Tag-Insights Home

Enterprise Automation for F5 URLREP CM

Keep cloud-defined security policy synchronized across distributed BIG-IP environments.

This platform acts as a dependable internal service layer between centralized cloud policy governance and on-device enforcement. It reduces manual feed operations, improves policy consistency, and supports secure, repeatable deployment at scale.

Explore Getting Started Download Install Guide View Architecture

Why It Matters

Built for teams that need predictable and auditable policy rollout.

Operational Challenge

Manual feed management across multiple environments creates drift, slows response time, and increases risk of inconsistent enforcement.

Who It Supports

Network security teams, platform operations teams, and technical managers responsible for governance and reliable change execution.

Outcome

A controlled deployment service with repeatable execution, reduced manual overhead, and clearer operational accountability.

Key Capabilities

Cloud-governed policy automation with device-level execution.

Centralized Policy Synchronization

Retrieves approved category and data-group definitions, applies deployment scope, and keeps behavior aligned across environments.

Automated Processing & Deployment

Downloads feed content in parallel, compiles device-ready structures, and deploys coordinated updates through BIG-IP API workflows.

Operational Visibility

Validates reachability before deployment, reports progress and outcomes to the control plane, and tracks runtime summary metrics.

Cloud-Driven Scheduling

Converts cloud-defined schedules into host automation with unattended recurring runs and fallback behavior for invalid schedule input.

How It Works

End-to-end orchestration from cloud sync to cleanup.

  1. 1Authenticate and synchronize configuration with cloud API services.
  2. 2Resolve scope and target devices for policy deployment.
  3. 3Run network and API pre-checks against managed BIG-IP systems.
  4. 4Download reputation/data-group content in parallel.
  5. 5Prepare content into device-ready policy objects.
  6. 6Deploy URL categories and coordinated data-group updates.
  7. 7Publish lifecycle/deployment events and status feedback.
  8. 8Clean temporary artifacts and finalize run reporting.

SaaS & API Integrations

Interoperability across governance, distribution, signaling, and enforcement layers.

MagnetoAI Cloud API

Authentication, category retrieval, device registration, config sync, and operational status reporting.

Managed Feed Distribution

Current reputation and data-group content retrieval at deployment time.

Real-time WebSocket Service

Lifecycle event publishing for startup, config change, deployment completion, and shutdown.

F5 BIG-IP iControl REST

Policy object application and persisted configuration changes on managed appliances.

Architecture

Modular layers with clear operational ownership.

Application Orchestration Layer

Coordinates workflow stages, execution order, lifecycle progression, and progress tracking.

Integration Layer

Handles cloud API operations, feed retrieval, event signaling, and BIG-IP management API interactions.

Data Handling Layer

Manages runtime configuration, encrypted credentials, transient artifacts, and controlled cleanup.

Scheduling & Runtime Layer

Applies cloud timing to host scheduling and supports both interactive and unattended operation.

Execution Lifecycle Summary

Cloud Sync -> Validation -> Feed Retrieval -> Content Compilation
-> BIG-IP Deployment -> Status Reporting -> Secure Cleanup

Getting Started

Installation narrative and runbook extracted from CUSTOMER_INSTALL_GUIDE.md.

1. Prepare Install Directory

Create a dedicated folder (for example, under $HOME) and run installation from there.

2. Run the Unified Installer

get_latest.php auto-detects OS, downloads the correct binary, and verifies checksum + signature.

3. Validate and Operate

Confirm version output, keep weekly auto-update enabled (or disable with --no-cron), and monitor logs.

Installation Details

Quick Start (Recommended)

mkdir -p "$HOME/f5_urlrep_cm"
cd "$HOME/f5_urlrep_cm"
curl -fsSLO https://cdn.tag-insights.com/apps/updater/get_latest.php
bash ./get_latest.php
./f5_urlrep_cm --version

One-liner Curl Mode

cd "$HOME/f5_urlrep_cm"
curl -fsSL https://cdn.tag-insights.com/apps/updater/get_latest.php | bash

Install Output and Logs

  • Binary: $PWD/f5_urlrep_cm
  • Installer: $PWD/get_latest.php
  • State: $PWD/.f5_urlrep_cm_installer/
  • Logs: /var/log/cassandra preferred, local fallback if needed

Cron Auto-Update Behavior

Installer creates or updates a weekly cron run (Sunday at 04:00) and can skip cron setup when requested.

bash ./get_latest.php --no-cron

Uninstall Workflow

curl -fsSLO https://cdn.tag-insights.com/apps/f5_urlrep_cm/uninstall-latest.sh
bash ./uninstall-latest.sh

Removes binary, installer script, state directory, and installer cron marker.

CLI Usage

Target specific deployment groups and validate in lower environments before deploying to all devices.

Deployment Group Flag

Use -dg (or --deployment_group) to scope a run to a named deployment group. The name must match a group configured in the cloud control plane. Only devices assigned to that group are targeted. Omitting the flag defaults to the all group. 

# Short form
./f5_urlrep_cm -dg <group-name>

# Long form (equivalent)
./f5_urlrep_cm --deployment_group <group-name>

Pre-Production Environments

Define separate deployment groups for your lower environments (e.g. lab, dev, test) in the cloud control plane and target them before promoting to production. This confines the policy push to isolated BIG-IP appliances so you can verify URL categories and data-group objects are applied correctly. 

# Deploy to lab environment
./f5_urlrep_cm --dg lab

# Deploy to dev environment
./f5_urlrep_cm --dg dev

# Deploy to test/staging environment
./f5_urlrep_cm --dg test

Recommended Promotion Workflow

# 1. Deploy to lab and confirm policy objects on isolated BIG-IP devices
./f5_urlrep_cm --dg lab

# 2. Review logs and status reporting, then promote to a wider test group if needed
./f5_urlrep_cm --dg test

# 3. When validated, deploy to all devices (production)
./f5_urlrep_cm --dg all

# Or omit --dg entirely — defaults to 'all'
./f5_urlrep_cm
CLI Reference & Notes

Argument Reference

  • -dg <name> / --deployment_group <name> — Target a named deployment group
  • -d / --debug — Enable debug output
  • --version — Print installed version and exit
  • --no-cron — Skip cron schedule setup during install

The all Group

The all deployment group targets every device registered in the cloud configuration. This is the default when -dg is not provided and is typically equivalent to a full production push. Always validate in a lower environment first. 

# Explicit
./f5_urlrep_cm --dg all

# Implicit (same result)
./f5_urlrep_cm

Invalid Group Name

If the group name provided to -dg matches no devices, the app fetches all available groups from the cloud and prints them as a table so you can pick the correct name and retry. 

# Example: typo in group name
./f5_urlrep_cm --dg labb
# → prints table of valid deployment group names

Important Notes

Reliability and security behaviors emphasized in the platform design.

What happens if one device fails?

Partial failures are handled gracefully so a single failing device or feed does not automatically stop all work.

How are credentials protected?

Credentials are handled with encrypted storage/loading patterns, pre-deployment validation, and post-run cleanup of decrypted artifacts.

How is operational continuity maintained?

Cloud-defined schedules drive recurring runs, with fallback behavior when invalid schedule input is detected.

How is reliability supported at scale?

Parallelized processing, timeout controls, defensive exception handling, and end-of-run reporting support stable repeat execution.

Policy governance, automation, and enforcement in one repeatable service workflow.

This implementation reflects the provided overview and is suited for customer-facing or internal stakeholder communication.

Back to Top