Forum Discussion

Stefan_Engel's avatar
Stefan_Engel
Icon for Cirrus rankCirrus
Sep 21, 2018

Give Application owners access to certain VIPs / Nodes

Hi Guys,

 

We are getting requests from our application owners to have access to their app specific VIPs and nodes. They want to:

 

  • Take nodes IN/OUT of a deployment (upgrades, etc)
  • Monitor their app specific VIPs/nodes
  • Maybe adjust LB mechanism

Currently (in our environment) the LTM/GTM are fully managed by the Network team. I know that one possible way is to create partitions.

 

Question: Are there any better way to achieve the same? F.e. iControl..per app ADC..or others?

 

Really the main goal is that app owners can manage their nodes, without the need of every time contacting the Network team. The simpler the better.

 

Thanks & appreciate your feedback. Stefan

 

BIG-IP
devops
iControl
Super-NetOps
  • youssef1's avatar
    youssef1
    Icon for Cumulonimbus rankCumulonimbus
    Sep 21, 2018

    Hi,

     

    as far as I'm concerned I use the Partition, it's very easy to manage it. you do not think, you affect the Partition to the right team. To sum up can give administrative ownership of a specific application and all corresponding BIG-IP system objects to the business units that manage that application.

     

    So you just need to create a Magager Role in wanted partition (user can perform all tasks related to objects within a partition, except for tasks related to user accounts)...

     

    I heard about "Role-based Access Control" in ASM only using BIG-IP, which allows you to manage asm objects granularly. but I do not know more...

     

    regards