Automate BIG-IP VE Deployments with F5’s Next Generation Cloud Solution Templates

Automate BIG-IP VE

Deployments with F5’s

Next Generation Cloud

Solution Templates

At the click of a button, automatically onboard and configure BIG-IP VEs while

building out all the necessary cloud networking and infrastructure resources

required for your application.

SOLUTION OVERVIEW

Automate BIG-IP VE Deployments with F5’s Next Generation Cloud Solution Templates

The Challenge: Growing Need for Automation

It’s no secret that cloud adoption continues to grow at an unprecedented rate as digital

transformation accelerates within practically every industry. More and more applications

are being migrated to the cloud while companies are simultaneously building innovative

new apps designed to give them a competitive edge. Regardless of whether the cloud

apps in question are migrated or net-new, they must all be kept secure, performant, and

available, which means attaching a number of advanced application services during the

cloud deployment process. From load balancing and SSL ooad to web application security

and access management, the process of spinning up and conﬁguring these services is

often complex and time consuming in today’s multi-cloud world. This is only augmented

by individual cloud providers oering disparate toolsets, applications having highly unique

security and compliance requirements, and individual teams wielding dierent technical

skillsets. When you add in the constant executive pressure to bolster security and optimize

user experience while also lowering deployment times, you end up landing close to the

perfect storm.

The Solution: F5’s Second Generation Cloud

Solution Templates (CST2)

As with any new environment, selecting the most appropriate architecture, tooling, and

operational requirements can be daunting. While F5 recommends standardizing on popular

IaaS tools like Terraform, Ansible, Pulumi, etc., which have their own learning curves and

some additional pre-requisites, F5’s Cloud Solution Templates provide an alternative, tool-

less deployment option for evaluating BIG-IP Virtual Edition instances and architectures.

With minimal requirements and the click of button, users can deploy fully onboarded BIG-IPs

conﬁgured with application services and complete with all the necessary cloud networking

and infrastructure resources required for an application. By leveraging cloud native resource

management services provided by cloud platforms, these Infrastructure-as-Code (IaC)

templates enable the instantiation of BIG-IP VEs across various topologies in a matter of

minutes. More speciﬁcally, these templates are:

• AWS CloudFormation —Templates for Amazon AWS

• Azure Resource Manager—Templates for Microsoft Azure

• Google Deployment Manager—Templates for Google Cloud

Info for users of F5’s 1st generation Cloud Solution Templates: CST2 is the 2nd generation of F5’s Cloud Solution

Templates and will replace the ﬁrst-generation templates in due course. In addition to adopting a new modular/

nested architecture, CST2 also boasts a new run-time component for conﬁguring BIG-IP that can be deployed

by any orchestration tool (such as Ansible or Terraform) to provide an automated, touch-free way of installing and

deploying the F5 Automation Toolchain at BIG-IP run time. The new veriﬁed CST2 templates will also enable greater

customization and make it easier to ﬁnd and test-drive full-stack BIG-IP VE deployments.

KEY BENEFITS

Reduced deployment time

Deploy complex solutions in

minutes with F5® Cloud Solution

Templates.

Multi-cloud template parity

Templates for all cloud platforms

improves ﬂexibility and portability.

Automation/orchestration

of application services

Pair with third-party automation

tools for autonomous application

service conﬁguration.

Self-service for developers/

app team

Empower developers to deploy

at their own pace without security

risks.

Deployment conﬁdence

Cloud Solution Templates are

tested extensively to reduce the

risk of human error.

Free and open source

Templates are free to use and can

be modiﬁed to suit your needs.

Automate BIG-IP VE Deployments with F5’s Next Generation Cloud Solution Templates

How Do They Work?

Simply put, Cloud Solution Templates are declarations of the various cloud resources needed

to make up an application stack. At the highest level there are two types of CST2 templates—

Parent templates and Child templates—both of which are required for a successful

deployment. In the same way that an Ansible playbook calls on various plays to execute

an operation, Parent templates call on various Child templates to execute dierent aspects

of a deployment. Parent templates are responsible for detailing the general deployment

architecture that is desired, while Child templates provide the various resources required,

including the cloud networking and infrastructure, ingress routing, IAM, security rules and

BIG-IP conﬁgurations. Combined, the Parent template launches Child templates to create

a full-stack and fully operational cloud environment. Below you will ﬁnd summaries of the

dierent Parent and Child templates available:

PARENT TEMPLATES: DEFINE YOUR PREFERRED BIG-IP VE

ARCHITECTURE

The following BIG-IP VE topologies are available:

• Quickstart—The Parent template deploys a standalone BIG-IP VE instance with LTM

and WAF enabled and provisioned via F5’s Automation Tool Chain. This solution

provides a quick login to a fully conﬁgured BIG-IP capable of passing trac and

intended for ﬁrst-time users or those who want to test-drive or explore a working

BIG-IP deployment.

• Failover (Coming soon)—The Failover Parent template deploys two or more BIG-IP VE

instances in a traditional Active/Standby HA conﬁguration, whereby, in the event of an

instance failover, trac will be redirected to the standby BIG-IP VE by remapping IP

addresses and other routing information. This solution is intended for test-driving the

most common deployment topology for BIG-IP VE’s in production environment, as it

provides increased redundancy and application uptime.

Parent

Template

Deployment

Child Templates

(Inputs Template

Parameter)

Administrator

Figure 1: Conceptual Cloud Solution

Template flow.

Automate BIG-IP VE Deployments with F5’s Next Generation Cloud Solution Templates

• Autoscaling—The Autoscaling template leverages cloud native scaling services (AWS

Auto Scaling Groups, Azure Scales Sets, etc.) to automatically provision or retract BIG-IP

VE instances as usage ﬂuctuates based on pre-deﬁned trac thresholds. This architecture

is often used with highly dynamic environments where application usage can vary

greatly during dierent time periods. Unlike previous solutions, CST2 leverages the more

traditional autoscale conﬁguration management pattern where each instance is created

with an identical conﬁguration and managed exclusively via the Autoscaler’s model.

Scaling is also no longer restricted to the smaller limitations of BIG-IP's clustering (DSC).

QUICKSTART FAILOVER AUTOSCALING

AWS Coming soon

Azure Coming soon

Google Cloud Coming soon

In addition to outlining the BIG-IP VE architecture, Parent Templates also deﬁne the preferred

licensing model for those VEs. Depending on your consumption model, the BIG-IP VEs

deployed by these Parent Templates can be licensed in one of three ways:

• BYOL—Input your Bring-Your-Own-License (BYOL) license keys manually.

• PAYG —Use Pay-As-You-Go (PAYG) instances, which are self-licensing.

• BIG-IQ—Leverage BIG-IQ to automatically license instances with your BYOL

registration keys.

CHILD TEMPLATES: DEFINE ALL OTHER ASPECTS OF

YOUR DEPLOYMENT

The following Child Templates can be linked within the chosen Parent Template to specify

other deployment requirements:

• Network Template—The Network Template is responsible for creating the cloud

environment in which your deployment will be housed, including both the virtual

network and any subnets required.

• Application Template—The Application Template is used to deploy an example

application used for demonstrating live trac. The template takes a container name as

input and deploys on a single instance or autoscale group depending on the solution.

• Access Template—The Access Template creates identity and access related resources

(for example, Azure Managed Identities, AWS IAM roles, GCP’s service accounts)

required for advanced solutions. This template enables easy secrets management

(using Azure Key Vault, AWS KMS, GCP Secret Manager, or similar) as well as

implementation of any special permissions needed for solutions like failover, service

discovery, telemetry, and others.

Figure 2: Availability of Parent

Templates for each major cloud

environment.

Automate BIG-IP VE Deployments with F5’s Next Generation Cloud Solution Templates

• Dag/Ingress Template—The Dag/Ingress Template creates any additional cloud

resources that may be needed to route trac to the BIG-IP VE. This could include

Public IPs, cloud-native load balancers and security groups.

• BIG-IP Template—These BIG-IP templates are responsible for deploying the BIG-IP

VE instance(s) in the desired topology within your cloud environment. It also leverages

a deployment tool called BIG-IP Runtime Init which uses a number of inputs including

Automation Toolchain declarations and application secrets to boot and automatically

conﬁgure the BIG-IP VE instance(s).

EXAMPLE DEPLOYMENT: BRINGING IT ALL TOGETHER

Consider a scenario where a company is migrating their apps to Microsoft Azure to improve

scalability. To achieve this, the operations teams and cloud architects have outlined an agreed

upon architecture which consists of a virtual network containing two subnets (one external and

one internal):

• The external subnet contains an Azure Load Balancer with a public IP address. This,

in turn, is distributing trac to autoscaling BIG-IP VEs that are fully conﬁgured and

operational within a VM Scale Set and pass trac to the applications.

• The internal subnet houses these applications

They also wish to use Azure AD for Managed Identity to seamlessly deliver the BIG-IP

password as a secret to the BIG-IP VEs once spun up. After choosing the appropriate

Parent template (Autoscaling), the diagram below highlights which of the subsequent Child

Templates would execute each component of the desired deployment using parameters

provided by the template admin.

AZURE

VIRTUAL NETWORK

EXTERNAL SUBNET INTERNAL SUBNET

Public IP: 10.0.0.0

Users

Azure Load

Balancer

VM Scale Set

BIG-IP

Network Template

Ingress Template

BIG-IP Template

Application Template

Access Template

Azure AD Management Identity • Azure Key Vault • BIG-IP Password (secret)

Figure 3: Arcitectural view of an

example Autoscaling Template

deployment.

Automate BIG-IP VE Deployments with F5’s Next Generation Cloud Solution Templates

Cloud architects would take days to build this relatively complex set-up from the ground up,

but by leveraging these templates the solution could be implemented, operational, and test-

driven in less than 20 minutes.

Benefits of Cloud Solution Templates

• Reduced deployment time—Agility in the cloud is crucial to enhancing business

performance. Complex cloud solutions that could take days or weeks to conﬁgure

manually can be deployed in minutes using these templates. Even experienced cloud

architects can use these templates to reduce solution implementation time by up to 80%,

enabling precious working hours to be re-allocated to more pressing business matters.

• Automation/orchestration of application services—As cloud architectures evolve and

become more multifaceted, there is increased need for orchestration and automation

to support faster, more reliable operations. When integrated with 3rd party automation

tools such as Terraform and Ansible, F5’s Cloud Solution Templates can be leveraged

to enable fully orchestrated, end-to-end workﬂows, allowing F5 services to be

autonomously spun-up and conﬁgured without the need for human interjection.

• Deployment conﬁdence—F5’s Cloud Solution Templates provide tested/validated

examples to help test-drive BIP-IP in common deployments. They can serve as a

valuable working baseline from which you can customize to meet your organizations

particular needs.

• Multi-cloud template parity—Intense competition between cloud vendors is triggering

price wars and fast-paced evolution of cloud native services. For this reason, many

businesses are reluctant to commit entirely to one cloud platform, giving them

ﬂexibility to pursue a better deal or new innovative service. F5 oers near-identical

Cloud Solution Templates for each major cloud provider, allowing for fast, automated

replication of deployments across cloud platforms.

• Self-service for developers/app teams—Operations teams are sometimes viewed as

the bottleneck in the deployment process by developers as they wait for necessary

application services to be built and conﬁgured. F5’s Cloud Solution Templates allow

operations teams to enable developers to deploy their own application services by

ﬁlling out the appropriate template. This empowers developers to deploy at their

own pace while staying within the security and compliance guidelines outlined by

operations teams.

• Free and open source—All of the templates F5 provides are completely free and

available to everybody. These templates are also open source, so users can modify

them as needed to meet their individual requirements.

Any other products, services, or company names referenced herein may be trademarks of their respective owners with no endorsement or aliation, expressed or implied, claimed by F5, Inc.

DC1021 | OV-CLOUD-762427265

Conclusion

The process of manually deploying and conﬁguring application services can be daunting, time

consuming, and prone to human error, making it unsustainable when driving towards fully

automated cloud environments. With F5’s Cloud Solution Templates, F5’s application services

can be spun-up across a variety of cloud platforms automatically and in a fraction of the time.

Designed and fully tested by F5 engineers, these templates enable anyone to deploy their

application services with absolute conﬁdence, whether they are relatively inexperienced or

BIG-IP superusers.

All F5 Cloud Solution Templates can be used in conjunction with F5’s Virtual Edition free trial

licenses. It has never been easier to become familiar with the world’s most trusted set of

application services.

More Information

For more information about how F5 Cloud Solution Templates can help your business, please

visit these resources:

2nd Generation Cloud Solution Templates (CST2):

F5 GitHub—CloudFormation Templates for AWS (CST2)

F5 GitHub—Azure Resource Manager Templates for Microsoft Azure (CST2)

F5 GitHub—Google Deployment Manager Templates for Google Cloud (CST2)

Legacy Cloud Solution Templates:

F5 GitHub—CloudFormation Templates for AWS (Legacy)

F5 GitHub—Azure Resource Manager Templates for Microsoft Azure (Legacy)

F5 GitHub—Google Deployment Manager Templates for Google Cloud (Legacy)

ALL F5 CLOUD SOLUTION

TEMPLATES CAN BE USED

IN CONJUNCTION WITH

F5’S VIRTUAL EDITION

FREE TRIAL LICENSES.

IT’S NEVER BEEN EASIER

TO BECOME FAMILIAR

WITH THE WORLD’S

MOST TRUSTED SET OF

APPLICATION SERVICES.