As you start to think about how to group BIG-IP® devices into Access groups that share a configuration, there are a few things you might want to keep in mind. When you select a device for an Access group, you are selecting the shared configuration for all of the devices in the group.
When you add BIG-IP devices to an Access group, Access evaluates the differences between the devices in the group. Access reports the differences for your information. If you need to make configuration changes on any of the devices, Access lets you know which device to change, and which object to update, delete, or add.
Machine accounts support Microsoft Exchange clients that use NTLM authentication. An NTLM Auth Configuration object refers to a machine account. If the APM® configurations on the BIG-IP® systems include machine accounts, you might want to be aware of the following information.
In an Access group, the machine accounts on the devices must each have been created with the same name. If this is not the case, the deployment fails. The deployment differences will include the names of the devices on which you must reconfigure the machine accounts before you can successfully deploy.
On a BIG-IP® device, bandwidth controller configuration objects (policies and priority groups) are configured at the system level. In APM ®, they are used to provide traffic shaping for Citrix clients that support MultiStream ICA. In an access policy, a BWC policy item refers to a bandwidth controller policy. If the APM configurations on the BIG-IP systems refer to bandwidth controller objects, you should be aware of the following information.
The bandwidth controller configuration objects on the device are treated as if they were part of the Access shared configuration. That means when you import the APM service configuration from a device, the bandwidth controller objects are imported and cannot be updated in the BIG-IQ® system. When you deploy the configuration, deployment creates the bandwidth controller objects on the devices.
For BIG-IP® system high availability, APM ® supports two devices in a Sync-Failover group; these devices can also be referred to as an HA pair.
Access has these requirements for HA pairs on BIG-IQ® system configuration:
To avoid problems after you create Access configurations on the BIG-IQ system, you should know which devices constitute each HA pair.