Lab 2: Deploy PUA Alternate Webtop
=====================================================

Overview
---------------------------------------------------------------

In this lab, we will focus on configuring and testing an ALT webtop with F5 APM (Access Policy Manager).  

The ALT webtop creates a single tile (webtop link), that launches a portal containing more endpoints specified from a .csv configuration file.   
This will allow us to configure multiple endpoints faster and more efficiently.  

We will also leverage the Smartcard Client Authentication (created in Lab 1) for authentication to the webtop.  

We will begin the lab by adding the .csv file as a resource and deploying the ALT webtop.  Next, we will need to update the Access Policy to include the new ALT webtop tile (webtop link) to the webtop.  

This lab will commence with testing and validating user access.

Expected time to complete: **15 minutes**

.. note:: This is an add-on playbook that works with an existing PUA deployment (such as :doc:`/class3/module2/lab01`)

Add PUA Ressources
---------------------------------------------------------------

.. _Add Ressource:

Task 1 - Add Ressource
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#. In PUA UI, Click **Ressources** in left hand navigation bar and in the main panel, Click **Add Ressource** button.

   |image_chrome_pua_ressources|

#. In the resulting window,  click **Choose File** button.
    
   |image_chrome_pua_add_ressource|

#. In the File explorer that window, Under **This PC** select **Desktop** and double click on **PUA LabFiles**

   |image_chrome_pua_add_ressource_filebrowser|

#. Select **pua.csv** file and click **Open**

   |image_chrome_pua_add_ressource_csv|

#. Click **Upload**

   |image_chrome_pua_add_ressource_upload|

#. Confirm **pua.csv** is listed in **Ressources** table.

   |image_chrome_pua_add_ressource_csv_success|

.. warning:: If you don't see the **pua.csv** in **PUA UI Ressources** go back to :ref:`Add Ressource`.







Deploy PUA ALT Webtop
---------------------------------------------------------------

Task 1 - Add Deployment
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#. In PUA UI, Click **Deployments** in left hand navigation bar and in the main panel, Click **Add Deployment** button.

   |image_chrome_pua_deployments|

#. In the resulting window,  enter the following data:

  * **Add Deployment**
    
    * **Name** : alt_webtop

    * **Device IP/Hostname** : 10.1.1.4

    * **Playbook**: ALT WEBTOP
    
  |image_chrome_pua_add_deployment_alt_webtop|

.. _Enter Deployment details:

Task 2 - Enter Deployment details
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#.	When the ALT WEBTOP playbook is selected, the editor values are updated to show the following inputs (Enter the associated values as specified below)

  * **Add Deployment**

    *	**CSV Ressource File**:	pua.csv

  |image_chrome_pua_add_deployment_alt_webtop_details|

.. note:: You can also switch to **Raw JSON** input and paste this JSON object to get the input fields populated.
   
   |image_chrome_pua_add_deployment_raw|

   .. code-block:: json

      {
         "name": "alt_webtop",
         "device_ip": "10.1.1.4",
         "forceDeploy": false,
         "configuration": {
            "playbook": "ALT WEBTOP",
            "user_input": {
               "CSV_RESOURCE_FILE": "pua.csv"
            }
         }
      }

Task 3 - Review Deployment details and Deploy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#. Review Deployment details and Click **Deploy**

   |image_chrome_pua_add_deployment_alt_webtop_raw|

Task 4 - Track Deployment progress 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

If you go back to the **PUA Deploy Agent WebSSH** tab in your local browser, you should see the logs generated by the deployment of the PUA ALT WEBTOP Playbook.


#. Confirm that the deployment is successful by looking for **Playbook deployed successfully** log.

   |image_pua_webshell_docker_logs_deployment_alt_webtop|

#. Confirm that **alt_webtop** is listed in the PUA UI Deployments.

   |image_chrome_pua_add_deployment_alt_webtop_success|

.. warning:: If you don't see the **Playbook deployed successfully** in the logs and the **alt_webtop** does not appear in **PUA UI Deployments** go back to :ref:`Enter Deployment details`.



Connect PUA Alternate Webtop to PUA Smartcard
---------------------------------------------------------------

Task 1 - Access BIG-IP 1
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

**Access BIG-IP 1 TMUI**

#. Click **ACCESS** next to big-ip1

#. Select **TMUI** from the lists

   |image_udf_bigip1_access|

#. In the new browser Tab, Login with the following credentials:

   * User: **admin**
   
   * Password: **admin**

   |image_bigip1_tmui_login_details|


Task 2 - Edit PUA Smartcard Access Policy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#. Navigate to **Access**, **Profiles/Policies**.

   |image_bigip1_tmui_access_profiles_policies|

#. Click the Edit link for the **pua_smartcard** Access Profile to open the Visual Policy Editor.

   |image_bigip1_tmui_access_profiles|

Task 3 - Add Alternate Webtop to the Webtop Links
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#. Click the plus sign beside **Macro: Admin Access**

   |image_bigip1_tmui_access_profiles_pua_smartcard|

#. Click Advanced Resource Assign.

   |image_bigip1_tmui_access_profiles_pua_smartcard_macro_expanded|

#. In the pop-up, click the **Add/Delete** link.

   |image_bigip1_tmui_access_profiles_pua_smartcard_ressources|

#. Click the **Webtop Links 4/5** tab.

   |image_bigip1_tmui_access_profiles_pua_smartcard_ressources_acls|

#. Tick the checkbox beside **/Common/alt_webtoplink**.

   |image_bigip1_tmui_access_profiles_pua_smartcard_ressources_links|

#. Click **Update**.

   |image_bigip1_tmui_access_profiles_pua_smartcard_ressources_links_update|

#. Click **Save**.

   |image_bigip1_tmui_access_profiles_pua_smartcard_ressources_save|

Task 4 - Apply Access Policy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#. Click **Apply Access Policy**

|image_bigip1_tmui_access_profiles_pua_smartcard_ressources_apply|

.. warning:: Don't forget to click on **Apply Access Policy**. 

Test PUA ALT Webtop
---------------------------------------------------------------

Task 1 - Acces PUA Webtop as user1
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#. Right click on the **PUA Webtop** Bookmark and click on **Open in Incognito window**

   |image_chrome_incognito_pua_webtop|

#. Select certificate associated with **User1** in the  **Select a certificate** dialog box and Click **Ok**.

   |image_chrome_incognito_pua_webtop_user1_cert|

#. Click **Click here to continue**

   |image_chrome_incognito_pua_webtop_banner|

#. The **Alternate Webtop** link should now be listed in the **Applications and Links** section of the Webtop.

   |image_chrome_incognito_pua_webtop_links_alt_webtop|

Task 2 - Validate user1 Access
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#. In the **Applications and Links** section of the Webtop

   * Click on **alt_webtoplink** to launch the updated **Privileged User Access** Web Application.

     |image_chrome_incognito_pua_webtop_user1_altwebtop|

   * Click on the **>_** icon of **bigip15** and observe the username at the bottom left corner

     |image_chrome_incognito_pua_webtop_user1_altwebtop_bigip15_arrow|

     |image_chrome_incognito_pua_webtop_user1_altwebtop_bigip15|

   * Click on the **>_** icon of  **bigip17** and observe the username at the bottom left corner

     |image_chrome_incognito_pua_webtop_user1_altwebtop_bigip17_arrow|

     |image_chrome_incognito_pua_webtop_user1_altwebtop_bigip17|

.. warning:: Close the Incognito window before going to the next task.


Delete PUA Smartcard
---------------------------------------------------------------

Task 1 - Delete Deployment
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#. In PUA UI, Click **Deployments** in left hand navigation bar, then in the main panel :
   
   * tick the checkbox beside **pua_smartcard** and 

   * click **Delete** button.

   |image_chrome_pua_delete_deployment_smartcard|

#. Click **Confirm**.

   |image_chrome_pua_delete_deployment_smartcard_confirm|

#. After a few moment, **pua_smartcard** deployment should have been deleted successful.

   |image_chrome_pua_delete_deployment_smartcard_success| 

.. attention:: The PUA Smartcard deployment need to be deleted before going to the next lab.

|image_end_of_lab|

.. |image_chrome_pua_ressources| image:: media/lab02/chrome_pua_ressources.png
.. |image_chrome_pua_add_ressource| image:: media/lab02/chrome_pua_add_ressource.png
  :width: 480
.. |image_chrome_pua_add_ressource_filebrowser| image:: media/lab02/chrome_pua_add_ressource_filebrowser.png
  :width: 320
.. |image_chrome_pua_add_ressource_csv| image:: media/lab02/chrome_pua_add_ressource_csv.png
.. |image_chrome_pua_add_ressource_upload| image:: media/lab02/chrome_pua_add_ressource_upload.png
  :width: 480
.. |image_chrome_pua_add_ressource_csv_success| image:: media/lab02/chrome_pua_add_ressource_csv_success.png



.. |image_chrome_pua_deployments| image:: media/lab02/chrome_pua_deployments.png
.. |image_chrome_pua_add_deployment_alt_webtop| image:: media/lab02/chrome_pua_add_deployment_alt_webtop.png
  :width: 480
.. |image_chrome_pua_add_deployment_alt_webtop_details| image:: media/lab02/chrome_pua_add_deployment_alt_webtop_details.png
  :width: 480
.. |image_chrome_pua_add_deployment_raw| image:: media/lab02/chrome_pua_add_deployment_raw.png
  :width: 480
.. |image_chrome_pua_add_deployment_alt_webtop_raw| image:: media/lab02/chrome_pua_add_deployment_alt_webtop_raw.png
  :width: 480
.. |image_chrome_pua_add_deployment_alt_webtop_success| image:: media/lab02/chrome_pua_add_deployment_alt_webtop_success.png

.. |image_pua_webshell_docker_logs_deployment_alt_webtop| image:: media/lab02/pua_webshell_docker_logs_deployment_alt_webtop.png

.. |image_udf_bigip1_access| image:: media/lab02/udf_bigip1_access.png
  :width: 480
.. |image_bigip1_tmui_login| image:: media/lab02/bigip1_tmui_login.png
  :width: 480
.. |image_bigip1_tmui_login_details| image:: media/lab02/bigip1_tmui_login_details.png
  :width: 480
.. |image_bigip1_tmui_access_profiles_policies| image:: media/lab02/bigip1_tmui_access_profiles_policies.png
  :width: 160
.. |image_bigip1_tmui_access_profiles| image:: media/lab02/bigip1_tmui_access_profiles.png
.. |image_bigip1_tmui_access_profiles_pua_smartcard| image:: media/lab02/bigip1_tmui_access_profiles_pua_smartcard.png
.. |image_bigip1_tmui_access_profiles_pua_smartcard_macro_expanded| image:: media/lab02/bigip1_tmui_access_profiles_pua_smartcard_macro_expanded.png
.. |image_bigip1_tmui_access_profiles_pua_smartcard_ressources| image:: media/lab02/bigip1_tmui_access_profiles_pua_smartcard_ressources.png
  :width: 480
.. |image_bigip1_tmui_access_profiles_pua_smartcard_ressources_acls| image:: media/lab02/bigip1_tmui_access_profiles_pua_smartcard_ressources_acls.png
  :width: 480
.. |image_bigip1_tmui_access_profiles_pua_smartcard_ressources_apply| image:: media/lab02/bigip1_tmui_access_profiles_pua_smartcard_ressources_apply.png
.. |image_bigip1_tmui_access_profiles_pua_smartcard_ressources_links| image:: media/lab02/bigip1_tmui_access_profiles_pua_smartcard_ressources_links.png
  :width: 480
.. |image_bigip1_tmui_access_profiles_pua_smartcard_ressources_links_update| image:: media/lab02/bigip1_tmui_access_profiles_pua_smartcard_ressources_links_update.png
.. |image_bigip1_tmui_access_profiles_pua_smartcard_ressources_save| image:: media/lab02/bigip1_tmui_access_profiles_pua_smartcard_ressources_save.png



.. |image_chrome_incognito_pua_webtop| image:: media/lab02/chrome_incognito_pua_webtop.png
  :width: 480
.. |image_chrome_incognito_pua_webtop_user1_cert| image:: media/lab02/chrome_incognito_pua_webtop_user1_cert.png
  :width: 480
.. |image_chrome_incognito_pua_webtop_banner| image:: media/lab02/chrome_incognito_pua_webtop_banner.png
  :width: 320
.. |image_chrome_incognito_pua_webtop_links_alt_webtop| image:: media/lab02/chrome_incognito_pua_webtop_links_alt_webtop.png



.. |image_chrome_incognito_pua_webtop_user1_altwebtop| image:: media/lab02/chrome_incognito_pua_webtop_user1_altwebtop.png
.. |image_chrome_incognito_pua_webtop_user1_altwebtop_bigip15_arrow| image:: media/lab02/chrome_incognito_pua_webtop_user1_altwebtop_bigip15_arrow.png
  :width: 240
.. |image_chrome_incognito_pua_webtop_user1_altwebtop_bigip15| image:: media/lab02/chrome_incognito_pua_webtop_user1_altwebtop_bigip15.png
  :width: 480
.. |image_chrome_incognito_pua_webtop_user1_altwebtop_bigip17_arrow| image:: media/lab02/chrome_incognito_pua_webtop_user1_altwebtop_bigip17_arrow.png
  :width: 240
.. |image_chrome_incognito_pua_webtop_user1_altwebtop_bigip17| image:: media/lab02/chrome_incognito_pua_webtop_user1_altwebtop_bigip17.png
  :width: 480


.. |image_chrome_pua_delete_deployment_smartcard| image:: media/lab02/chrome_pua_delete_deployment_smartcard.png
.. |image_chrome_pua_delete_deployment_smartcard_confirm| image:: media/lab02/chrome_pua_delete_deployment_smartcard_confirm.png
   :width: 320
.. |image_chrome_pua_delete_deployment_smartcard_success| image:: media/lab02/chrome_pua_delete_deployment_smartcard_success.png



.. |image_end_of_lab| image:: media/lab02/end_of_lab.png