Microsoft Active Directory Federation Services (AD FS) iApp Template
Problem this snippet solves: Use this iApp template for configuring standard load balancing, monitoring and TCP optimization for Microsoft Active Directory Federation Servers (AD FS and AD FS Proxy). If APM is provisioned, the template should support configuring pre-authentication for ADFS servers running in Windows Authentication mode. Minimum required BIG-IP version: 11.2. If you are deploying APM for authentication proxy to AD FS services, you must enable Windows Authentication in the Intranet section of the AD FS Global Authentication Policy. v1.2.0 iApps v1.2.0rc1 Added support for ADFS 4.0 Made 49443 device registration/certificate authentication objects optional via a question. Made ADFSPIP iRule automatic but only when APM set to yes. Added support for an existing APM profile to be selected from within the iApp. Added forms SSO for /adfs/ls endpoint into the iApp via a question v1.2.0rc2 Fixed an "app_health__frequency variable not found" issue when using a custom monitor Added support if a custom pool is chosen AND certificate authentication/device registration is set to yes to display an option for what pool to use for cert auth/device registration.(As the ports would be different) v1.1.0 iApps v1.1.0rc2 Added certificate auth objects(49443) and MS-ADFSPIP headers irule. Added iRule to disable APM for MS Federation Gateway endpoint(s) v1.0.0 iApps v1.0.0rc1 Initial release. v1.0.0rc2 Fixed an "iapp::template_start" error when importing the template. v1.0.0rc3 Fixed a "runtime exceeded" error caused by incorrect syntax in external SNI monitor. v1.0.0rc4 Corrected external monitor cURL command to fix issue with pool members being marked down incorrectly. v1.0.0rc5 Added support for FastL4 deployment. v1.0.0rc6 Fixed issue with broken APM Quick Start page previews. v1.0.0rc7 Changes to external monitor script: removed verbose flag; corrected output redirection. Fixed an issue with the associated cli script that could prevent users from importing iApp templates. Official release of 1.0.0 The official F5 supported version of this iApp is now on downloads.f5.com. See https://support.f5.com/kb/en-us/solutions/public/17000/000/sol17041.html for information. For the associated Deployment Guide, see http://www.f5.com/pdf/deployment-guides/microsoft-adfs-dg.pdf Code : 739962.3KViews1like10CommentsMicrosoft SharePoint 2016 iApp template
Problem this snippet solves: f5.microsoft_sharepoint_2016.v1.0.0rc1 Use this Release Candidate iApp template to configure availability, encryption, security, and remote access for Microsoft SharePoint 2016. This template will configure the BIG-IP Local Traffic Manager (LTM) module, the Access Policy Manager (APM), the Application Acceleration Manager (AAM), the Advanced Firewall Manager (AFM), as well as Application Security Manager (ASM) for SharePoint deployments. The deployment guide for SharePoint 2016 can be found at http://www.f5.com/pdf/deployment-guides/iapp-sharepoint-2016-dg.pdf How to use this snippet: Go to downloads.f5.com and download the iApp template package. From the RELEASE_CANDIDATE directory, extract (unzip) the f5.microsoft_sharepoint_2016v1.0.0rc1.tmpl file. Log on to the BIG-IP system web-based Configuration utility. On the Main tab, expand iApp, and then click Templates. Click the Import button on the right side of the screen. Click the Browse button, and then browse to the location you saved the iApp file. Click the Upload button. The iApp is now available for use. For completely instructions, see the deployment guide. Code : https://downloads.f5.com/esd/product.jsp?sw=BIG-IP&pro=iApp_Templates1.2KViews0likes7CommentsMicrosoft Office Web Apps iApp v0.1.0
Problem this snippet solves: Early Release Microsoft Office Web Apps iApp template v0.1.1 Use this template to configure the BIG-IP system, including BIG-IP LTM and APM, to provide high availability and optimization for Microsoft Office Web Apps Server 2013 deployments. This configuration is meant for organizations who have existing F5 deployments (or are in the process of deploying F5) for Microsoft Exchange Server 2013, Microsoft SharePoint 2013, or Microsoft Lync Server 2013, and want to use the BIG-IP system for the associated Office Web Apps implementation. This is an early release of this iApp template. For the associated deployment guide, see http://www.f5.com/pdf/deployment-guides/microsoft-office-web-apps-dg.pdf Code : 46489687Views0likes7CommentsMicrosoft Dynamics 2015/2016 iApp template
Problem this snippet solves: You can use this F5 contributed, release candidate iApp template to configure availability, encryption, security, proxy authentication, and remote access for Microsoft Dynamics CRM 2015 and 2016 deployments. This template will configure BIG-IP LTM, APM, AAM, and AFM for Dynamics CRM 2016/2015. Use the associated deployment guide for important prerequisites and assistance (as well as manual configuration tables): http://www.f5.com/pdf/deployment-guides/dynamics-crm-2015-2016-dg.pdf Code : 77274568Views0likes12CommentsConfiguration Builder for F5 HNV Gateway Provider Plugin (SCVMM 2012 R2)
Problem this snippet solves: This tool assists in creating the F5 HNV Gateway Provider Plugin configuration file. It also helps to perform the initial connection to BIG-IQ. It is tested with BIG-IP TMOS 11.5.3, BIG-IQ 4.5, F5 HNV Gateway Provider Plugin build 1.0.0.77 and SCVMM 2012 R2 UR4, it should work fine with any 1.0.0.x Plugin build. Code : 62665356Views0likes0CommentsMicrosoft Office 365 IdP iApp template
Problem this snippet solves: Use this template to configure the BIG-IP APM to act as a SAML Identity Provider for Microsoft Office 365. This template configures the BIG-IP APM as an IdP for Office 365 to perform Single Sign-On between the local Active Directory user accounts and Office 365-based resources such as Microsoft Outlook Web App and Microsoft SharePoint. Note you must have the APM module fully licensed and provisioned, and must have the LTM module provisioned, even if it is not licensed. For instructions on using the iApp see http://www.f5.com/pdf/deployment-guides/microsoft-office-365-idp-dg.pdf Code : https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15656.html Tested this on version: 11.6333Views0likes0CommentsLocal User account creation with powershell and iControl
Problem this snippet solves: This script will allow you to either interactively or by supplying command line arguments (it can also be modified to work with automation products) create local user accounts on a BIG-IP device How to use this snippet: make sure you have the powershell commandlets installed and registered. Code : ##################################################################################################################### # F5 user creation script# # Take a device, login crendetials, requested username, actual name, email address and partition# # then creates a user and emails them the details# # last updated: 27/01/15 by Lee Payne# # v1.0# ##################################################################################################################### ######################################################### # Performs the base initialisation to the BIG-IP device # ######################################################### function Do-Initialize() { #Checks if the snapin has been loaded and if not loads it if ( (Get-PSSnapin | Where-Object { $_.Name -eq "iControlSnapIn"}) -eq $null ) { Add-PSSnapIn iControlSnapIn } #Tries to log into the device with the supplied credentials $success = Initialize-F5.iControl -HostName $bigip -Username $uid -Password $pwd; #If an objects isnt returned representing the device it will log an error to the application event log if ( $success -eq $null ) { Write-EventLog -Logname Application -Source CSHARE-F5 -EntryType Error -EventId 1 -Message "Failed to bind to F5 device: $bigip" } #If it did work it returns the objects representing the device return $success; } #checks if enough command line arguments have been supplied and if not prompts for the information if ($args.Length -lt 4){ #Reads in the device you want to check $bigip = Read-Host 'What device do you want to connect to?' #reads in your username $uid = Read-Host 'What is your username?' #reads in your password (doesnt display it on the command line) $pwd = Read-host 'What is your password?' -AsSecureString #Take the secure password and turn it into plain text to send to the F5 device $pwd = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($pwd)) } else{ #Reads in the device you want to check $bigip = $args[0] #reads in your username $uid = $args[1] #reads in your password $pwd = $args[2] } #sets the variables for user creation [String]$username [String]$name [String]$partition [String]$email $error = 0 #initalize the device and switch to the correct partition do-initialize $bigip $uid $pass $(Get-F5.icontrol).ManagementPartition.set_active_partition("users") #Create the objects required for the user $userrole = new-object -typename iControl.ManagementUserManagementUserPermission $userpassword = new-object -typename iControl.ManagementUserManagementPasswordInfo $userinfo = New-Object -TypeName iControl.ManagementUserManagementUserInfo3[] 1 $userinfo[0] = new-object -typename iControl.ManagementUserManagementUserInfo3; #Set the users role as operator and their partition as the one previously selected $userrole.role = 1 $userrole.partition = $partition #Set their user name as their domain login name "_" then the partition they need access to, this should be unique and the script will return an error if it's not unique $user = new-object -typename iControl.ManagementUserManagementUserID $user.name = $username +"_"+$partition $user.full_name = $name #set the password as unencrypted (it gets stored on the device encrypted) $userpassword.is_encrypted = 0 #Generate a 12 character random password $randomObj = New-Object System.Random $NewPassword="" 1..12 | ForEach { $NewPassword = $NewPassword + [char]$randomObj.next(33,126) } #set the random password as he account password $userpassword.password = $NewPassword #Set the array useringo with the details from above. $userinfo[0].user = $user $userinfo[0].password = $userpassword $userinfo[0].login_shell = "" $userinfo[0].permissions = $userrole $user = $user.name.tostring() #try to create the user, if this fails then the account already exists try{ $(Get-F5.icontrol).managementusermanagement.create_user_3($userinfo) write-host $user write-host $NewPassword} #If an error occurs set the variable catch [System.Exception] { $error = 1 } #write out the values write-host $user write-host $NewPassword return $error Tested this on version: 11.5320Views0likes0CommentsMicrosoft Remote Desktop Session Host servers iApp template
Problem this snippet solves: f5.microsoft_session_host.v1.0.2 This is the fully supported version of the iApp template, now on downloads.f5.com. It contains the fix described in the release candidate below. For the associated deployment guide, see http://www.f5.com/pdf/deployment-guides/microsoft-rds-session-host-dg.pdf See the Early release page: Previous version You can use this F5-supported iApp template to help you configure the BIG-IP Local Traffic Manager (LTM) to direct traffic and maintain persistence to Microsoft Remote Desktop Services Session Host servers. You can also use the iApp template for configuring the BIG-IP Advanced Firewall Manager (AFM) to provide a sophisticated layer of security for your Remote Desktop Session Host deployment. Remote Desktop Services enables users to remotely access full Windows desktops, or individual Windows-based applications, on Remote Desktop Session Host computers. In an environment that uses a BIG-IP LTM system, a farm of Remote Desktop Session Host servers has incoming connections distributed in a balanced manner across the members of the farm. For instructions on downloading and installing the template, see SOL16335. For the associated deployment guide, see http://www.f5.com/pdf/deployment-guides/microsoft-rds-session-host-dg.pdf Code : https://support.f5.com/kb/en-us/solutions/public/16000/300/sol16335.html288Views0likes0CommentsMicrosoft Remote Desktop Gateway servers iApp
Problem this snippet solves: You can use this F5 supported iApp template for directing traffic and maintaining persistence to Microsoft Remote Desktop Gateway Services. The iApp template enables you to configure the BIG-IP APM to act as a secure HTTP proxy for RDP connections, as well as BIG-IP AFM to provide a sophisticated layer of security for your Remote Desktop Gateway Server deployment. BIG-IP APM can securely proxy RDP connections if using 11.6.0 or later. For instructions on downloading and installing the iApp, see SOL16340. For the associated deployment guide, see http://www.f5.com/pdf/deployment-guides/microsoft-remote-desktop-gateway-dg.pdf. Code : https://support.f5.com/kb/en-us/solutions/public/16000/300/sol16340.html240Views0likes0Comments