Applies To:

Show Versions Show Versions

Manual Chapter: Standardize an Application for Self-service Deployment
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Standardize an Application for Self-service Deployment

Creating service templates for self-service application deployment



As a network engineer, you can create service templates with the objects and default parameter settings that you want your application manager to deploy. Using that template, and without having a lot of network expertise, the application manager can deploy the application objects you want by simply specifying a few key values.

When you create a new service template, you can specify a set of objects that define an application that can then be deployed to your BIG-IP devices. A service template is a baseline for creating a new application. This allows you to maintain a consistent environment. Parameters that you define as editable are visible and can be revised.

For example, you can standardize your HTTPS application to use a virtual server, a client SSL profile, a pool, and a node with specific default values. To do this, you create a service template that includes each of these objects. Parameters you don't want edited will be read-only, and those that can change for each application show as editable. Then you assign permissions for this template to your application manager.

To create an application, all the application manager needs to do is provide the editable values (virtual server address, number of nodes and their addresses, and so forth) and identify where the application deploys to. When the application deploys, BIG-IQ creates just the right objects and settings.

There are three ways to create a service template that defines the objects that you want to include in an application. Select the option that works best for you.

  • Create the service template by cloning another service template.
  • Create the service template by importing object settings from a device managed by this BIG-IQ.
  • Create the service template manually, defining settings for each object included in the application.
After you create a service template, it is listed on the Service Catalog page. Note that there is no check mark in the Published column for it. This means two things:
  • The template can be edited. You can select it and revise any of the settings for that template.
  • You cannot use this template to create an application.
Before you can use an unpublished (writeable) service template to create an application, you must publish it. This locks the template, so that you can use it to create an application.
To make a published template writeable so that you can make revisions, select the check box for it and click Unpublish.
Note: You cannot make a template writeable if it is being used by an application. To revise a template that is being used, you need to either clone that template or change the template that the application uses.

You can use any available monitor in an application template to track the health of your applications. The monitor you specify is applied to the devices in your SSG.

For the service scaling BIG-IP device that is load balancing traffic to your SSG, you must use a monitor that supports alias and transparent modes. These include:

  • HTTP
  • HTTPS
  • TCP
  • UDP
  • ICMP Gateway
Note: If the service scaling BIG-IP device is using an application with a client-SSL profile, the service scaling device converts the HTTP monitor to HTTPS.

Create a service template starting with a clone of an existing template

BIG-IQ Centralized Management comes with several default service templates for standard scenarios. Using the clone option, you make a copy of a service template and then add or remove only the objects that need to change to produce the service template you want. This allows you to maintain a consistent environment.
Note: This workflow shows you how to clone a service template that is already defined on this BIG-IQ. For details about other ways to define objects, refer to Create a service template by importing existing objects or Create a service template by manually specifying objects on support.f5.com.
  1. At the top of the screen, click Applications then, on the left, click APPLICATION TEMPLATES.
    The screen displays the list of AS3 and service catalog templates defined on this device.
    Note: AS3 templates can only deploy applications to managed devices. To deploy to an SSG, you need a service catalog template.
  2. Select the check box to the left of any service template you want to clone.
  3. Click the More button and select Clone.
  4. Type a Name that you want to use for the clone, and then click Clone.
    The system creates a clone of the service template and then opens the new template so you can make changes.
  5. Add or remove application objects to the cloned template until it meets your requirements.
    When you finish the edits to this new template, you can use it to create a new application that deploys to your BIG-IP devices.
  6. Click Save & Close.
  7. If you are ready to use this service template to create an application, select it, and click Publish.

Create a service template by importing existing objects

Before you can import objects to an application template, you must have either created or imported the LTM objects from one of your managed BIG-IP devices.

When you create a new service template, you specify a set of objects that define an application that can then be deployed to BIG-IP devices. When you define the application, you can omit or include certain objects. Parameters you define as not editable are not visible, and are included using the default values specified in the service template. This allows you to maintain a consistent environment.

Specifying the objects by importing existing objects saves time and ensures that you get precisely the settings you are looking for.
  1. At the top of the screen, click Applications then, on the left, click APPLICATION TEMPLATES.
    The screen displays the list of AS3 and service catalog templates defined on this device.
    Note: AS3 templates can only deploy applications to managed devices. To deploy to an SSG, you need a service catalog template.
  2. Click Create.
  3. Type a Name and (optional) Description for the service template you are creating, and then click Save.
    Once you define the name and save the template, you need to define the default objects for this template. This workflow shows you how to import objects that already exist on devices managed by this BIG-IQ. For details about other ways to define objects, refer to Create a service template starting with a clone of an existing template or Create a service template by manually specifying objects on support.f5.com.
  4. On the left, under PROPERTIES, expand LOCAL TRAFFIC > SECURITY POLICIES > Security , and then select any object type.
    For example, you could expand LOCAL TRAFFIC, and then click Virtual Servers.
    The screen lists any objects defined for this template along with buttons you can use to import or create new objects.
  5. Click Import.
    The Import Resources screen opens. The top half of the screen displays resources selected for importing. The bottom half provides controls for selecting objects to import to this template.
  6. From the select list about half way down the screen, select one of the object types you want to import.
    Objects of the type you selected that are currently defined on this BIG-IQ display just below the Select list.
  7. Select the check box for each object that you want to import.
    The lower right part of the screen displays preview information for the selected object. If you select multiple objects, the most recently selected item is previewed.
  8. When you have selected all of the objects that you want for a particular type, click Add Selected.
    The selected objects show in the list of objects to be imported.
  9. Repeat the previous three steps for each of the default object types that you want to import to this template.
  10. When you have assembled all of the objects that you want to import to this template, click Import.
    Note: When you import an object created outside of the service template user interface into a service template, only the object name is set to be editable (and visible when someone uses this template to create a new application). For example, if a virtual server named SeattleServer is created on one of the BIG-IP devices that a BIG-IQ manages, that virtual server is imported to the BIG-IQ when you discover and import that device. You can then import SeattleServer into a service template, but only the name (SeattleServer) appears when that template is used to create an application. You can edit the visibility setting on the Edit Template screen for the imported object.
    BIG-IQ adds the imported objects to the service template. Objects that are set to be editable display when someone uses this template to create a new application.
  11. If you want to edit any of the settings for the objects you imported, click the name of the object to access the edit screen for that object.
    When you save the changes for an object, the revisions you made become part of the template, and you can use it to create a new application that deploys to your BIG-IP devices.
  12. Click Save & Close.
  13. If you are ready to use this service template to create an application, select it, and click Publish.

Create a service template by manually specifying objects

When you create a new service template, you specify a set of objects that define an application that can then be deployed to BIG-IP devices. When you define the application, you can omit or include certain objects. Parameters you define as not editable are not visible, and are included using the default values specified in the service template. This allows you to maintain a consistent environment.

  1. At the top of the screen, click Applications then, on the left, click APPLICATION TEMPLATES.
    The screen displays the list of AS3 and service catalog templates defined on this device.
    Note: AS3 templates can only deploy applications to managed devices. To deploy to an SSG, you need a service catalog template.
  2. Under Service Catalog Templates, click Create.
    The General Properties tab of the Create Service Template screen opens.
  3. Type a Name and (optional) Description for the service template you are creating, and then click Save.
    Once you define the name, you can define the default objects for this template. This workflow shows you how to manually define objects for this template. For details about other ways to create templates, refer to Create a service template starting with a clone of an existing template or Create a service template by importing existing objects on support.f5.com.
  4. If you have created any scripts that BIG-IQ should run before or after it creates this application, or after you delete this application, click PROPERTIES, and then select the ones you want.
    You can find the screen used to create scripts here: Devices > SCRIPT MANAGEMENT > Scripts .
  5. Click Save.
    BIG-IQ saves the name and your script selections. Now you can start adding the traffic management and security objects that you want to define for this application.
  6. On the left, under PROPERTIES, expand LOCAL TRAFFIC or SECURITY POLICIES and then select any object type.
    For example, you could expand LOCAL TRAFFIC, and then click Virtual Servers.
    Note: Until you configure at least one virtual server for this template, you cannot select any security policies to attach to the virtual servers in this template.
  7. Click Create.
    The screen you use to define the selected object type (for example, New Virtual Server) opens.
  8. In the Prompt field, type the text string that you want to display for this object when someone uses this template to create a new application.
  9. If you want applications created with this template to be able to include more than one copy of the object you are adding, select Enable for Allow Multiple Instances.
  10. Specify all of the default parameters that you want to define for this object.
    Before you can add an object to the template, you must specify at least the required parameters for that object type. For example, to specify a virtual server, you only need to provide a name, a destination address, and a service port, even though there are another fifty or so settings you could specify.
  11. For each parameter that you specify, determine whether you want the person who deploys an application using this template to be able to edit the default settings you are defining.
    Option Description
    If you check Editable When this template is used to create an application, this parameter will be visible and the default values configurable.
    If you do not check Editable When this template is used to create an application, this parameter will be included in the application (with the settings that you specify here), but it will not be visible in the user interface.
    Only the parameters you select appear in the user interface when someone deploys an application using this template.
  12. As you specify parameter values for this template object, you can click Preview in the upper right corner to see what the user interface will look like when someone uses this template to deploy an application.
    Note: For detailed information on the parameter settings to specify for particular use cases, refer to the documentation for that object type on support.F5.com. For example, for help understanding the parameters you specify for a client SSL profile, you would go to support.F5.com, select BIG-IQ Centralized Management, select the BIG-IQ version you are using, and then select Managing Local Traffic Profiles.
  13. When you finish specifying parameters for this object, click Save.
    BIG-IQ adds the object you defined to the list of objects in this template. When you finish adding an object to a template, you can use it to create an application.
  14. Continue this process until you have added all of the objects needed in this template.
    When you finish the edits to this new template, you can use it to create a new application that deploys to your BIG-IP devices.
  15. Click Save & Close.
  16. If you are ready to use this service template to create an application, select it, and click Publish.

Provide users access to self-serve applications in a scalable cloud

Before you assign user access to a service scaling group, there are two tasks to perform: one on the BIG-IQ and one in your VMware vCenter environment.

  • To assign access to the resources that an application manager needs so they can create and deploy applications, you must have first configured authentication (Local, LDAP, RADIUS, or TACAS+). See the F5 BIG-IQ Centralized Management: Authentication, Roles, and User Management guide. 
  • Before a user can manage BIG-IP devices in a VMware service scaling group, you must add them to a group in your VMware vCenter that includes the following roles:
    • Datastor
    • Resource
    • Virtual machine
    • vApp
    Refer to your VMware documentation for details on managing VMware vCenter groups and roles.

workflow graphic, assign permissions to end users step

After you create the templates and service scaling groups (SSG), you can provide access to these resources to application managers. You can provide different users access to different resources, according to their needs. With this access, application managers can create and monitor applications as needed, and interact with only those resources that they need to do their job. This simplifies the complexity of the objects that they have to be aware of, while allowing them the autonomy to create applications as they need them.

To provide access, you create a user, and associate the user to a custom application role with access to the resources they need to create and deploy applications into the scalable cloud.

  1. At the top of the screen, click System.
  2. On the left, click USER MANAGEMENT > Users .
  3. Near the top of the screen, click the Add button.
  4. From the Auth Provider list, select the authentication method you want to use for this user.
    Important: A user must belong to an LDAP group or have an assigned BIG-IQ role, or authentication will fail.
  5. In the User Name field, type the name of the LDAP user.
  6. In the Password and Confirm Password fields, type the password for this new user.
    You can change the password any time.
  7. On the left, click ROLE MANAGEMENT > Roles .
  8. On the left, under CUSTOM ROLES, click Application Roles.
  9. Click Add.
  10. After you specify a Name and an optional Description, select the Active Users that you want to provide access to, and move them to the Selected list.
  11. For Service Catalog Templates, select each template you want to provide access to and move it to the Selected list.
  12. To enable application deployment to managed devices using an AS3 declaration, specify the AS3 options you want to authorize for this role.
    To authorize this role to deploy applications to managed devices: Then:
    Using an AS3 declaration without using a template... Select the Allow using AS3 without Template check box.
    Using an AS3 declaration using a template... For AS3 Templates, select the templates you want and move them to the Selected list.
    You can specify either of these AS3 options, or both. If you select the check box and select AS3 templates, then this role will be able to publish applications with or without a template; but if a template is used, it can only be one of the templates you specify here.
  13. For Service Scaling Groups, select the service scaling group you created and move it to the Selected list.
  14. Click the Save & Close button.

It's a good idea to log in as this new user to confirm that the access you provided is correct. Once you verify that, you can give the user their user name and password for self-service access to application deployment.

Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.

Additional Comments (optional)