Applies To:

Show Versions Show Versions

Manual Chapter: Deploying BIG-IP VE on Google Cloud Platform
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Task List: Deploy BIG-IP VE in Google Cloud

These tasks are required to deploy BIG-IP® VE in the Google Cloud Platform environment. When you are done, you should be able to send traffic to your application servers through BIG-IP VE.

These tasks are documented in detail later in this guide.

Step Task Description
1 Create firewall rules You can add firewall rules to your network before you deploy, or to the instance itself, during or after the deployment.
  • Port 22 for SSH access.
  • Port 8443 for the BIG-IP Configuration utility.
  • A port for your application server, for example HTTPS port 443.
2 Deploy BIG-IP VE Go to Cloud Launcher and select the F5 image you want to deploy.
3 Change the external IP to static When you deploy BIG-IP VE, the external IP address is ephemeral, meaning it changes when BIG-IP VE is rebooted. Change the external IP to static ( Networking > External IP addresses > Type ).
4 SSH to BIG-IP VE and set admin password Use SSH to connect to the BIG-IP VE instance and set an admin password, which will be used to connect to the Configuration utility.
  • In the Google console, if you use SSH > Open in browser window , on the window that opens, click the Settings icon, click Change Linux Username, and type admin.
  • In the Google console, if you use SSH > View gcloud command , type admin@ before the instance name, for example: gcloud compute –project "teamproject" ssh –zone "us-central1-f" "admin@instancename".
  • If you use PuTTY, before you connect, add your key in the Google console ( Compute Engine > Metadata > SSH Keys ).
For more information about how to connect, see https://cloud.google.com/compute/docs/instances/connecting-to-instance.
5 Log in to the BIG-IP Configuration utility and license, provision BIG-IP VE Use the admin account to log in to the BIG-IP Configuration utility (https://<public-ip-address:8443>). Then license and provision BIG-IP VE.
6 In the BIG-IP Configuration utility, create a pool and virtual server Create a virtual server, which provides a destination for your inbound web traffic and points to the pool of web servers.

Deploy BIG-IP VE in Google Cloud

To use BIG-IP® VE in Google Cloud, deploy it in your project.
  1. In the Google Cloud Platform Console, in the top left corner, click the Products & services icon.
  2. In the left pane, click Cloud Launcher.
  3. In the Search for solutions field, type F5 and from the results, click the image you want.
  4. Click Launch on Compute Engine.
  5. Complete the fields. For the machine type, choose at least 2 vCPU and 4 GB memory. For each additional vCPU, add at least 2 GB of memory.
    Note: Port 22 is enabled to allow SSH access to BIG-IP VE; port 8443 provides access to the web-based BIG-IP Configuration utility.
  6. Click Deploy.
The instance is generated. Wait a few minutes before you use SSH to connect.

Set an admin password for BIG-IP VE

The first time you boot BIG-IP® VE, you must connect to the instance and create a strong admin password. The admin account and password will be used to access the BIG-IP Configuration utility.

This management interface may be accessible to the Internet, so ensure it is secure.

  1. Use an SSH tool to connect to the BIG-IP VE instance as admin.
    • In the Google console, if you use SSH > Open in browser window , on the window that opens, click the Settings icon, click Change Linux Username, and type admin.
    • In the Google console, if you use SSH > View gcloud command , type admin@ before the instance name, for example: gcloud compute –project "teamproject" ssh –zone "us-central1-f" "admin@instancename".
    • If you use PuTTY, before you connect, add your key in the Google console ( Compute Engine > Metadata > SSH Keys ).

    For more information about how to connect, see https://cloud.google.com/compute/docs/instances/connecting-to-instance.

  2. To ensure you are at the tmsh command prompt, type tmsh.
  3. To modify the admin password, type modify auth password admin.
    The terminal screen displays: changing password for admin, and then prompts: new password.
  4. Type the new password and press Enter.
    The terminal screen displays: confirm password.
  5. Re-type the new password and press Enter.
  6. To ensure that the system retains the password change, type save sys config and press Enter.
    The terminal screen displays the message: Saving Ethernet mapping...done.
The admin password is changed.

License BIG-IP VE

You must enter license information before you can use BIG-IP® VE.
  1. Open a web browser and log in to the BIG-IP Configuration utility by using the external IP address and port 8443, for example: https://<external-ip-address>:8443.
    The username is admin and the password is the one you set previously.
  2. On the Setup Utility Welcome page, click Next.
  3. On the General Properties page, click Activate.
  4. In the Base Registration key field, enter the case-sensitive registration key from F5®. For Activation Method, if you have a production or Eval license, choose Automatic and click Next.
  5. If you chose Manual, complete these steps:
    1. In the Step 1: Dossier field, copy all of the text and then click Click here to access F5 Licensing Server.

      A separate web page opens.

    2. On the new page, click Activate License.
    3. In the Enter your dossier field, paste the text and click Next.
    4. Accept the agreement and click Next.
    5. On the Activate F5 Product page, copy the license text in the box. Now go back to the BIG-IP Configuration utility and paste the text into the Step 3: License field.
    6. Click Next.
The BIG-IP VE system registers the license and logs you out. When the configuration change is successful, click Continue to provision BIG-IP VE.

Provision BIG-IP VE

You must confirm the modules you want to run before you can begin to work in the BIG-IP® Configuration utility.
  1. Open a web browser and log in to the BIG-IP Configuration utility by using the external IP address and port 8443, for example: https://<external-ip-address>:8443.
  2. On the Resource Provisioning screen, change settings if necessary and click Next.
  3. On the Device Certificates screen, click Next.
  4. On the Platform screen, in the Admin Account field, re-enter the password for the admin account and click Next.

    BIG-IP VE logs you out.

  5. When you log back in, on the Setup Utility > Network screen, in the Advanced Network Configuration area, click Finished.

Create a pool and add members to it

Traffic from BIG-IP® VE is sent to a pool. Your application servers should be members of this pool.
  1. Open a web browser and go to the BIG-IP Configuration utility, for example: https://<external-ip-address>:8443.
  2. On the Main tab, click Local Traffic > Pools .
  3. Click Create.
  4. In the Name field, type web_pool.
    Names must begin with a letter, be fewer than 63 characters, and can contain only letters, numbers, and the underscore (_) character.
  5. For Health Monitors, move https from the Available to the Active list.
  6. Choose the load balancing method or retain the default setting.
  7. In the New Members section, in the Address field, type the IP address of the application server.
  8. In the Service Port field, type a service port, for example, 443.
  9. Click Add.
    The member is displayed in the list.
  10. Add additional pool members as needed and click Finished.

Create a virtual server

A virtual server listens for packets destined for the external IP address. You must create a virtual server that points to the pool you created.
  1. In the BIG-IP® Configuration utility, on the Main tab, click Local Traffic > Virtual Servers .
  2. Click Create and populate the following fields.
    Field Value
    Name A unique name
    Destination Address/Mask BIG-IP VE's internal IP address
    Service Port 443
    HTTP Profile http
    SSL Profile (Client) clientssl
    SSL Profile (Server) serverssl
    Source Address Translation Auto Map
    Default Pool web_pool
    Note: These settings are for demonstration only. For details about securing a web application with SSL, see the product documentation at f5.com.
  3. Click Finished.
Traffic to the BIG-IP VE external IP address will now go to the pool members. To test in a browser, type: https://<external-IP-address>.

About SSH keys in Google Cloud Platform

SSH keys are required to connect to an instance of BIG-IP VE.

If you use any of the Google tools (Open in browser window, View gcloud command), keys are created automatically for you. They are copied to BIG-IP VE while they are valid. When they expire, they are removed from BIG-IP VE.

By default, all non-expired keys listed in Compute Engine > Metadata > SSH Keys have access to the BIG-IP VE instance. You can change this by editing the instance and blocking project-wide keys.

Keys are created and used slightly differently, depending on how you decide to connect.

If you choose Open in browser window
Each time you connect to BIG-IP VE, new keys are created and added to the metadata service. These keys expire every two minutes, and new keys are created each time you connect.
If you choose View gcloud command
Each time you connect to BIG-IP VE, Google searches for keys in your home directory (for example, ~/.ssh/google_compute_engine or google_compute_engine.pub). If keys exist, Google uses them to connect. If keys do not exist, you are prompted to create them. These keys do not expire.
If you use PuTTY
Before you can connect, you must add your key to the metadata service and then use it when you connect. You can add the keys before, during, or after you deploy BIG-IP VE.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)