Applies To:

Show Versions Show Versions

Manual Chapter: Deploying BIG-IP Virtual Edition in Azure
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Task List: Deploy BIG-IP VE in Azure

These tasks are required to deploy BIG-IP® VE in the Microsoft Azure cloud environment. When you are done, you should be able to send traffic to your application servers through BIG-IP VE.

Each of these tasks is documented in detail later in this guide.

Step Task Description
1 Prepare to deploy BIG-IP VE
  • Choose an F5 license. For more information, see https://f5.com/products/how-to-buy/simplified-licensing.
  • Choose an Azure instance type. For more information, see the Azure instances for BIG-IP VE topic in this guide.
  • In Azure, create an application server in a resource group. BIG-IP VE will be in the same resource group.
  • Create a key pair (recommended for production environments).
2 In Azure, deploy BIG-IP VE You can find an F5® BIG-IP VE image in the Azure Marketplace and create an instance in the same resource group as your application. If you are using the Classic deployment model, the process will be different than the Resource Manager deployment model.
3 In Azure, create rules that allow inbound traffic to BIG-IP VE When you deploy BIG-IP VE, a network security group is created in Azure. Add an inbound security rule to allow traffic to port 8443 for the BIG-IP Configuration utility and port 443 for your application.
4 SSH to BIG-IP VE and set admin password If you used a key when you deployed the instance, use SSH to connect to BIG-IP VE and set a password for the admin account. The admin account is used to access the BIG-IP Configuration utility.
5 Log in to the BIG-IP Configuration utility and license, provision BIG-IP VE Use the admin account to log in to the BIG-IP Configuration utility (https://<public-ip-address:8443>). Then license and provision BIG-IP VE.
6 In the BIG-IP Configuration utility, create a pool and virtual server Create a virtual server, which provides a destination for your inbound web traffic and points to the pool of web servers. Because IP addresses in Azure may change, use the DNS name of your application server as the pool member.

Deploy BIG-IP VE in Azure Resource Manager

In order to create a virtual machine running BIG-IP® VE in Azure, you can deploy BIG-IP VE in the Azure Resource Manager deployment model.

For Azure Classic instructions, see Deploying BIG-IP VE in Azure Classic.

  1. Log in to the Microsoft Azure Portal at https://portal.azure.com.
  2. On the Dashboard, select Marketplace.
  3. In the Filter field, type F5 and press Enter.
  4. From the list of options, select the F5 image of your choice.
  5. From the Select a deployment model list, select Resource Manager and click Create.
  6. On the Basics page, complete these settings.
    Setting Details
    Name A name for the instance.
    VM disk type Accept the default or change it.
    User name A name for the person who will log in to BIG-IP VE. You can't change or access this field later.
    Authentication type SSH keys are more secure than passwords. For information about getting public keys, see Create a key pair for authentication.
    Subscription Accept the default or change it.
    Resource group A resource group is a logical container of related resources. Accept the default or change it.
    Location Accept the default or change it.
  7. Click OK.
  8. On the Size page, choose the instance size that meets your needs, and click Select.
    For a list of instances supported for each F5 license, see the Azure instances for BIG-IP VE topic in this guide.
  9. On the Settings page, accept the defaults or change them.
  10. Click OK.
  11. On the Summary page, click OK.
  12. On the Purchase page, click Purchase to initiate the deployment.
    To check the status, click the notifications bell on the top toolbar.
The system creates the following resources:
  • A BIG-IP VE virtual machine with one network interface and a public IP address
  • A VLAN named internal
  • A self IP address named self_1nic
Note: Only one VLAN is supported in Azure and it was created during deployment, so when you access the BIG-IP Configuration utility, you do not need to use the Setup wizard to configure networking.

Deploy BIG-IP VE in Azure Classic

Follow these steps to deploy BIG-IP® VE in the Azure Classic deployment model. Even though you are using Classic resources, you perform these steps in the new Resource Manager portal.

For Azure Resource Manager instructions, see Deploy BIG-IP VE in Azure Resource Manager.

  1. Log in to the Microsoft Azure Portal at https://portal.azure.com.
  2. On the Start pane, select Marketplace.
  3. In the Filter field, type F5 and press Enter.
  4. From the list of options, select the F5 image of your choice.
  5. From the Select a deployment model list, select Classic and then click Create.
  6. On the Create VM page:
    Setting Details
    Host Name A name for the virtual appliance.
    User name A name for the person who will log in. You can't change or access this field later.
    Authentication type SSH keys are more secure than passwords. For information on getting public keys, see Create a public key for authentication.
    Pricing Tier For a list of instances supported for each F5 license, see Azure instances for BIG-IP VE.
  7. For Pricing Tier, leave the default or choose the instance size that meets your needs and click Select.
    For a list of instances supported for each F5 license, see Azure instances for BIG-IP VE.
  8. For Optional Configuration, note the following details.
    Setting Details
    Availability set
    • All instances in an availability set must have the same subnets.
    • BIG-IP high availability is currently not supported in Azure, so you should configure the BIG-IP to reboot if a daemon fails. For details, see the BIG-IP® System: Essentials guide on AskF5.com.
    Network Select the Classic virtual network of your choice. If you accept the default, a new virtual network is created under the Resource Manager deployment model.
    Storage Select existing Classic storage or create new Classic storage.
    Endpoints
    • Create an endpoint for port 443. This allows you to access the BIG-IP Configuration utility.
    • Create additional endpoints for any other ports that need external access. For example, port 80 if the BIG-IP VE will process HTTP traffic.
    • If you choose SSH and do not specify a public port, the system provides a port number for you. Once a port number is assigned, it can't be re-used until you remove or reconfigure that endpoint.
  9. For Resource Group, either accept the default or click the right arrow (>) to change it.
    A resource group is a logical container of related resources.
    Important: If you choose an existing resource group, you will be choosing from a list of Azure Classic Cloud Services. If you create a new group, you are creating a new resource group.
  10. Confirm that the subscription and location are correct, and agree to the legal terms.
  11. Click Create.
The following resources are created:
  • A BIG-IP VE virtual appliance with one network interface.
  • A VLAN named internal.
  • A self IP address named self_1nic.
Note: Only one VLAN is supported in Azure and it was created during deployment, so when you access the BIG-IP Configuration utility, you do not need to use the Setup wizard to configure networking.

Create inbound traffic rules

In order to access the BIG-IP Configuration utility, you must open port 8443. In order to connect to your application through BIG-IP VE, you must open port 443.
  1. In the Azure portal, click Browse > Network security groups .
  2. Filter the list to find your group.
  3. On the Settings blade, click Inbound security rules.
    By default, port 22 is open, so you can connect to BIG-IP by using SSH.
  4. On the Inbound security rules blade, click Add.
  5. Leave the default settings, but enter a name and for the Destination port range, type 443.
    This allows SSL application traffic for port 443 to reach BIG-IP VE.
  6. Click OK.
Now complete the steps again, using 8443 as the Destination port range. This allows management traffic for port 8443 to reach BIG-IP VE.

Set the admin password

If you use a key pair (rather than a password) to authenticate access to the Azure instance, you must set an administrator password for the BIG-IP® Configuration utility.
  1. Use a secure shell terminal (SSH) to access the instance; use either the private key or user name for authentication (depending on what you specified when you created the instance).
  2. Ensure you are at the tmsh prompt. If you logged in as admin, the bash prompt is displayed by default.
  3. Create a password for the admin user for the instance.
    modify auth user <username> password <user-password>
  4. Save the changes to the system configuration.
    save sys config
  5. End the SSH session.
You can now connect to the BIG-IP Configuration utility by using the admin account and password.

License BIG-IP VE

You must enter license information before you can use BIG-IP® VE.
  1. Open a web browser and go to the BIG-IP Configuration utility, for example: https://<public-ip-address>:8443.
    The username is the one you set when you deployed BIG-IP VE. The password is the one you set in either Azure or BIG-IP.
  2. On the Setup Utility Welcome page, click Next.
  3. On the General Properties page, click Activate.
  4. In the Base Registration key field, enter the case-sensitive registration key from F5®. For Activation Method, if you have a production or Eval license, choose Automatic and click Next.
  5. If you chose Manual, complete these steps:
    1. In the Step 1: Dossier field, copy all of the text and then click Click here to access F5 Licensing Server.

      A separate web page opens.

    2. On the new page, click Activate License.
    3. In the Enter your dossier field, paste the text and click Next.
    4. Accept the agreement and click Next.
    5. On the Activate F5 Product page, copy the license text in the box. Now go back to the BIG-IP Configuration utility and paste the text into the Step 3: License field.
    6. Click Next.
The BIG-IP VE system registers the license and logs you out. When the configuration change is successful, click Continue to provision BIG-IP VE.

Provision BIG-IP VE

You can't begin to work in the BIG-IP® Configuration utility until you've confirmed the modules you want to provision, as well as other initial configuration information.
  1. Open a web browser and go to the BIG-IP Configuration utility, for example: https://<public-ip-address>:8443.
    The username is admin and the password is the one you set previously.
  2. On the Resource Provisioning screen, change settings if necessary and click Next.
  3. On the Device Certificates screen, click Next.
  4. On the Platform screen, in the Admin Account field, enter the host name.
  5. In the User Administration section, re-enter the password for the admin account and click Next.

    BIG-IP VE logs you out.

  6. When you log back in, go to the Setup Utility > Network screen, and in the Advanced Network Configuration area, click Finished.

Create a pool and add members to it

Traffic from BIG-IP® VE is sent to a pool. Your application servers should be members of this pool.
  1. Open a web browser and go to the BIG-IP Configuration utility, for example: https://<public-ip-address>:8443.
  2. On the Main tab, click Local Traffic > Pools .
  3. Click Create.
  4. In the Name field, type web_pool.
    Names must begin with a letter, be fewer than 63 characters, and can contain only letters, numbers, and the underscore (_) character.
  5. For Health Monitors, move https from the Available to the Active list.
  6. Choose the load balancing method or retain the default setting.
  7. In the New Members section, in the Address field, type the DNS name of an application server in Azure.
  8. In the Service Port field, type a service port, for example, 443.
  9. Click Add.
    The member is displayed in the list.
  10. Add additional pool members as needed and click Finished.

Create a virtual server

A virtual server listens for packets destined for the public IP address. You must create a virtual server that points to the pool you created.
  1. In the BIG-IP® Configuration utility, on the Main tab, click Local Traffic > Virtual Servers .
  2. Click Create and populate the following fields.
    Field Value
    Name A unique name
    Destination Address/Mask BIG-IP VE's private IP address
    Service Port 443
    HTTP Profile http
    SSL Profile (Client) clientssl
    SSL Profile (Server) serverssl
    Source Address Translation Auto Map
    Default Pool web_pool
    Note: These settings are for demonstration only. For details about securing a web application with SSL, see the product documentation at f5.com.
  3. Click Finished.
Traffic to the BIG-IP VE public IP address will now go to the pool members. To test in a browser, type: https://<public-IP-address>.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)