Automatically Update your BIG-IP Pool Using the Service Discovery iApp

Let’s look at how to automatically add members to your BIG-IP pool by using the Service Discovery iApp. Whenever you deploy a BIG-IP Virtual Edition by using one of the templates on the F5 Github site, this iApp is installed on the BIG-IP.

The idea behind this iApp is you assign a tag to a virtual machine in the cloud and then BIG-IP automatically discovers it and adds it to the pool. By tagging instances in AWS and Azure, and configuring the iApp, the pool is updated based on an interval you specify. This is especially helpful if you auto-scale your application servers because they are then automatically added and removed.

Today, we’ll look how to do this in Azure but you can also do this in AWS.

First, we’re going to add a tag to the application sever in Azure. You can assign the tag to either the virtual machine or to the NIC. For auto-scaling you’d tag the scale set. This can we’ll simply add it to the virtual machine.

When you click through the virtual machine, on the left you’ll get the ‘Tags’ option.

This entry can be any name/value pair you want and for this we’ll use ‘mytag’ and ‘addme.’

And we’ll click Save.

 For this exercise, we have two application servers in the resource group and already added the tags for that one. So at this point, we’re ready to get into the BIG-IP and configure the iApp.

Once in, go to Application Services>Applications>Create.

Next, we give it a name and choose f5_service_discovery from the list.

Scroll down the same page and fill out the open fields. Under Cloud Provider, we select Azure. Depending on your provider, there are additional questions. Add the Azure resource group and the Subscription ID. The next 3 fields (for the Azure selection) are security related: Tenant ID, Client ID and Service Principal Secret. Rather than using your own credentials to create and modify resources in Azure, you can create an Azure Active Directory application and assign permissions to that. Details are included on the Github ReadMe or the Azure documentation about service Principal.

Under the Pool area, is where you enter the name/value pair that we used for the tags in Azure. We leave the rest default. In this instance, you may notice the update interval at 60 seconds. By default, 60 seconds is the interval that BIG-IP will query Azure to see if there is a resource with the tags you specified. Under Application Health, select ‘http’ as the health monitor. Click Finished.

When complete, we can see we got a pool with two active members in it.

If you take the tags off one of the instances, it’ll leave the pool. Of note however, there must be two members in the pool before you remove tags from an instance. If you remove the tags from all the application servers, the pool will not be updated. BIG-IP must see at least one set of tags to update the pool because it doesn’t want to leave you with an empty pool.

Here’s the before and after of removing a tag.

One final note. This example configuration has the BIG-IP in one resource group and the application servers in another resource group but they are all on the same Vnet. If you have separate networks in Azure, you’ll need to create a peering so they can communicate. Similarly, in AWS, you need to make sure the networking is set up so the BIG-IP can see the application servers. But, once the initial set up is working, there’s no manual intervention required.

You can use the Service Discovery method to add and remove application servers all day long without having to manually update the BIG-IP. Again, and as always, thanks to our Technical Communications team for the great material and watch the video demo here.

ps

Related:

• Onboarding F5 in Cloud Part 2 - Service Discovery
• Deploy the Service Discovery iApp on a BigIP Cluster across two Availability Zones

Lightboard Lessons: Attack Mitigation with F5 Silverline

In this Lightboard Lesson, I describe how F5 Silverline Cloud-based Platform can help mitigate DDoS and other application attacks both on-prem and in the cloud with the Hybrid Signaling iApp. Learn how both on-premises and the cloud can work together to create a composite defense against attacks.



ps

Your Applications Deserve iApps

F5 iApps are user-customizable frameworks for deploying applications that enables you to ‘templatize’ sets of functionality on your F5 gear. You can automate the process of adding virtual servers or build a custom iApp to manage your iRules inventory.

Application ready templates were introduced in BIG-IP v10 and the goal was to provide a wizard for the often deployed applications like Exchange, SharePoint, Citrix, Oracle, VMware and so forth. This allowed the abstraction some of the configuration details and reduced the human error when following the pages of the thick deployment guides for those applications. Application templates were great but there was no way to customize the template either during the deployment or adjust it after.

Then came iApps^®.

Introduced in TMOS v11, iApps is the current BIG-IP system framework for deploying services-based, template-driven configurations on BIG-IP systems. iApps bundles all of the configuration options for a particular application together.

Roughly a third of F5 customers use iApps and they are especially popular for more complex configurations, like Microsoft Exchange, for example, which requires up to 1200 mouse clicks to configure manually and only 50 mouse clicks to configure with the iApp. iApps are also often used to roll out similar configurations to multiple BIG-IP's. Some customers run hundreds of iApps, some run none--the choice is yours.

Here is one example of iApp customization and its evolution. When we released SAML support in v11.3, many customers wanted to use BIG-IP APM as a SAML Identity Provider (IdP) for Office365 but there are a few steps to configure that in BIG-IP. Configure Active Directory, then SAML, then the access policy and so forth. One of our very smart Security Architects, Michael Koyfman, wanted to make that task simple, repeatable and accurate.

He decided to write an O365 iApp and posted it to DevCentral where there was immediate interest from the community. From that, Product Development engineers rewrote it to follow their libraries and best practices and then moved to the supported status.  You can now use this F5 supported iApp template to configure the BIG-IP system as a SAML IdP to Microsoft Office 365 applications, such as Exchange and SharePoint. This template configures the BIG-IP APM system as an IdP for Office 365 to perform single sign-on (SSO) between the local Active Directory user accounts and Office 365-based resources such as Microsoft Outlook Web App and Microsoft SharePoint.

But we didn’t stop there.

Since it is the same framework and easily extensible to add more services to an iApp, they took it a step further. With the O365 iApp as the basis, the team then built a SaaS Federation iApp which allows you to configure BIG-IP APM as SAML IdP to 11 commonly used SaaS applications including Salesforce, Concur, WebEx, O365 and others. Now, with a single iApp, you can federate your employees to many SaaS applications easily, efficiently and securely. This iApp also went through a beta period on DevCentral and was recently released as a F5 supported iApp.

UI configurations for the SaaS iApp

Summary of configurations for the SaaS iApp

So if you need quick and easy way to deploy your applications, look no further than F5 iApps. You can use the F5 built iApps, you can customize F5 built iApps or you can build your own iApps. Your applications, infrastructure and business will thank you.

ps

F5 DevCentral Solves Your BIG-IP Questions

In this lively chat at #F5Agility15, DevCentral members Joe Pruitt and Tony Hynes share a little history of how it has grown from a single server in 2003 to over 200,000 members today; how iRules, iControl, iCall and iControl interact with BIG-IP’s programmability features and how the community helps solve, share and answer some of the challenges of today’s hybrid environments. They also highlight the MVP program and some of the new personal customization coming soon.

ps

Related:

• F5Agility15 - The Preview Video
• Welcome to F5 Agility 2015
• Innovate, Expand, Deliver with F5 CEO Manny Rivelo
• Get F5 Certified at F5 Agility 2015
• Software Defined Data Center Made Easy with F5 and VMware
• F5 Agility 2015

Technorati Tags: f5,agility,f5agility15,devcentral,programmibility,irules,automation,silva,video,conference

Connect with Peter:	Connect with F5:

SharePoint Conference 2012: Configuring SharePoint on BIG-IP

I meet with Greg Coward, F5 Solution Engineer, to show us a demo of how easy it is to deploy #SharePoint on BIG-IP with the F5 iApp. #spc12

 

ps

Resources:

• SharePoint Conference 2012: Find F5
• SharePoint Conference 2012: Gimme 90 Seconds with James Hendergart
• Solutions for Microsoft SharePoint Server
• Securing Exchange and SharePoint
• In 5 Minutes or Less Series (22 videos – over 2 hours of In 5 Fun)
• F5 YouTube Channel

Technorati Tags: F5,big-ip,security,management,infrastructure,sharepoint,cloud,waf,tmg, analytics,psilva,video

 

Connect with Peter:	Connect with F5:

Oracle OpenWorld 2012: BIG-IP Solutions for Oracle Enterprise Manager

I hang with one of my most frequent and favorite guests, F5 Business Development Solution Architect, Chris Akker. Akker takes us through how to deploy Oracle Enterprise Manager 12c on a BIG-IP using an F5 iApp along with explaining how BIG-IP GTM can help Oracle Deployments with resiliency.

 

ps

Related:

• Oracle OpenWorld 2012: Find F5
• Oracle OpenWorld 2012: Gimmie 90 Seconds
• F5 YouTube Channel

Technorati Tags: F5, oracle openworld, integration, Pete Silva, security, business, education, technology, application delivery,cloud,oracle, oow2012

Connect with Peter:	Connect with F5:

MEC 2012 – Configuring Exchange on BIG-IP

I get Sr. Product Management Engineer Dayne Miller to show just how easy and quick it is to configure and deploy Exchange on a BIG-IP with an F5's iApp. A live demo with a little variation on the In 5 Minutes or Less series.

ps

Related:

• MEC 2012–Find F5
• MEC 2012–F5 and Microsoft
• MEC 2012 - Exchange Migration Service
• MEC 2012 - Gimme 90 Seconds
• MEC 2012 - F5 Security Solutions for TMG EoL
• MEC 2012–F5 Network Virtualization Solution
• MEC 2012
• Solutions for Microsoft applications
• F5 To Deliver Microsoft Network Virtualization Gateway
• F5 Collaborating with Microsoft on Network Virtualization Gateway
• Microsoft Virtualization | Build It | F5 Networks
• F5 YouTube Channel

Technorati Tags: F5, mec2012, exchange, Pete Silva, security, business, education, technology, application delivery,cloud,virtualization, microsoft

Connect with Peter:	Connect with F5:

MEC 2012--F5 and Microsoft

I catch up with Jeff Bellamy, F5 Director of Business Development, to talk about the F5 – Microsoft relationship, where Exchange ranks with all the different applications BIG-IP helps deliver and just how easy it is to deploy Exchange with F5's iApps.

MEC 2012--F5 and Microsoft

ps

Related:

• MEC 2012–Find F5
• MEC 2012–F5 and Microsoft
• MEC 2012 - Exchange Migration Service
• MEC 2012 - Gimme 90 Seconds
• MEC 2012
• Solutions for Microsoft applications
• F5 YouTube Channel

Technorati Tags: F5, mec2012, exchange, Pete Silva, security, business, education, technology, application delivery, cloud,virtualization, microsoft

Connect with Peter:	Connect with F5: