an existing hosted application using F5 Distributed Cloud Platform and Services. This lab will be deployed in a SaaS only configuration with no on-premises (public or private cloud) elements. All configurations will be made via the F5 Distributed Cloud Console and within the F5 Distributed Cloud Global Network services architecture.

For the tasks that follow, you should have already noted your individual namespace. If you failed to note it, return to the Introduction section of this lab, follow the instructions provided and note your namespace accordingly. The Delegated Domain and the F5 Distributed Cloud Tenant are listed below for your convenience as they will be the same for all lab attendees.

Following the tasks in the prior Introduction Section, you should now be able to access the F5 Distributed Cloud Console, having set your Work Domain Roles and Skill levels. If you have not done so already, please login to your tenant for this lab and proceed to Task 1.

Expected Lab Time: 15 minutes

Task 1: Configure Load Balancer and Origin Pool

The following steps will allow you to deploy and advertise a globally available application. These steps will define an application, register its DNS and assign a target as an origin.

  1. Following the Introduction section instructions, you should now be in the Web

    App & API Protection configuration window. If for some reason you are not in the

    Web App & API Protection window, use the Select Service in the left-hand

    navigation, and click Web App & API Protection as shown in the Introduction Section

  2. In the left-hand navigation expand Manage and click Load Balancers > HTTP Load

    Balancers

  3. In the resulting screen click the Add HTTP Load Balancer in the graphic as shown.

lab001

lab002

Note

You have defaulted to your specific namespace as that is the only namespace to which you have administrative access.

  1. Using the left-hand navigation and in the sections as shown, enter the following

    data. Values where <namespace> is required, use the name of your given namespace.

    • Metadata:Name ID: <namespace>-lb

    • Basic Configuration: List of Domains: <namespace>.lab-sec.f5demos.com

    • Basic Configuration: Select Type of Load Balancer: HTTP

    • Basic Configuration: Automatically Manage DNS Records: (Check the checkbox)

    • Basic Configuration: HTTP Port: 80

lab003

  1. In the current window’s left-hand navigation, click Origins. In the adjacent

    Origins section, under Origin Pools, click Add Item.

lab004

  1. In the resulting window, use the drop down as shown and click Add Item.

lab005

  1. In the resulting window, enter <namespace>-pool in the Name field and click

    Add Item under Origin Servers as shown.

lab006

  1. In the resulting window, Public DNS Name of Origin Server should be selected for

    Select Type of Origin Server.

  2. In the DNS Name field enter the following hostname:

    demo-app.amer.myedgedemo.com and then click Apply

lab007

  1. After returning to the prior window, set the Port: within the Origin Servers

    section, under Origin Server Port to be configured for 80.

  2. Leave all other values as shown while scrolling to the bottom and click, Continue.

  3. After returning to the next window and confirming the content, click Apply.

lab008

lab009

lab010

  1. Returning to the HTTP Load Balancer window, scroll to (or click in the left-hand

navigation) to the Other Settings section and note the VIP Advertisement setting.

  1. Click Save and Exit at the bottom of the HTTP Load Balancer configuration screen.

lab017

Note

The above selection controls how/where the application is advertised. The “Internet” setting means that this application will be advertised globally from the F5 Distributed Cloud Global Network utilizing Anycast.

  1. In the HTTP Load Balancers window, note the application hostname under the

    Domains column (This was done in Task1: Step 4).

  2. Click the Action dots, and then in the subsequent menu Manage Configuration.

lab018

  1. Click DNS Information in the left-hand navigation.

    The value for a CNAME is listed under Host Name. The associated “Default/Tenant IP”

    is also shown under IP Address. The “Default/Tenant IP” is uniquely assigned to each

    F5 Distributed Cloud Tenant. Additional Public IPs can be added to the Tenant.

lab019

  1. Click JSON in the horizontal navigation at the top-left of the screen.

    The JSON payload (or YAML format, from dropdown) provides for the entire Load Balancer

    configuration. This can be used for backup or subsequent CI/CD automation operations.

lab020

  1. Click Documentation in the horizontal navigation at the top of the screen.

    The Documentation screen provides details on the F5 Distributed Cloud Console API.

    All operations in the F5 Distributed Cloud Platform are API-first. This includes all GUI

    actions and associated audit logging.

  2. Click Cancel and Exit to return to the HTTP Load Balancers screen.

lab021

Task 3: Testing the Application

You will now perform basic testing to ensure you can reach the application through the F5 Distributed Cloud platform.

  1. Open another tab in your browser (Chrome shown), navigate to the newly configured Load

    Balancer configuration: http://<namespace>.lab-sec.f5demos.com, to confirm it is

    functional.

  2. Returning to the F5 Distributed Cloud Console, use the left-hand menu to select

    Overview > Dashboard > Performance Dashboard section. This dashboard will provide a

    summary view for all of the configured Load Balancers.

lab025

Note

As you have not run many requests, summary analytics may not be available in the dashboard view yet.

  1. Scroll to the bottom and select your load balancer.

lab026

  1. From the Performance Dashboard view, using the horizontal navigation, click

    Requests.

  2. Change the viewable time period from 5 minutes (default) to 1 hour by selecting the

    dropdown shown, click Last 1 hour then clicking Apply.

lab027

Note

Security Event data may take 15-20 seconds to populate in the Console. Please force a refresh using the Refresh icon next to the Time Period selection in step 6.

  1. Expand one of the requests and note the Information tab link. This summarizes request

    details and provides request duration timing.

lab028

  1. Click on the JSON link to get more data about the request.

  2. Click Add Filter as shown to see how you can filter by key identifiers.

lab029

  1. The resulting Search input field and listed Keys, can be used to filter requests

    in this view.

lab030

Note

The available Key list to search is dynamically updated based on the requests in the selected time view.

  1. Closing the filters view, note the available Quick Filters for Response Codes which

    allows quickly filtering the requests by toggling on or off each response code

    category.

  2. Click the Forensics tab on the right side of the view as shown.

lab031

  1. The Forensics Filter provides summarized top categories which provides quicker

    analysis of the request log data. Collapse the Forensics view when done using the

    indicated arrow.

lab032

Note

Individual forensic categories can be changed using the noted pencil icon to surface additional top data details.

End of Lab 1: This concludes Lab 1, feel free to review and test the configuration.

A brief presentation will be shared prior to the beginning of Lab 2.

labend