Forum Discussion

Travis_02_13395's avatar
Travis_02_13395
Icon for Nimbostratus rankNimbostratus
Nov 21, 2013

Quest TPAM - Creating a DNS Resolution for x.x.x.x/URI

Hello All,

 

We have recently implemented TPAM's password manager to manage some of our domain passwords. As of right now, we have to access the GUI for this application through HTTPS in this format: https://x.x.x.x/name. Creating a DNS name for x.x.x.x is a simple task and would be fine if the application were accessable through these means. However it must have x.x.x.x/name to access the application.

 

I have looked through devcentral and the internet for irules that could accomplish this task. Such as this URI Appending, and this Redirect URI. But to no avail. It seems that there is very little out there on the internet that has both F5 and TPAM coexisting successfully.

 

Some other facts about TPAM:

 

  • TPAM is another appliance
  • The HTTP application for TPAM is not hosted on a server, but hosted by the appliance
  • In order to access TPAM, we must have /name at the end of the IP. Otherwise we get a 403 error (this is normal protocol for TPAM).
  • Our TPAM is a pair. However, F5 will see both units as "online", and attempt to send traffic to both units, when only one is active.

We are not necessarily wanting to load balance TPAM, just give it a name instead of an IP. Reason being, load balancing is technically not possible because of the above. More on that, one TPAM unit will be "active" and one will be "replica". "Replica's" are not accessable over their HTTP. When the "active" unit fails, the "replica" will take over as "active" and the other unit will now be the "replica". F5 will see both of these units as online at all times, which risks us sending traffic to a "replica". So essentially what we are looking at doing to keep it simple is create two WideIP's, tpam1.domain.com and tpam2.domain.com.

 

If there is anybody that has successfully given TPAM a name instead of an IP to manage, or if anybody has any suggestions on another step we could take to make this happen, we would be very grateful. Thanks all!

 

1 Reply

  • Can you clarify exactly what you want. I read it as that you have to make a request to https://x.x.x.x/name where x.x.x.x is an IP address and /name is the name of the device. What do you want the f5 device to do? Rewrite the URI to meet this standard? Can you create a network virtual server where you don't change the destination address?