Manual Chapter : BIG-IP Devices HA Pairs and Clusters

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 5.3.0
Manual Chapter

Preliminary tips for putting an Access group together

As you start to think about how to group BIG-IP® devices into Access groups that share a configuration, there are a few things you might want to keep in mind. When you select a device for an Access group, you are selecting the shared configuration for all of the devices in the group.

When you add BIG-IP devices to an Access group, Access evaluates the differences between the devices in the group. Access reports the differences for your information. If you need to make configuration changes on any of the devices, Access lets you know which device to change, and which object to update, delete, or add.

Things to know about machine accounts

Machine accounts support Microsoft Exchange clients that use NTLM authentication. An NTLM Auth Configuration object refers to a machine account. If the APM® configurations on the BIG-IP® systems include machine accounts, you might want to be aware of the following information.

In an Access group, the machine accounts on the devices must each have been created with the same name. If this is not the case, the deployment fails. The deployment differences will include the names of the devices on which you must reconfigure the machine accounts before you can successfully deploy.

Things to know about bandwidth controller configurations

On a BIG-IP® device, bandwidth controller configuration objects (policies and priority groups) are configured at the system level. In APM ®, they are used to provide traffic shaping for Citrix clients that support MultiStream ICA. In an access policy, a BWC policy item refers to a bandwidth controller policy. If the APM configurations on the BIG-IP systems refer to bandwidth controller objects, you should be aware of the following information.

The bandwidth controller configuration objects on the device are treated as if they were part of the Access shared configuration. That means when you import the APM service configuration from a device, the bandwidth controller objects are imported and cannot be updated in the BIG-IQ® system. When you deploy the configuration, deployment creates the bandwidth controller objects on the devices.

Access requirements for HA pairs and clusters

For BIG-IP® system high availability, APM ® supports two devices in a Sync-Failover group; these devices can also be referred to as an HA pair.

Access has these requirements for HA pairs on BIG-IQ® system configuration:

  • If you import a device that is part of an HA pair, you must import the other device in the pair as well. Access must manage the configuration for both devices.
  • When you import the devices that are an HA pair, you must place both devices in a cluster that contains only that pair.
    Note: This is not enforced when you add devices to a cluster. But when you try to deploy the configuration, Access reports errors and deployment fails.
  • When you add devices to an Access group, you must add both members of a cluster to the same Access group. (You can add all clusters to one Access group or add clusters to multiple Access groups.)
    Note: Access enforces this requirement.

To avoid problems after you create Access configurations on the BIG-IQ system, you should know which devices constitute each HA pair.

Important: F5® recommends that you make a list of HA pairs, and keep it available for ready reference while you work in the BIG-IQ system.