What is iControl?

So, you've arrived at DevCentral and are trying to figure out the various extensibility features of our products. Well, hopefully this article will set you on the right path for whatever your task shall be and help you in deciding which technology you'll want to use to get there.

The Two:

There may have been One Ring to Rule Them All in J.R.R. Tolkein's Middle Earth, but Mr. Tolkein better watch out for F5. We've got not one, but two rings of power: iRules and iControl.


iRules is F5's embedded scripting language used to inspect, modify, and enforce policy on content flowing through the network. Need to inspect all out-going webpages to ensure no sensitive information is leaked? iRules is your answer. Need to dynamically assign priority to certain classes of client connections? iRules is for you again. Need to add a feature to BIG-IP? It's iRules again. We'll discuss more on iRules in an upcoming article. In the mean time, check out the iRules CodeShare to get an idea what others are doing with them.

iRules are very powerful but the solve only one class of management issues. Let's say you are about to deploy a new web application in your production webfarm. How do you automate that process? It's iControl this time around.


So, what exactly is iControl? Well, Marketing describes iControl as:

iControl is the first open API that enables applications to work in concert with the underlying network based on true software integration. Utilizing SOAP/XML to ensure open communications between dissimilar systems, iControl helps F5 customers, leading independent software vendors ( ISVs ), and Solution Providers realize new levels of automation and configuration management efficiency. Whether monitoring network-level traffic statistics, automating network configuration and management, or facilitating next generation service-oriented architectures, iControl gives organizations the power and flexibility to ensure that applications and the network work together for increased reliability, security, and performance. Further, iControl has proven itself as a valuable technology that can help reduce the cost of managing complex environments.

Got all that? To put it in simpler terms, iControl is a Remote Management Application Programming Interface (API). Think of it as an extension to the management GUI or Command Line Interface (CLI) allowing custom scripts/applications/processes/etc. to be created that would normally be achieved by operators working within the Admin interfaces. iControl was built using Web Services technologies (SOAP and WSDL) which makes integration into developer platforms (VS.Net, WebLogic, Eclipse, JDeveloper, ...) a sinch. Heck, iControl even works with dynamic scripting lanaguages like Perl and Microsoft Windows PowerShell. Unlike the awkwardness of SNMP, iControl has a very robust and rich set of interfaces and methods allowing management of everything from system daemons, user accounts, load balancing (local and global), security, iRules, and everything else you could do with the GUI.

Under the covers, iControl is implemented as a set of SOAP Based Web Services described by a set of Web Service Description Language (WSDL) files. Implemented over HTTP+SSL, iControl applications communicate to the BIG-IP devices in a similar way that a browser would connect to the administration GUI. The application opens a secure HTTP connection to the BIG-IP's iControl Portal using the same authentication credentials setup for the Admin GUI accounts. The portal then acts as a broker for all iControl method calls and forwards them to the appropriate subsystem on the device.

Here are a few examples of how iControl is being used by customers and partners.

  • Automatic Content Deployment to webfarms (1000s of servers daily)
  • Enabling server provisioning in dynamic grid networks
  • Secure remote access for vending machines (via the FirePass iControl Client API)
  • Server identification masking (hiding specifics of backend servers)
  • Response content filtering (scrubbing Credit Card and Social Security numbers)
  • Extracting and archiving statistics for reporting and auditing
  • Custom monitoring and alerting applications
  • Notification alerting agents (rss feeds, email, pager)
  • Listening application for network configuration change events
  • The iRules Editor
  • Many Many more...

Are you hesitant to get started because you aren't a developer?  Never fear, we have a set of quickstart guides available along with some video tutorials to get you started. And we are always available on the forums to help out with coding/debugging issues that come up. And with support for almost all mainstream development environments, you are bound to have someone in your organization with relevant experience.

So what are you waiting for? Head on over to iControl on DevCentral and get on the road to autmation bliss!