Applies To:

Show Versions Show Versions

Manual Chapter: Deploying BIG-IP Virtual Edition in Azure
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Deploy BIG-IP VE in Azure Resource Manager

In order to create a virtual machine running BIG-IP® VE in Azure, you can deploy BIG-IP VE in the Azure Resource Manager deployment model.

For Azure Classic instructions, see Deploying BIG-IP VE in Azure Classic.

  1. Log in to the Microsoft Azure Portal at https://portal.azure.com.
  2. On the Dashboard, select Marketplace.
  3. In the Filter field, type F5 and press Enter.
  4. From the list of options, select the F5 image of your choice.
  5. From the Select a deployment model list, select Resource Manager and click Create.
  6. On the Basics page, complete these settings.
    Setting Details
    Name A name for the instance.
    VM disk type Choose HDD. SSD is not supported.
    User name A name for the person who will log in. You can't change or access this field later.
    Authentication type SSH keys are more secure than passwords. For information about getting public keys, see Create a key pair for authentication.
    Subscription Accept the default or change it.
    Resource group A resource group is a logical container of related resources. Accept the default or change it.
    Location Accept the default or change it.
  7. Click OK.
  8. On the Size page, choose the instance size that meets your needs, and click Select.
    For a list of instances supported for each F5 license, see the Azure instances for BIG-IP VE topic in this guide.
  9. On the Settings page, accept the defaults or change them.
  10. Click OK.
  11. On the Summary page, click OK.
  12. On the Purchase page, click Purchase to initiate the deployment.
    To check the status, click the notifications bell on the top toolbar.
The system creates the following resources:
  • A BIG-IP VE virtual machine with one network interface and a public IP address
  • A VLAN named internal
  • A self IP address named self_1nic
Note: Only one VLAN is supported in Azure and it was created during deployment, so when you access the BIG-IP Configuration utility, you do not need to use the Setup wizard to configure networking.

Deploy BIG-IP VE in Azure Classic

Follow these steps to deploy BIG-IP® VE in the Azure Classic deployment model. Even though you are using Classic resources, you perform these steps in the new Resource Manager portal.

For Azure Resource Manager instructions, see Deploy BIG-IP VE in Azure Resource Manager.

  1. Log in to the Microsoft Azure Portal at https://portal.azure.com.
  2. On the Start pane, select Marketplace.
  3. In the Filter field, type F5 and press Enter.
  4. From the list of options, select the F5 image of your choice.
  5. From the Select a deployment model list, select Classic and then click Create.
  6. On the Create VM page:
    Setting Details
    Host Name A name for the virtual appliance.
    User name A name for the person who will log in. You can't change or access this field later.
    Authentication type SSH keys are more secure than passwords. For information on getting public keys, see Create a public key for authentication.
    Pricing Tier For a list of instances supported for each F5 license, see Azure instances for BIG-IP VE.
  7. For Pricing Tier, leave the default or choose the instance size that meets your needs and click Select.
    For a list of instances supported for each F5 license, see Azure instances for BIG-IP VE.
  8. For Optional Configuration, note the following details.
    Setting Details
    Availability set
    • All instances in an availability set must have the same subnets.
    • BIG-IP high availability is currently not supported in Azure, so you should configure the BIG-IP to reboot if a daemon fails. For details, see the BIG-IP® System: Essentials guide on AskF5.com.
    Network Select the Classic virtual network of your choice. If you accept the default, a new virtual network is created under the Resource Manager deployment model.
    Storage Select existing Classic storage or create new Classic storage.
    Endpoints
    • Create an endpoint for port 443. This allows you to access the BIG-IP Configuration utility.
    • Create additional endpoints for any other ports that need external access. For example, port 80 if the BIG-IP VE will process HTTP traffic.
    • If you choose SSH and do not specify a public port, the system provides a port number for you. Once a port number is assigned, it can't be re-used until you remove or reconfigure that endpoint.
  9. For Resource Group, either accept the default or click the right arrow (>) to change it.
    A resource group is a logical container of related resources.
    Important: If you choose an existing resource group, you will be choosing from a list of Azure Classic Cloud Services. If you create a new group, you are creating a new resource group.
  10. Confirm that the subscription and location are correct, and agree to the legal terms.
  11. Click Create.
The following resources are created:
  • A BIG-IP VE virtual appliance with one network interface.
  • A VLAN named internal.
  • A self IP address named self_1nic.
Note: Only one VLAN is supported in Azure and it was created during deployment, so when you access the BIG-IP Configuration utility, you do not need to use the Setup wizard to configure networking.

Create a public key for authentication

To use public key authentication, you need an SSH public key. For more information, see https://azure.microsoft.com/en-us/documentation/articles/virtual-machines-linux-use-ssh-key.

  • For Linux and Mac OS X operating systems, use the ssh-keygen command-line utility to produce a key pair (which includes a .pub file). Then, convert that public key using the command: ssh-keygen -e -f<path-to-dot-pub-file>.
  • For Windows operating systems, use the PuTTYGen utility to create a public key pair.

Access the BIG-IP Configuration utility

The BIG-IP® Configuration utility is a web page you use to configure the BIG-IP VE virtual appliance. By default, this page is accessible through port 443.

After you deploy BIG-IP VE:
  1. If you used a key pair when you deployed BIG-IP VE, you must use SSH to connect to BIG-IP VE and set the Admin password.
  2. You must log in to the BIG-IP Configuration utility and license and provision the system.
  3. After you have logged in at least one time, for the Resource Manager deployment model: Use tmsh to change the Configuration utility port.
Note: For the Classic deployment model, when you deployed BIG-IP VE, you added an endpoint for port 443 in Azure. If you change the port in the BIG-IP system, you must also change the endpoint in Azure.

Set the admin password

If you use a key pair (rather than a password) to authenticate access to the Azure instance, you must set an administrator password for the BIG-IP® Configuration utility.
  1. Use a secure shell terminal (SSH) to access the instance; use either the private key or user name for authentication (depending on what you specified when you created the instance).
  2. Ensure you are at the tmsh prompt. If you logged in as admin, the bash prompt is displayed by default.
  3. Create a password for the admin user for the instance.
    modify auth user <username> password <user-password>
  4. Save the changes to the system configuration.
    save sys config
  5. End the SSH session.
You can now connect to the BIG-IP Configuration utility by using the admin account and password.

Change the Configuration utility port

Before completing these steps, the BIG-IP® VE must be licensed and provisioned.
The BIG-IP Configuration utility uses port 443 by default. Change the port to 8443 so you can use 443 for application traffic.
Note: These steps are required for the Resource Manager deployment model only.
  1. Use a secure shell terminal (SSH), like PuTTy, to access the instance; use either the private key or user name for authentication (depending on what you specified when you created the instance). You cannot use the root login.
  2. Type tmsh to ensure you are accessing the tmsh prompt.
  3. Confirm the port being used for SSL.
    list sys httpd ssl-port
    The result should be ssl-port 443.
  4. Move the port from 443 to 8443.
    modify sys httpd ssl-port 8443
  5. Confirm the move was successful.
    list sys httpd ssl-port

    The result should be ssl-port 8443.

  6. Add 8443 to the default self allow port list.
    modify net self-allow defaults add { tcp:8443 }
  7. Now that the Configuration utility is no longer using port 443, remove the reference to it.
    modify net self-allow defaults delete { tcp:443 }
  8. Confirm the changes.
    list net self-allow defaults
    tcp:pcsync-https is for 8443 and should be in the list. tcp:https is for 443 and should not be in the list.
  9. Save the changes to the system configuration.
    save sys config
  10. End the SSH session.
  11. Open a web browser and go to the BIG-IP Configuration utility by using port 8443, for example: https://<public-ip-address>:8443.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)