Forum Discussion

GavinW_29074's avatar
Icon for Nimbostratus rankNimbostratus
Oct 25, 2011

iApp suitable for a new deployment...

Hi there,



Background first... I work for a Managed Service Provider who are responsible for hosting and managing several different applications for various clients... We've recently acquired 4 BigIP 3900 devices to be used as 2 new Active/Passive Web Tier's to replace our existing LB/Apache cluster's at 2 sites...



We're currently running through the initial set-up, configuration and solution design and are trying to work out the easiest way of configuring the devices and delivering our applications in a consistent and manageable way...



The application deployment model see's each client having their own application URL(s), which are typically secured by self-signed SSL certificates plus client certificate verification.


Each application typically has between 1 and 6 different URL's hosted against it, which each serve a different purpose - some provide a back-office and some provide a web-service...



Currently, we have over 300 different hosted URL's over 60 different application instances...



Now I know that I could quite easily script the creation of the above using iControl to create everything from importing the SSL certificates through to creating the nodes, pools and VIP's and assign the relevant iRules to the relevant VIP's... However the on-going management of this estate is our biggest concern... What if we want to add a new iRule to all the instances of application A, or enable caching using a standard profile for all instances of application B? I haven't yet found what looks like a simple method using iControl or through the GUI...



This leads me onto iApps, and from reading the blurb they look like they could fit the bill nicely... However I had a few questions before I dive head-long into writing my own iApp...



A) Are iApp's suitable for what we're trying to achieve?



B) How will an iApp handle the above scenario of different clients with subtly different requirements? E.g. Application A is used by 20 different clients, each with their own URL subdomain, specific SSL configuration and separate application server instances...



C) Is an iApp suitable to manage the ongoing changes etc?



Thanks in advance for any assistance, and apologies if the above rambles a bit...







3 Replies

  • Brent_Blood_768's avatar
    Historic F5 Account

    Hi Gavin,




    I suspect that iApps might be a pretty good fit for your situation, but a few more details might help. When you say that you manage over 300 URLs for 60 applications - what does that end up looking like in the config? Is each app getting its own virtual server listening on an IP:port? Or perhaps you're using iRules to connect clients to appropriate pools based on HTTP data all arriving on a handful of virtuals. Sometimes it's easier to start with an example configuration that you would have created by hand and work backwards to see how an iApp could have been used to instantiate those configuration items and assist in managing them in the future.




    Here's some answers to your questions:




    A) probably - iApps are sometimes very appropriate for replacing external tooling using iControl because:


    • give you a UI "for free"
    • are naturally re-entrant and clean up after themselves
    • let you manage your applications as applications - not as virtual servers, pools, etc

    One concern I have here is whether this iApp needs to be customer-facing or if it's just for your own staff to interact with. I'd advise against v11 iApps as a customer-facing solution since it means exposing the BIG-IP GUI to them, whereas an external tool using iControl to orchestrate BIG-IPs might be cleaner/safer.




    B) there are likely several ways to put this together, but the natural way that comes to mind would be building an iApp template that creates a distinct application instance for each of the applications that your customers use. That assumes that you can make one template that could handle the different applications - if that's not realistic, then perhaps several templates each with slightly different behavior might work better. In either case, I would recommend an approach where you create an application service for each customer (or for what you call an application) rather than as one big monolithic application.




    C) iApps are quite suitable for handling ongoing changes - in fact this was one of its goals while in development: application lifecycle management. If you make changes via iControl, you have to be careful not to try modifying an object that doesn't exist, or creating an object that's already there - and also to delete things when you're done with them. iApps remove that burden. After initial deployment of an application service from a template, you're always able to jump right back into the template with everything as you configured it before and make small changes and adjustments on-the-fly.




    Feel free to post back to this thread with more info - or let your sales team know what you're thinking about and they can loop me in that way if you want a deeper dive.










  • Brent

    Thank you for the in-depth response...

    Will try and run through each of your q's in turn...

    Currently, each URL is using it's own VIP, which is using a unique IP.

    A config extract looks like:

    ltm virtual Common/ {
        description "Application A BackOffice"
        destination Common/
        ip-protocol tcp
        persist {
            Common/cookie {
                default yes
        pool Common/applicationapool
        profiles {
            Common/HTTP_Rewrite { }
            Common/analytics { }
            Common/application_a_ssl {
                context clientside
            Common/tcp { }
        rules {
        snat automap
    ltm pool Common/applicationapool {
        members {
            Common/applicationanode:webcache {
                session monitor-enabled
                state up
        monitor Common/tcp
    ltm node Common/applicaitonanode{
        session monitor-enabled
        state up

    A) This iApp would be purely for our usage... no requirement for customer access.

    B) I would foresee several templates, one for each app... Is it possible for app's to share resources? As potentially we could have one node which serves multiple app's, and I wouldn't like to duplicate where don't have to...

    I'd agree that a more modular approach would be suitable, however would query how we apply an update to multiple applications in one hit... e.g. enabling caching, or adding an iRule...

    Overall, it's looking like iApp's might be the right approach...

    And thanks again for your pointers...



  • Brent_Blood_768's avatar
    Historic F5 Account
    Hey Gavin,



    Sorry I went dark there for a few days - but getting back to this now. It sounds to me like this is a good opportunity to use iApps to simplify how you deploy and manage your customer applications. I would recommend looking at the needs of your existing applications and bucket sorting them into categories where you intend to create a template for each one. You would then complete the template once per customer application, creating a service instance for each of them letting you manage them that way from then on.



    The alternative to that would be to make one template for each type of service, but rather than using it to deploy a service per customer, you could have one iApp service with a table, each customer represented by a row in the table. You could do it that way, but I probably wouldn't.