Settle in, this is detailed.
F5 Application Connector is made up of two components: The Proxy and the Service Center. Step One is to set up the Service Center on BIG-IP.
A brief overview of the Service Center steps:
- Download Service Center template (rpm) file
- Provision iRules LX
- Enable iApps LX
- Install and deploy the Service Center
First, let’s go to the F5.Downloads.com and grab the template that we’ll use to deploy the Service Center. It’s an RPM file.
Now we’re going to log into the BIG-IP and under System Resource Provisioning>Provision, set iRules LX to at least nominal.
Now we’re going to connect to the BIG-IP using SSH – in this example we’re using putty – and you’re going to run this command to enable iApps LX.
Now back to the config utility, we’re going to click iApps>Package Management LX and if you don’t see this menu you’re going to need to restart the BIG-IP and then you’ll see it. Now import the RPM file that you downloaded and then upload it.
When it’s done you go to Application Services>Applications LX. Now we’re going to select the Application Connector Template…
…and here is the Service Center.
We’re going to scroll to the bottom and add an application name and then save it.
Now we’re going to select the application and click Deploy. The ball next to the name should turn green.
Now on to Step 2 – Setting up the Proxy.
You can do this on a small Linux instance that’s running in the cloud in the same virtual network as your application servers.
Here are the steps for The Proxy:
- Download and deploy the Docker container file
- Create virtual server for Proxy traffic
- Add virtual server in the Service Center
- Add virtual server in the Proxy
- Authorize the Proxy in the Service Center
Start by downloading the Docker container from downloads.f5.com. It’s the one with the .tgz file extension and copy this tgz file to your proxy instance.
We’re running Windows and using WinSCP so we’ll just copy it from our local machine over to the proxy instance.
Now back on the proxy instance on the Linux instance, we’re going to load the file and run a command to deploy the Docker container. If you look at the command a little more closely you’ll see that we need to tell it apart, which in this case we’re using port 8090 and we’ll give it a username and password.
Again, in the setup guide you’ll find all the details on all the parameters that you can use in this command.
Now we can see that the deployment was successful and it’s running.
We go back to the BIG-IP and create a Virtual Server so that BIG-IP can accept incoming traffic from the proxy. This has to be on port 443 and for testing we’re going to use the default client SSL profile.
In the Service Center, we’re going to add the Virtual Server like you’re going to select it. Click Config Proxy Virtual Server and then pick the virtual server and Save.
If we go back and look at the Virtual Server, you can see that has an iRule associated with it. That’s how you know it was successful.
Now we’ll going to log into the Proxy with the port we specified and if your Proxy is in the cloud, it is make sure that you have the security rules so that this port is open. Again, in this case we used port 8090. We login with the username and password that we gave it and then in the Service Center connections area we’re going to add the Proxy virtual servers’ public IP address.
One last step is going to go back into the Service Center to authorize the Proxy and now you can see the Proxy in here.
Now on to the Final Step of adding your Cloud Nodes.
Here are the steps for The Cloud Nodes:
- Create pool and virtual server for application traffic
- Add the virtual server in the Service Center
- Create AWS IAM role
- Add node to the pool
On the BIG-IP, we’re going to create a pool and select one of these application connector monitors.
For now, the pool is empty and we create a virtual server for the application traffic, pointing to that pool.
Now we go into the Service Center and we tell it. ‘hey this is my virtual server for application traffic.’
To automatically add notes to the Proxy – in the AWS example – we’re going to create an IAM role.
and then associate it with the Proxy instance.
Then we’re going to need to restart the Proxy and now we can go into the Proxy and see that I was authenticated by AWS.
And there are the nodes! The list is showing both the Proxy instance and the application servers but they’re all automatically published at BIG-IP.
If we go back to BIG-IP, we can see the nodes in the Service Center.
Then we can go to the pool and we can choose them from a list. They’re displayed here but it’s important to know that these nodes are not exposed to the Internet and it’s as if the nodes are local to the BIG-IP for more details see
Congrats! You’ve configured and deployed F5’s Application Connector. You can watch the step through video here.
*** This is a Security Bloggers Network syndicated blog from psilva's prophecies authored by psilva. Read the original post at: https://psilvas.wordpress.com/2018/02/20/how-to-set-up-f5-application-connector/