Self-Servicing F5 BIG-IP Provisioning Using AS3 and AppViewX

by George Samual Paul on August 17, 2020

What is AS3, and why did F5 develop it?

Traditionally, any operation on F5 BIG-IP devices is done through their APIs, which, in F5 speak, is iControl. As easy and familiar as it is, iControl is an imperative approach to automation. Recent developments in the DevOps side call for a network automation approach that’s aligned with the principles of CI/CD and Agile – a space where imperative API commands lose their relevance.

To level up BIG-IP with DevOps, F5 released Application Services 3 Extension (AS3 Extension, or simply AS3) a lightweight, flexible mechanism to manage application-specific configurations on a BIG-IP system. AS3 uses a declarative model, meaning you provide a JSON declaration rather than a set of imperative commands. The JSON declaration file is sent to BIG-IP using a single REST API call. The declaration represents the configuration which AS3 is responsible for creating on a BIG-IP system.

The benefits of AS3 are self-explanatory – being a declarative model, it allows for the continuous configuration deployment and automation, removing the need for manual intervention in every step. With AS3, NetOps teams can accelerate application deployment and ably support DevOps.

What role does AppViewX play in AS3?

If you’re an AppViewX user or looking to try AppViewX, you might ask yourself “, AS3 seems to do pretty much what AppViewX does in BIG-IP automation and orchestration. Why do I need AppViewX at all?”

Sponsorships Available

To answer this question, let’s first look at some caveats associated with AS3:

The AS3 JSON file requires detailed inputs of network parameters to get started, which makes it hard for application teams to use it.
The JSON schema might prove to be too technical to users who aren’t familiar with the format.
AS3 provides full administrative privileges to all users irrespective of their role or function and can cause security issues to crop up.
When using AS3, BIG-IP ceases to be the Source of Truth; AS3 declaration becomes the SoT. With a growing number of changes, this may lead to version control issues.

AppViewX helps users circumvent the above problems with AS3 and enables them to use it more effectively. The Visual Workflow provides a GUI through which the JSON files can be pulled, and also makes it easier to configure the declaration by further abstracting it. Application owners can thus execute declarations by entering just bare minimal inputs through GUI forms. Network engineers and administrators can use the platform’s REST API for programmatic access.

AppViewX provides context-aware, event-driven monitoring and orchestration of BIG-IP across on-premise, hybrid and multi-cloud environments, from pushing configuration changes to automating the entire service delivery lifecycle. It integrates with an array of network vendors and SCM, ITSM, and DDI tools, and acts as a “Master Orchestrator” for NetOps and DevOps processes.

Self-Service Catalog

One other key advantage of using AppViewX for AS3 is the ability to broker access privileges using the RBAC-enabled Service Catalog. You can create customized portals for each of your organizational roles and expose only those declarations that are relevant to the user and the task they need to accomplish. For example, you can grant your application owners access to declarations that enable the creation of a new virtual IP on the LTM, your security engineers access to declarations to provision certificates and perform compliance checks, and so on. You can also granularly restrict the permissions, such as providing read-only access for approvals.

Compliance and SSoT (Single Source of Truth)

AppViewX acts as the Single Source of Truth for AS3 declarations by backing up every configuration change that’s pushed through the JSON schema and providing version control. This way, it also allows you to push the same configuration change to multiple devices hosted in different data centers and environments at one go. It also provides complete visibility into the state, status, health, and performance of the application and device before executing a change, making the entire process context-aware. Furthermore, AppViewX enables you to test each change before and after you push it into the device in a continuous manner (continuous configuration automation), allowing you to embrace DevOps practices such as CI/CD and Agile in network infrastructure management.

The post Self-Servicing F5 BIG-IP Provisioning Using AS3 and AppViewX appeared first on AppViewX.