Archive for application delivery

Selective Compression on BIG-IP

Posted in f5, big-ip, optimization, application delivery, compression, management, devcentral by psilva on October 17th, 2017

BIG-IP provides Local Traffic Policies that simplify the way in which you can manage traffic associated with a virtual server.

You can associate a BIG-IP local traffic policy to support selective compression for types of content that can benefit from compression, like HTML, XML, and CSS stylesheets. These file types can realize performance improvements, especially across slow connections, by compressing them. You can easily configure your BIG-IP system to use a simple Local Traffic Policy that selectively compresses these file types. In order to use a policy, you will want to create and configure a draft policy, publish that policy, and then associate the policy with a virtual server in BIG-IP v12.

Alright, let’s log into a BIG-IP

c1.jpg

The first thing you’ll need to do is create a draft policy. On the main menu select Local Traffic>Policies>Policy List and then the Create or + button.

c2.jpg

This takes us to the create policy config screen. We’ll name the policy SelectiveCompression, add a description like ‘This policy compresses file types,’ and we’ll leave the Strategy as the default of Execute First matching rule. This is so the policy uses the first rule that matches the request. Click Create Policy which saves the policy to the policies list.

c3.jpg

When saved, the Rules search field appears but has no rules. Click Create under Rules.

c4.jpg

This brings us to the Rules General Properties area of the policy. We’ll give this rule a name (CompressFiles) and then the first settings we need to configure are the conditions that need to match the request. Click the + button to associate file types.

c5.jpg

We know that the files for compression are comprised of specific file types associated with a content type HTTP Header. We choose HTTP Header and select Content-Type in the Named field. Select ‘begins with’ next and type ‘text/’ for the condition and compress at the ‘response’ time. We’ll add another condition to manage CPU usage effectively. So we click CPU Usage from the list with a duration of 1 minute with a conditional operator of ‘less than or equal to’ 5 as the usage level at response time.

c6.jpg

Next under Do the following, click the create + button to create a new action when those conditions are met. Here, we’ll enable compression at the response time. Click Save.

c7.jpg

Now the draft policy screen appears with the General Properties and a list of rules. Here we want to click Save Draft.

c8.jpg

Now we need to publish the draft policy and associate it with a virtual server. Select the policy and click Publish.

c9a.jpg

Next, on the main menu click Local Traffic>Virtual Servers>Virtual Server List and click the name of the virtual server you’d like to associate for the policy.

c9a.jpg

On the menu bar click Resources and for Policies click Manage.

c9b.jpg

Move SelectiveCompression to the Enabled list and click Finished.

c9c.jpg

The SelectiveCompression policy is now listed in the policies list which is now associated with the chosen virtual server. The virtual server with the SelectiveCompression Local Traffic Policy will compress the file types you specified.

c9d.jpg

Congrats! You’ve now added a local traffic policy for selective compression! You can also watch the full video demo thanks to our TechPubs team.

ps




Add a Data Collection Device to your BIG-IQ Cluster

Posted in f5, big-ip, silva, application delivery, management, devcentral, big-iq by psilva on September 26th, 2017

big-iq-200-5000.pngGathering and analyzing data helps organizations make intelligent decisions about their IT infrastructure. You may need a data collection device (DCD) to collect BIG-IP data so you can manage that device with BIG-IQ. BIG-IQ is a platform that manages your devices and the services they deliver. Let’s look at how to discover and add a data collection device in BIG-IQ v5.2. You can add a new data collection device to your BIG-IQ cluster so that you can start managing it using the BIG-IP device data.

In addition to Event and Alert Log data, you can view and manage statistical data for your devices. From licensing to policies, traffic to security, you’ll see it all from a single pane of glass.

But you need a DCD to do that.

So, we start by logging in to a BIG-IQ.

iq1.jpg

Then, under the System tab, go to BIG-IQ Data Collection and under that, click BIG-IQ Data Collection Devices.

iq2.jpg

The current DCD screen shows no devices in this cluster. To add a DCD, click Add.

iq3.jpg

This brings us to the DCD Properties screen. For Management Address field, we add the management IP address of the BIG-IP/DCD we want to manage. We’ll then add the Admin username and password for the device. For Data Collection IP Address, we put the transport address which is usually the internal Self-IP address of the DCD and click Add.

iq4.jpg

The process can take a little while as the BIG-IQ authenticates with the BIG-IQ DCD and adds it to the BIG-IQ configuration. But once complete, you can see the devices has been added successfully.

iq6.jpg

Now you’ll notice that the DCD has been added but there are no Services at this point. To add Services, click Add Services.

iq7.jpg

In this instance, we’re managing a BIG-IP with multiple services including Access Policies so we’re going to activate the Access services. The listener address already has the management address of the DCD populated so we’ll simply click Activate. Once activated, you can see that it is Active.

iq89.jpg

When we go back to the Data Collection Devices page, we can see that the Access Services have been added and the activation worked.

iq9a.jpg

Congrats! You’ve added a Data Collection Device! You can also watch a video demo of How to Add a data collection device to your BIG-IQ cluster.

ps




Lightboard Lessons: What is HTTP?

Posted in f5, big-ip, application delivery, lightboard, http, devcentral by psilva on September 20th, 2017

In this Lightboard Lesson, I light up some #basics about HTTP. HTTP defines the structure of messages between web components such as browser or command line clients, servers like Apache or Nginx, and proxies like the BIG-IP.

 

 

Watch Now:



Is 2017 Half Empty or Half Full?

Posted in big-ip, availability, cloud, application delivery, mobile, cybercrime, breach, dns, iot, 2017 by psilva on August 30th, 2017

Ransomware seems to be this year’s huge trend

aug17.jpgWith 2017 crossing the half way point, let's look at some technology trends thus far.

Breaches: Many personal records are half empty due to the continued rash of intrusions while the crooks are half full of our personal information along with some ransom payments. According to the Identity Theft Resource Center (ITRC), there have been 7,689 breaches since 2005 (when they started tracking) compromising – get this – 900,315,392 records. Almost 3 times the U.S. population. In 2016, 56% of all Data Breaches began with a user clicking on a phishing email. The big story for 2017 I think, is the rise of ransomware. Kaspersky reports a 250% increase in ransomware for the first few months of 2017. From WannaCry to Petya to Fusob, criminals are holding systems hostage until a ransom is paid…or not. Ransomware seems to be this year’s big trend with backups saving some from total embarrassment.

Cloud Computing: RightScale 2017 State of the Cloud Report notes that Hybrid Cloud Is the preferred enterprise strategy, with 85 percent of enterprises have a multi-cloud strategy (up from 82 percent in 2016) and Cloud Users Are Running Applications in Multiple Clouds. An interesting stat from the report says, cloud users are running applications in an average of 1.8 public clouds and 2.3 private clouds. We got hybrid cars, hybrid corn, hybrid cats and hybrid clouds but The Cloud is Still just a Datacenter Somewhere so no need to freak out. Cloud seems to be more than half full as the security and expertise challenges decline.

DNS: I’ve said it before and I’ll say it again, DNS is one of the most important components of a functioning internet. With that, it presents unique challenges to organizations. 2016 saw record-breaking DNS-based attacks and outages, which thrust DNS management into the spotlight as both a vulnerability and a critical asset. In 2016 DNS provider Dyn experienced a huge DDoS attack taking out many popular websites and internet cameras. And a new attack uncovered this year, DNSMessenger, uses DNS queries to conduct malicious PowerShell commands on compromised computers – a technique that makes the remote access trojan difficult to detect on targeted systems. The need for DNS continues to be half-full with the influx of IoT devices so it’ll continue to be a valuable target for riff-raff.

IoT: What can I say? The cup runneth over…again. Gartner has identified the Top 10 IoT technologies that should be on every organization's radar for 2017 and 2018. They include things like new security risks and challenges to the IoT devices themselves, their platforms and operating systems, their communications, and even the systems to which they're connected. Analytics to understand customer behavior, to deliver services and improve products. Device management, device processors, operating systems, platforms, standards and even the networks IoT devices use are all areas of attention. IoT is really three-quarters full both with the opportunities and potential risks. And the risks can be deadly when monitoring vital information like human vital signs.

Mobile: We are mobile, our devices are mobile and the applications we access are mobile. Mobility, in all its iterations, is a huge enabler and concern for enterprises and it'll only get worse as we start wearing our connected clothing to the office. 5G is still a couple years away but AT&T and Verizon have already lined up trials of their 5G networks for 2017. Mobile is certainly half full and there is no emptying it now.

That's what I got so far and I'm sure 2017's second half will bring more amazement, questions and wonders. We'll do our year-end reviews and predictions for 2018 as we all lament, where did the Year of the Rooster go?

There's that old notion that if you see a glass half full, you're an optimist and if you see it half empty you are a pessimist. I think you need to understand what state the glass itself was before the question. Was it empty and filled half way or was it full and poured out? There's your answer!

ps

This article originally appeared on F5.com.

 

 

 




Create a BIG-IP HA Pair in Azure

Posted in f5, big-ip, cloud, application delivery, devcentral, azure by psilva on August 8th, 2017

arm_logo1.jpgUse an Azure ARM template to create a high availability (active-standby) pair of BIG-IP VE instances in Microsoft Azure. When one BIG-IP VE goes standby, the other becomes active, the virtual server address is reassigned from one external NIC to another.

Today, let’s walk through how to create a high availability pair of BIG-IP VE instances in Microsoft Azure. When we’re done, we’ll have an active-standby pair of BIG-IP VEs.

To start, go to the F5 Networks Github repository.

ha1.jpg

Click F5-azure-arm-templates. Then go to Supported>ha-avset and there are two options. You can deploy into an existing stack when you already have your subnets and existing IP addresses defined but to see how it works, let’s deploy a new stack.

ha2.jpg

Click new stack and scroll down to the Deploy button. If you have a trial or production license from F5, you can use the BYOL option but in this case, we’re going to choose the PAYG option.

ha3.jpg

Click Deploy and the template opens in the Azure portal. Now we simply fill out the fields. We’ll create a new Resource Group and set a password for the BIG-IP VEs.

When you get to the questions:

The DNS label is used as part of the URL.

Instance Name is just the name of the VM in Azure.

Instance Type determines how much memory and CPU you’ll have.

Image Name determines how many BIG-IP modules you can run (and you can choose the latest BIG-IP version).

Licensed Bandwidth determines the maximum throughput of the traffic going through BIG-IP.

Select the Number of External IP addresses (we’ll start with one but can add more later). For instance, if you plan on running more than one application behind the BIG-IP, then you’ll need the appropriate external IP addresses.

Vnet Address Prefix is for the address ranges of you subnets (we’ll leave at default).

The next 3 fields (Tenant ID, Client ID, Service Principal Secret) have to do with security. Rather than using your own credentials to modify resources in Azure, you can create an Active Directory application and assign permissions to it.

The last two fields also go together. Managed Routes let you route traffic from other external networks through the BIG-IPs. The Route Table Tag means that anytime this tag is found in the route table, routes that have this destination are updated so that the next hop is the IP address of the active BIG-IP VE. This is useful if you want all outbound traffic to go through the BIG-IP or if you want to send traffic from a bunch of different Vnets through the BIG-IP.

We’ll leave the rest as default but the Restricted Src Address is good way to put IP addresses on my network – the ones that are allowed to connect to the BIG-IP.

We’ll agree to the terms and click Purchase.

ha456.jpg

We’re redirected to the Dashboard with the Deployment in Progress indicator. This takes about 15 minutes.

ha7.jpg

Once finished we’ll go check all the resources in the Resource Group.

ha8.jpg

Let’s find out where the virtual server address is located since this is associated with one of the external NICs, which have ‘ext’ in the name. Click the one you want.

ha9.jpg

Then click IP Configuration under Settings.

ha91.jpg

When you look at the IP Configuration for these NICs, whenever the NIC has two IP addresses that’s the NIC for the active BIG-IP. The Primary IP address is the BIG-IP Self IP and the Secondary IP is the virtual server address.

ha92.jpg

If we look at the other external NIC we’ll see that it only has one Self IP and that’s the Primary and it doesn’t have the Secondary virtual server address. The virtual server address is assigned to the active BIG-IP.

ha93.jpg

When we force the active BIG-IP to standby, the virtual server address is reassigned from one NIC to the other.

To see this, we’ll log into the BIG-IPs and on the active BIG-IP, we’ll click Force to Standby and the other BIG-IP becomes Active.

ha94.jpg

When we go back to Azure, we can see that the virtual server IP is no longer associated with the external NIC.

ha95.jpg

And if we wait a few minutes, we’ll see that the address is now associated with the other NIC.

ha96.jpg

Basically, how BIG-IP HA works in the Azure cloud is by reassigning the virtual server address from one BIG-IP to another. Thanks to our TechPubs group and check out the demo video.

ps




DevCentral’s Featured Member for August – Piotr Lewandowski

Posted in f5, big-ip, application delivery, devcentral by psilva on August 4th, 2017

piotrL.jpgPiotr Lewandowski has been working in IT for well over 20 years – and not really conscious decision to go this way – just blind luck. He started in the era without Internet…yes, not so long ago it was possible to live without Internet J…and IBM PC/XT computers. Thanks to self-learning he managed to work as DTP operator on Apple computers (the first in Poland at the time). However, he also had to manage all the other aspects of “network” so he turned into IT guy. Then he worked as CIO for quite a long time but when company started to grow, he figured out the corporate environment is not for him and switched to consulting on his own terms.

About 5 years ago, F5 gear popped up and he had to learn how to use it. It was challenging as he never was network pro – but turned out that it’s interesting and challenging so he’s still there and is DevCentral’s Featured Member for August!

DevCentral: Tell us a little about the areas of BIG-IP expertise you have.

Piotr: It’s a shame but I am still best in Load Balancing related part. I am struggling to improving in more trendy areas – security and AAA but it takes time. Especially security in the WAF area. It is so broad and fast moving that I have problem staying current. I am able to configure most all pieces of BIG-IP LTM and GTM features, but for ASM, APM and AFM it is still a bit of a challenge.

I am not a programmer but during some projects I learned both iRules and iControl so I am comfortable with those. Lately I started to research iRulesLX – which seems very promising – but not a lot info about real life project can be found.

I’ve also dabbled a bit with BIG-IP/OpenStack topic and have a good idea how it works but still need to deploy in a production environment.

Recently I decided to improve my skills in dynamic routing protocols (BGP, OSPF etc.) to be able to address DDoS related topics (RTBH, RHI, Anycast). Somewhat challenging but my lab is growing and I am starting to see some light in the tunnel - Polish proverb – don’t know if valid in English.

DC: You are a Technical Consultant at SoftwareDefined. Can you describe your typical workday?

Piotr: I am working for few businesses, right now my most active relations are with SoftwareDefined. To be honest, right now there is plenty of projects including some areas I am not so fluent, so most of my time is devoted to learning and testing.

sd.jpgMost of my day is filled in with lab work – testing how BIG-IP works behind scenes (which is the only way I can be 100% sure that given implementation will work as expected); recreating different bizarre customer configs to find out how to implement/improve them; and “reverse engineering” BIG-IP features to figure out if impossible is possible. ;-)

I also stay current with DevCentral stuff.

There are of course days when it’s necessary to work directly with customer – explain how BIG-IP can be used, why it’s so great and how their life will be easier after buying few, especially VIPRIONs!

Part of my tasks is a technical support for customers we are working with. Bright side is that we are working with ones that are pretty skillful in the BIG-IP area – so cases are interesting and challenging and always learning something new and useful

DC: You were a CIO right when the internet started to blossom in the mid-1990s thru the 2000s. What are some of the advancements that truly surprised you?

Piotr: Good catch! To be honest I barely remember how it was… but for sure not worse than it is now.

I guess there are two main topics that I am amazed most. One you can surely call advancement, second is really mystery for me – you can call it advancement but…

Advancement is vast ocean of information out there. Right now – if you know what you are looking for and how to triage search results – one can find info he needs in few minutes. Even if I have no idea at all about given topic it’s always possible to find some starting point and proceed from there. That was not possible without Internet – sure you could call friend and try to find books but it would take ages – and there is no time for that nowadays.

I do want to express that I love DevCentral (and I am honest here, not just trying to flatter). I know communities of few other big vendors and there is no comparison for my needs. I can’t recall situation when I was not able at least find clue that allowed me to resolve issue. There is so much valuable info and great people on DevCentral that it creates great value by itself!

“Advancement.” I can’t understand is how easily people are sharing very private info on the Internet and at the same time how fiercely they are finding for their privacy – that is paradox I can’t figure out.

I am dinosaur here, still prefer few good friends in real life that thousands of virtual friends out there. To be honest, for me social part of the Internet could not exist at all.

Most amazing progress (somehow for sure related to Internet) for me is Big Data, machine learning and AI. What is even more amazing is that those are seldom seen in networking/ADC area. All the networking protocols, security, LB and so on was designed with main goal – computer should be able to understand and use them – not humans. And computers are good at it – opposite to most humans. Share amount of data, speed of changes it is all making reaction by humans almost impossible.

So why still humans are doing all this mundane task of configuring, tuning and adjusting? For me, right direction is handing this all out to computers. Something like IoT. All should be based on intelligent entities that are aware about surrounding environment, can self-tune/reconfigure, self-protect, actively fight for resources and finally self-destroy.

Even if that is scary and still far away there are areas that should be changed/improved. Simple example the BIG-IP courtyard – TCP optimization. This is very complicated and mundane task to adjust all those settings live. But device processing traffic has all data necessary to do that and understands this data better than most BIG-IP users ever can.

Another, maybe not so obvious area is why network is not aware about business data. Not all traffic is of the same value for business so network/ADC should actively readjust configuration based on business data. It’s is totally possible when whole IT infrastructure works as one conscious, intelligent organism but impossible to be done in real time by humans.

DC: Describe one of your biggest BIG-IP challenges and how DevCentral helped in that situation.

Piotr: Each new implementation is challenge, but I guess I can recall two that almost make me fall to my knees:

OpenStack and BIG-IP integration – plenty of new technologies I never touched before. Steep learning curve and relatively small amount of good quality info (it was a year ago, I am pretty sure now it’s much better).

“Reverse engineering” of BIG-IP APM/SWG to figure out if proxy chaining is possible (especially for HTTPS) or not. Here I had to really harness my iRules skills. Thanks to that, I was able to figure out how things work behind scenes and unfortunately find out that task is impossible to implement in manageable way – to be honest even with v13.0.0 seems to be impossible.

DC: Lastly, if you weren’t an IT admin – what would be your dream job? Or better, when you were a kid – what did you want to be when you grew up?

Piotr: Nothing related to IT. I am not saying it’s not fun but… I guess I would try to be archeologist, revealing secrets of the past always thrilled my mind. Probably not in the human past area, rather few dozen million years back when dinosaurs ruled Earth. I was always curious what would happen if big impact would not happen. And finally this job seems to allow to visit really distant and mysterious parts of the world.

Thanks Niels! Check out all of Piotr' DevCentral contributions, connect with him on LinkedIn and visit SoftwareDefined.

 




DevCentral Cloud Month Wrap

Posted in f5, big-ip, cloud computing, application delivery, devcentral by psilva on July 10th, 2017
f5dccloud17

Is it the end of June already? At least it ended on a Friday and we can close out DevCentral’s Cloud Month followed by the weekend! First, huge thanks to our Cloud Month authors: Suzanne, Hitesh, Greg, Marty and Lori. Each delivered an informative series (23 articles in all!) from their area of expertise and the DevCentral team appreciates their involvement. We hope you enjoyed the content as much as we enjoyed putting it together.

And with that, that’s a wrap for DevCentral Cloud Month. You can check out the original day-by-day calendar and below is each of the series if you missed anything. Thanks for coming by and we’ll see you in the community.

AWS - Suzanne & Thomas

Cloud/Automated Systems – Hitesh

Azure – Greg

Google Cloud – Marty

F5 Friday #Flashback – Lori

Cloud Month Lightboard Lesson Videos – Jason

#DCCloud17 X-Tra!

The Weeks

ps




Cloud Month on DevCentral

Posted in f5, big-ip, cloud, cloud computing, application delivery, devcentral, aws, azure by psilva on June 1st, 2017

 

#DCCloud17

dc-logo.jpgThe term ‘Cloud’ as in Cloud Computing has been around for a while. Some insist Western Union invented the phrase in the 1960s; others point to a 1994 AT&T ad for the PersonaLink Services; and still others argue it was Amazon in 2006 or Google a few years later. And Gartner had Cloud Computing at the top of their Hype Cycle in 2009.

No matter the birth year, Cloud Computing has become an integral part of an organization’s infrastructure and is not going away anytime soon. A 2017 SolarWinds IT Trends report says 95% of businesses have migrated critical applications to the cloud and F5's SOAD report notes that 20% of organizations will have over half their applications in the cloud this year. It is so critical that we’ve decided to dedicate the entire month of June to the Cloud.

We’ve planned a cool cloud encounter for you this month. We’re lucky to have many of F5’s Cloud experts offering their 'how-to' expertise with multiple 4-part series. The idea is to take you through a typical F5 deployment for various cloud vendors throughout the month. Mondays, we got Suzanne Selhorn & Thomas Stanley covering AWS; Wednesdays, Greg Coward will show how to deploy in Azure; Thursdays, Marty Scholes walks us through Google Cloud deployments including Kubernetes.

But wait, there’s more!

On Tuesdays, Hitesh Patel is doing a series on the F5 Cloud/Automation Architectures and how F5 plays in the Service Model, Deployment Model and Operational Model - no matter the cloud and on F5 Friday #Flashback starting tomorrow, we’re excited to have Lori MacVittie revisit some 2008 #F5Friday cloud articles to see if anything has changed a decade later. Hint: It has…mostly. In addition, I’ll offer my weekly take on the tasks & highlights that week.

Below is the calendar for DevCentral's Cloud Month and we’ll be lighting up the links as they get published so bookmark this page and visit daily! Incidentally, I wrote my first Cloud tagged article on DevCentral back in 2009. And if you missed it, Cloud Computing won the 2017 Preakness. Cloudy Skies Ahead!

June 2017

 

Monday

Tuesday

Wednesday

Thursday

Friday

 

28

29

30

31

1

Cloud Month Intro & Calendar

2

Flashback Friday: The Many Faces of Cloud

Lori MacVittie

3

4

5

Successfully Deploy Your Application in the AWS Public Cloud

Suzanne Selhorn

6

Cloud/Automated Systems need an Architecture

Hitesh Patel

7

The Hitchhiker’s Guide to BIG-IP in Azure

Greg Coward

8

Deploy an App into Kubernetes in less than 24 Minutes

Marty Scholes

9

F5 Flashback Friday: The Death of SOA Has (Still) Been Greatly Exaggerated

-Lori

10

11

12

Secure Your New AWS Application with an F5 Web Application Firewall

-Suzanne

13

The Service Model for Cloud/Automated Systems Architecture

-Hitesh

14

The Hitchhiker’s Guide to BIG-IP in Azure – ‘Deployment Scenarios

-Greg

15

Deploy an App into Kubernetes Even Faster (Than Last Week)

-Marty

16

F5 Flashback Friday: Cloud and Technical Data Integration Challenges Waning

-Lori

17

18

19

Shed the Responsibility of WAF Management with F5 Cloud Interconnect

-Suzanne

20

The Deployment Model for Cloud/Automated Systems Architecture

-Hitesh

21

The Hitchhiker’s Guide to BIG-IP in Azure – ‘High Availability’

-Greg

22

Deploy an App into Kubernetes Using Advanced Application Services

-Marty

23

Flashback Friday: Is Vertical Scalability Still Your Problem?

-Lori

24

25

26

​Get Back Speed and Agility of App Development in the Cloud with F5 Application Connector

-Suzanne

27

The Operational Model for Cloud/Automated Systems Architecture

-Hitesh

28

The Hitchhiker’s Guide to BIG-IP in Azure – ‘Life Cycle Management’

-Greg

29

Peek under the Covers of your Kubernetes Apps

-Marty

30

Cloud Month Wrap!

 

Titles subject to change...but not by much.

ps

 




Device Discovery on BIG-IQ 5.1

Posted in f5, big-ip, cloud computing, adc, application delivery, devcentral, aws, azure, access, big-iq by psilva on May 23rd, 2017

The first step in using a BIG-IQ to manage BIG-IP devices

BIG-IQ enables administrators to centrally manage BIG-IP infrastructure across the IT landscape.  BIG-IQ discovers, tracks, manages, and monitors physical and virtual BIG-IP devices - in the cloud, on premise, or co-located at your preferred datacenter.

Let’s look at how to get BIG-IQ 5.1 to gather the information needed to start managing a BIG-IP device. This gathering process is called Device Discovery.

To get started, the first thing is to logon to the BIG-IQ

iq2.jpg

Once in, the first thing you do is let the BIG-IQ know about the BIG-IP device that you want to manage. Here, in Device Management>Inventory>BIG-IP Devices, we’ll click Add Device.

iq3.jpg

Here we’ll need the IP address, user name and password of the device you want to manage. If the device you want to manage is part of a BIG-IP Device Service Cluster (DSC), you’ll probably want to manage that part of its configuration by adding it to a DSC group on the BIG-IQ. After selecting a DSC, tell the BIG-IQ how to handle synchronization when you deploy configuration changes so that when you deploy changes to one device, the other DSC members get the same changes. Best practice is to let BIG-IQ do the sync.

iq5.jpg

Next click Add at the bottom of the page to start the discovery process.

iq6.jpg

Once the device recognizes your credentials, it’ll prompt you to choose the services that you want to manage. You always select LTM, even if you only mange other services because the other services depend on LTM. To finish the device discovery task, click Discover.

iq7.jpg

The BIG-IQ gathers the information it needs for each of the services you requested. This first step takes only a few moments while the BIG-IQ discovers your devices. You are done with discovery once the status update reads, Complete import tasks.

iq8.jpg

Now, we need to import the service configurations that the BIG-IQ needs before we can start managing that BIG-IP device. Click the link that says, Complete import tasks.

Next, you’ll begin the process of importing the BIG-IP LTM services for this device. Just like the discovery task, you’ll import LTM first.

Click Import.

iq9.jpg

This could take a little time depending on how many LTM objects are defined on this BIG-IP device. When the import finishes, BIG-IQ will display the date and time of when the operation was completed.

iq91.jpg

Now, we repeat the process for the second service provisioned on this device.

iq92.jpg

Importing an access device like BIG-IP APM is slightly different. Part of the import task is to identify the Access Group that this device uses to share its configuration. Whether you’re adding to an existing or creating a new access group, when you’re done entering the name of the group, click Add to start the import process. Here again, the time to process depends on how many BIG-IP APM configuration objects are defined on the device.

iq93.jpg

When the BIG-IP APM services import finishes and the time completed displays, you can simply click Close to complete the task.

iq94.jpg

You can now see that the device has been added to BIG-IQ.

iq95.jpg

That’s it! Now you can start managing the BIG-IP LTM and APM object on this device. For this article, we only imported LTM and APM objects but the process is the same for all services you manage.

Thanks to our TechPubs group and watch the video demo here.

ps

Related:

What is BIG-IQ




Lightboard Lessons: What is BIG-IP?

Posted in security, f5, big-ip, silva, video, application delivery, lightboard, devcentral by psilva on May 10th, 2017

In the early days of F5, BIG/IP was our original load balancer. Today, BIG-IP is a family of products covering software and hardware designed around application availability, access control, and security solutions.

In this Lightboard Lesson, Peter Silva lights up the various BIG-IP modules and what they do.

 

 

Watch Now:




« Older episodes ·