Manual Chapter : Managing Device Resources

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 4.6.0
Manual Chapter

Managing Device Resources

About device resource management

You can use BIG-IQ® ADC to centrally manage resources located on BIG-IP® devices in your local network.

The first step to managing device resources is the discovery process. After discovery, you can make revisions, and then deploy the configuration changes to the managed devices for easy asset management. You can make these device configuration modifications without having to log in to each device individually.

Selecting specific devices to manage

You must have Read permissions to view the configuration objects imported from managed devices, and both Read and Write permissions to manage those objects.
Devices discovered in any area of BIG-IQ® (such as Device) become visible in the BIG-IQ® ADC list of managed devices. You can specify whether devices discovered from other areas also use the ADC local traffic configuration management capabilities. If you opt out of local traffic management for a device, you can continue Device management functions (such as license management, or backup and restore), without the overhead of local traffic object management.
Note: You can use either Monitoring View or Editing View to specify whether or not a device is managed.
  1. Log in to BIG-IQ ADC with the administrator user name and password.
  2. In the Devices panel, expand the group, if necessary, and hover over the device for which you wish to specify management; click the gear icon (gear), and then select Properties.
    The properties screen for the selected device opens.
  3. To change whether the device is being managed, select or clear the Manage ADC Configuration check box.
  4. Click Save.
    The system changes the management status as specified.

Viewing properties for managed configuration objects

You must have Read permissions to view the configuration settings imported from managed devices.

Before you can monitor or manage settings for configuration objects on a device, you must be managing that device.

Using BIG-IQ® ADC, you can view configuration objects settings for virtual servers, pools, nodes, and iRules® that reside on managed BIG-IP® devices.
  1. Log in to BIG-IQ ADC with the administrator user name and password.
  2. At the top of the screen, click Configuration, and then, next to the Filter field, click Monitoring View.
    The Devices panel displays the list of devices that the BIG-IQ system is currently managing, along with the configuration objects on those devices. This view shows the objects and settings most recently imported from the managed BIG-IP device. The list shows only configuration objects for which you have Read or Read/Write permissions.
  3. On the panel that corresponds to the type of object you want to view, hover over the object you want to view, click the gear icon, and then select Properties to access the configuration settings that have been imported for this object.
    The screen displays properties for the selected object.
  4. Use the scroll bar to view the entire set of settings defined for the selected configuration.
    Important: If you are viewing settings for a virtual server, do not overlook the two areas at the bottom of the screen (Configuration and Resources) that expand to display additional settings.

Overwriting undeployed changes

You must have Read permissions to view the configuration settings imported from managed devices.

The default behavior for the BIG-IQ® system in its role as manager is to exercise authority over the devices it manages. The settings of the managing BIG-IQ system prevail. That is, if there are differences between the current objects and settings on the managed BIG-IP® device, and the objects and settings that the managing BIG-IQ system has for that BIG-IP device, the BIG-IQ system uses the settings it already has.

In situations in which you do not want this to occur, you can overwrite the objects and settings that the BIG-IQ system recognizes for the managed device with the current objects and settings on the managed device. When you do this, settings on the BIG-IQ system (including undeployed configuration revisions) are replaced with the settings from the managed device.

Note: Overwriting undeployed changes removes all configuration revisions you have made for the selected device. If you have made a significant number of changes on the BIG-IQ system and only want to discard a few of them, it might be better to revert them individually.
  1. Log in to BIG-IQ ADC with the administrator user name and password.
  2. At the top of the screen, click Configuration, and then click Editing View.
    The Devices panel displays the list of devices that the BIG-IQ system is currently managing, along with the configuration objects on those devices. This view displays the objects and settings currently configured on the managing BIG-IQ system. Only configuration objects for which you have Read or Read/Write permissions are displayed.
  3. In the Devices panel, expand the device group in which your device resides, hover over the device for which you wish to discard changes, click the gear icon (gear), and then select Properties.
    The properties screen for the selected device opens.
  4. To review the settings on the managed device before you overwrite them:
    1. In the Configuration setting, click the View Diff link.
      A Configuration Differences popup screen opens to show the property settings currently on the managed device (Current Config) and the property settings currently on the BIG-IQ system (Working Config).
    2. Review the differences.
    3. To proceed with discarding changes, click Reimport, (or you can click Close to leave things as they are).
      If you click Reimport, a Reimport Configuration? popup screen opens.
    4. Click Reimport to discard the differences, and replace all changes currently pending on the BIG-IQ system for this managed BIG-IP device, with the objects and settings as they currently exist on the managed BIG-IP device.
  5. To overwrite the settings on the managed device without reviewing them:
    1. Click Reimport.
      A Reimport Configuration? popup screen cautions you that you are about to replace all changes currently pending on the BIG-IQ system for the managed BIG-IP device with the objects and settings as they currently exist on the managed BIG-IP device.
    2. Click Reimport to complete the overwrite.
    Important: The Last sync setting shows you the time and date when the last refresh was performed. If changes have been made to configuration objects since the last sync, those settings do not display when you view the differences; however, those settings are included in the overwrite if you select Sync Configuration.
  6. Click Save to close the properties screen.
The objects and settings for the configuration objects that currently exist on the BIG-IP device overwrite the settings for those objects on the managing BIG-IQ system.

Refreshing managed object view

You must have Read permissions to view the configuration settings imported from managed devices.
Configuration object settings for virtual servers, pools, nodes, and iRules® that reside on managed devices are imported during device discovery. However, if the device administrator makes changes to these settings after device discovery, the settings seen on the BIG-IQ® device may not be completely current. You can refresh the managed object view to make sure that you have the most up to date values for the imported configuration object properties.
  1. Log in to BIG-IQ ADC with the administrator user name and password.
  2. At the top of the screen, click Deployment.
    The screen displays a list of active deployment jobs. Jobs are categorized as Pending, Error, or Completed. These are deployments that are already in process. To get your configuration changes applied to the appropriate device, you need to create a new job.
  3. Select Review Pending Changes.
    1. In the upper right corner of the Configuration Differences popup screen, select Refresh Diff.
      The list of configuration objects that differ from the objects in the working config refreshes.
    2. When you finish reviewing the refreshed list, click Close on the popup screen.
If the refresh shows you managed object changes that you do not want to lose, use the Overwriting undeployed changes task to retain them. If you decide not to retain the changes, proceed with deploying the changes (Reviewing and deploying configuration settings).

Changing device local traffic objects

Before you make changes to a local traffic object on a managed device, there are two tasks to perform to ensure that you get the expected result.

  • Make sure that no undeployed changes exist for the local traffic object on the managing BIG-IQ® system. Overwrite undeployed changes before proceeding.
  • Make sure you have the most up to date information about the object on the managed BIG-IP® device. Refresh the managed object view to update the BIG-IQ system.

You must have Read/Write permissions to make changes to a local traffic object on a managed device.

You can make revisions to the configuration of local traffic objects (virtual servers, pools, and nodes) on managed devices.
Important: When revising configurations on devices that belong to a high availability cluster, it is important to let the changes synchronize to the cluster members instead of trying to make the same changes to multiple devices. If you try to replicate changes you made on one device in the cluster, the next config sync attempt could fail.
  1. Log in to BIG-IQ ADC with the administrator user name and password.
  2. At the top of the screen, click Configuration, and then click Editing View.
    The Devices panel displays the list of devices that the BIG-IQ system is currently managing, along with the configuration objects on those devices. This view displays the objects and settings currently configured on the managing BIG-IQ system. Only configuration objects for which you have Read or Read/Write permissions are displayed.
  3. On the panel that corresponds to the type of object you want to change, hover over the object you want to view, click the gear icon, and then select Properties to access the configuration settings that have been imported for this object.
    The properties screen for the selected object opens.
  4. On the Properties screen, make changes to the configuration object you want to modify.
    1. To enable an iRule on a virtual server, expand Resources, then select the iRule from the Available list, and use the Move button to move the iRule to the Enabled list.
    2. When you are satisfied with the changes you have made, click Save.
    The revisions you saved are made, and the Properties screen for the selected object closes.
Changes that you make are made only to the pending version. The pending version serves as a repository for changes you stage before deploying them to the managed device. Object settings for the pending version are not the same as the object settings on the actual BIG-IP device until they are deployed or discarded.
Important: There is an exception to this pattern. When you view properties for a pool and click Enable, Disable, or Force Offline, you can choose whether you want the change to occur immediately (Change Now), later (Change Later), or not at all (Cancel). Changes you decide to make later become part of the pending changes for the managed object.
To apply the pending version settings to the BIG-IP device, you need to deploy the revisions.

Creating a new virtual server

You can use the BIG-IQ® ADC interface to add a virtual server to a managed device.
Important: When revising configurations on devices that belong to a high availability cluster, it is important to let the changes synchronize to the cluster members instead of trying to make the same changes to multiple devices. If you try to replicate changes you made on one device in the cluster, the next config sync attempt could fail.
  1. Log in to BIG-IQ ADC with the administrator user name and password.
  2. At the top of the screen, click Configuration, and then click Editing View.
    The Devices panel displays the list of devices that the BIG-IQ system is currently managing, along with the configuration objects on those devices. This view displays the objects and settings currently configured on the managing BIG-IQ system. Only configuration objects for which you have Read or Read/Write permissions are displayed.
  3. Hover over the Virtual Servers panel and click the gear icon.
    The New Virtual Server screen opens.
  4. From the Device list, select the device on which to create the virtual server.
  5. In the Name field, type in a name for the virtual server you are creating.
  6. In the Description field, type in a brief description for the pool you are creating.
  7. For the Source Address, type an IP address or network from which the virtual server will accept traffic.
    For this setting to work, you must specify a value other than 0.0.0.0/0 or ::/0 (that is, any/0, any6/0). In order to maximize the utility of this setting, specify the most specific address prefixes that include your customer addresses, but exclude addresses outside of their range.
  8. For the Destination Address, type the IP address of the destination you want to add to the Destination list.

    The format for an IPv4 address is I<a>.I<b>.I<c>.I<d>. For example, 172.16.254.1.

    The format for an IPv6 address is I<a>:I<b>:I<c>:I<d>:I<e>:I<f>:I<g>:I<h>..

    For example, 2001:db8:85a3:8d3:1319:8a2e:370:7348.
  9. In the Service Port field, type a service port number, or select a type from the list.
    When you select a type from the list, the value in the Service Port field changes to reflect the associated default, which you can change.
  10. To configure the virtual server so that its status contributes to the associated virtual address status, select Notify Status to Virtual Address.
    When this setting is disabled, the status of the virtual server does not contribute to the associated virtual address status. This status, in turn, affects the behavior of the system when you enable route advertisement of virtual addresses.
  11. If you want the pool member and its resources to be available for load balancing, select State.
  12. To specify configuration parameters for this virtual server, expand Configuration and continue with the next thirteen steps. Otherwise, skip to step 25 in this procedure.
  13. From the Source Address Translation list, select the type of address translation pool used for implementing selective and intelligent source address translation.
    • None: The system does not use a source address translation pool for this virtual server.
    • SNAT: The system uses source network address translation (NAT), as defined in the specified SNAT pool, for address translation.
    • Auto Map: The system uses all of the self IP addresses as the translation addresses for the pool.
  14. In the Connection Limit field, type the maximum number of concurrent connections allowed for the virtual server.
  15. In the Connection Rate Limit field, type the maximum number of connections-per-second allowed for a pool member.
    When the number of connections-per-second reaches the limit for a given pool member, the system redirects additional connection requests. This helps detect Denial of Service attacks, where connection requests flood a pool member. Setting the limit to 0 turns off connection limits.
  16. From the Connection Rate Limit Mode list, select the scope of the rate limit defined for the virtual server.
    • Per Virtual Server: Applies rate limiting to this virtual server.
    • Per Virtual Server and Source Address: Applies Connection Rate Limit Source Mask to the source IP address of incoming connections to this virtual server, and applies the rate limit to connections sharing the same subnet. The Connection Rate Limit Source Mask specifies the number of bits in the IP address to use as a limit key.
    • Per Virtual Server and Destination Address: Applies Connection Rate Limit Destination Mask to the destination IP address of outgoing connections from this virtual server, and applies the rate limit to connections sharing the same subnet. The Connection Rate Limit Destination Mask specifies the number of bits in the IP address to use as a limit key.
    • Per Virtual Server, Destination, and Source Address: Applies Connection Rate Limit Source Mask and Connection Rate Limit Destination Mask to the source and destination IP address of incoming connections to this virtual server, and applies the rate limit to connections sharing the same subnet. The Connection Rate Limit Source Mask and Connection Rate Limit Destination Mask specify the number of bits in the IP addresses to use as a limit key.
    • Per Source Address (All Rate Limiting Virtual Servers): Applies rate limiting based on the specified source address for all virtual servers that have rate limits specified.
    • Per Destination Address (All Rate Limiting Virtual Servers): Applies rate limiting based on the specified destination address for all virtual servers that have rate limits specified.
    • Per Source and Destination Address (All Rate Limiting Virtual Servers): Applies rate limiting based on the specified source and destination addresses for all virtual servers that have rate limits specified.
  17. If you want the system to translate the virtual server address, select Address Translation.
    This option is useful when the system is load balancing devices that have the same IP address.
  18. If you want the system to translate the virtual server port, select Port Translation.
    This option is useful when you want the virtual server to load balance connections to any service. The default is enabled.
  19. From the Source Port list, select how you want the system to preserve the connection's source port.
    • Preserve: Specifies that the system preserves the value configured for the source port, unless the source port from a particular SNAT is already in use, in which case the system uses a different port.
    • Preserve Strict: Specifies that the system preserves the value configured for the source port. If the port is in use, the system does not process the connection. Restrict the use of this setting to cases that meet at least one of the following conditions:
      • The port is configured for UDP traffic.
      • The system is configured for nPath routing or is running in transparent mode (that is, there is no translation of any other Layer 3 or Layer 4 field).
      • There is a one-to-one relationship between virtual IP addresses and node addresses, or clustered multi-processing (CMP) is disabled.
    • Change: Specifies that the system changes the source port. This setting is useful for obfuscating internal network addresses.
  20. To replicate client-side traffic (that is, prior to address translation) to a member of a specified pool, select that pool from the Clone Pool (Client) list.
  21. To replicate server-side traffic (that is, prior to address translation) to a member of a specified pool, select that pool from the Clone Pool (Server) list, select the device on which to create the virtual server.
  22. Use the Auto Last Hop list to specify whether you want the system to send return traffic to the MAC address that transmitted the request, even if the routing table points to a different network or interface.
  23. From the Last Hop Pool list, select the pool the system uses to direct reply traffic to the last hop router.
  24. If you want the system to allow IPv6 hosts to communicate with IPv4 servers, select NAT64.
  25. To specify the virtual server score in percent, type that value in the VS Score field.
    Global Traffic Manager™ (GTM™) uses this value to load balance traffic in a proportional manner.
  26. To specify additional resource details for this virtual server, expand Resources and continue with the next two steps. Otherwise, skip to the last step in this procedure.
  27. To specify which iRules® are enabled for this virtual server, use the arrow buttons to move iRules between the Available and Enabled lists.
    iRules are applied in the order in which they are listed.
  28. Use the Default Pool list to select the pool name that you want the virtual server to use as the default pool.
    A load balancing virtual server sends traffic to this pool automatically, unless an iRule directs the server to send the traffic to another pool.
  29. Click Save.
    The system creates the new virtual server with the settings you specified.

Creating a new pool

You can use the BIG-IQ® ADC interface to add a pool to a managed device.
Important: When revising configurations on devices that belong to a high availability cluster, it is important to let the changes synchronize to the cluster members instead of trying to make the same changes to multiple devices. If you try to replicate changes you made on one device in the cluster, the next config sync attempt could fail.
  1. Log in to BIG-IQ ADC with the administrator user name and password.
  2. At the top of the screen, click Configuration, and then click Editing View.
    The Devices panel displays the list of devices that the BIG-IQ system is currently managing, along with the configuration objects on those devices. This view displays the objects and settings currently configured on the managing BIG-IQ system. Only configuration objects for which you have Read or Read/Write permissions are displayed.
  3. Hover over the Pools panel and click the add icon.
    The New Pool screen opens.
  4. In the Name field, type in a name for the pool you are creating.
  5. From the Device list, select the device on which to create the pool.
  6. In the Description field, type in a brief description for the pool you are creating.
  7. In the Load Balancing Method field, specify the type of load balancing you want the pool to use. The default is Round Robin.
  8. In the Priority Group Activation setting, specify how the system load balances traffic. The default is Disabled.
    1. To have the system load balance traffic according to the priority number assigned to the pool member, select Less than.
    2. If you use a priority number, from the Available Member(s) list, select the minimum number of members that must be available in one priority group before the system directs traffic to members in a lower priority group.
      When a sufficient number of members become available in the higher priority group, the system again directs traffic to the higher priority group.
  9. To specify advanced properties, expand Advanced Properties and continue with the next twelve steps. Otherwise, skip to the last step in this procedure.
  10. To automatically enable or disable NATs for connections that use this pool, for the NAT setting, select Allow.
  11. To automatically enable or disable SNATs for connections that use this pool, for the SNAT setting, select Allow.
  12. To specify how the system should respond when the target pool member becomes unavailable, select a value from the Action On Service Down list.
    • None: Specifies that the system takes no action to manage existing connections when a pool member becomes unavailable. The system maintains existing connections, but does not send new traffic to the member.
    • Reject: Specifies that, if there are no pool members available, the system resets and clears the active connections from the connection table and sends a reset (RST) or Internet Control Message Protocol (ICMP) message. If there are pool members available, the system resets and clears the active connections, but sends newly arriving connections to the available pool member and does not send RST or ICMP messages.
    • Drop: Specifies that the system simply cleans up the connection.
    • Reselect: Specifies that the system manages established client connections by moving them to an alternative pool member when monitors mark the original pool member down.
  13. To specify the duration during which the system sends less traffic to a newly-enabled pool member, select a value from the Slow Ramp Time field.
    The amount of traffic is based on the ratio of how long the pool member has been available compared to the slow ramp time, in seconds. Once the pool member has been online for a time greater than the slow ramp time, the pool member receives a full proportion of the incoming traffic. Slow ramp time is particularly useful for the least connections load balancing mode.
    Important: Setting this to a non-zero value can cause unexpected Priority Group behavior, such as load balancing to a low-priority member even with enough high-priority servers.
  14. To specify whether the system sets a Type of Service (ToS) level within a packet sent to the client, based on the targeted pool, select a value from the IP ToS to Client list.
    Setting a ToS level affects the packet delivery reliability.
    • Pass Through: The system does not change the ToS level within a packet.
    • Specify: Provides a field in which you can specify a ToS level to apply. Valid values are from 0 to 255.
    • Mimic: Specifies that the system sets the ToS level of outgoing packets to the same ToS level of the most-recently received incoming packet. For example, if the most-recently received packet had a ToS level of 3, the system sets the ToS level of the next outgoing packet to 3.
  15. To specify whether the system sets a Type of Service (ToS) level within a packet sent to the server, based on the targeted pool, select a value from the IP ToS to Server list.
    Setting a ToS level affects the packet delivery reliability.
    • Pass Through: The system does not change the ToS level within a packet.
    • Specify: Provides a field in which you can specify a ToS level to apply. Valid values are from 0 to 255.
    • Mimic: Specifies that the system sets the ToS level of outgoing packets to the same ToS level of the most-recently received incoming packet. For example, if the most-recently received packet had a ToS level of 3, the system sets the ToS level of the next outgoing packet to 3.
  16. To specify whether the system sets a the system sets a Quality of Service (QoS) level within a packet sent to the client, based on the targeted pool, select a value from the Link QoS to Client list.
    Setting a QoS level affects the packet delivery priority.
    • Pass Through: The system does not change the QoS level within a packet.
    • Specify: Provides a field in which you can specify a QoS level to apply. Valid values are from 0 to 7.
  17. To specify whether the system sets a the system sets a Quality of Service (QoS) level within a packet sent to the server, based on the targeted pool, select a value from the Link QoS to Server list.
    Setting a QoS level affects the packet delivery priority.
    • Pass Through: The system does not change the QoS level within a packet.
    • Specify: Provides a field in which you can specify a QoS level to apply. Valid values are from 0 to 7.
  18. To specify the number of times the system tries to contact a new pool member after a passive failure, select a value from the Reselect Tries field.
    A passive failure consists of a server-connect failure or a failure to receive a data response within a user-specified interval. The default is 0, which indicates no reselects.
  19. To enable TCP request queueing, select Request Queueing.
  20. To specify the maximum number of connection requests allowed in the queue, type an entry in the Request Queue Depth field.
    The default value of 0 permits unlimited connection requests, constrained only by available memory.
  21. To specify the maximum number of milliseconds that a connection request can be queued until capacity becomes available, whereupon the connection request is removed from the queue and reset, type an entry in the Request Queue Timeout field.
    The default value of 0 permits unlimited time in the queue.
  22. Click Save.
    The system creates the new pool with the settings you specified.

Creating a new node

You can use the BIG-IQ® ADC interface to add a node to a managed device.

Nodes are the basis for creating a load balancing pool. For any server that you want to be part of a load balancing pool, you must first create a node, that is, designate that server as a node. After designating the server as node, you can add the node to a pool as a pool member. You can also associate a health monitor with the node, to report the status of that server.

Important: When revising configurations on devices that belong to a high availability cluster, it is important to let the changes synchronize to the cluster members instead of trying to make the same changes to multiple devices. If you try to replicate changes you made on one device in the cluster, the next config sync attempt could fail.
  1. Log in to BIG-IQ ADC with the administrator user name and password.
  2. At the top of the screen, click Configuration, and then click Editing View.
    The Devices panel displays the list of devices that the BIG-IQ system is currently managing, along with the configuration objects on those devices. This view displays the objects and settings currently configured on the managing BIG-IQ system. Only configuration objects for which you have Read or Read/Write permissions are displayed.
  3. Hover over the Nodes panel and click the add icon.
    The New Node screen opens.
  4. From the Device list, select the device on which to create the node.
  5. In the Name field, type in a name for the node you are creating.
  6. For the Address field, select either Address, or FQDN, to specify how to identify the node you are creating.
    • If you select Address, type in the IP address that identifies the new node.
    • If you select FQDN, type in the fully qualified domain name that identifies the new node.
    If you select FQDN, the screen displays several additional settings.
  7. If you chose the FQDN method for identifying this node, specify the Address Type for this node by selecting either IPv4 or IPv6.
  8. If you chose the FQDN method for identifying this node, specify the Auto Populate setting.
    When the domain name you specify resolves to multiple IP addresses, you can enable this setting if you want read-only ephemeral nodes to be created for these addresses.
  9. If you chose the FQDN method for identifying this node, specify the Interval for this node.
    This setting specifies the number of seconds that you want the system to spend attempting to resolve a domain name.
  10. If you chose the FQDN method for identifying this node, specify the Down Interval for this node.
    This setting specifies the number of attempts you want the system to make to resolve a domain name.
  11. To specify configuration parameters for this node, expand Configuration and continue with the next three steps. Otherwise, skip to step fifteen in this procedure.
  12. For the Ratio, type the ratio weight you want to assign to the new node.
    When you are using the Ratio load balancing method, you can assign a ratio weight to each node in a pool. LTM uses this ratio weight to determine the correct node for load balancing. Note that at least one node in the pool must have a ratio value greater than 1. Otherwise, the effect equals that of the Round Robin load balancing method.
  13. For the Connection Limit, type the maximum number of concurrent connections allowed for this node.
  14. For the Connection Rate Limit, type the maximum rate of new connections per second allowed for this node.
    When you specify this limit, the system controls the number of allowed new connections per second, thus providing a manageable increase in connections without compromising availability. The default value of 0 specifies that there is no limit on the number of connections allowed per second.
  15. Click Save.
    The system creates the new node with the settings you specified.

About deploying configuration changes

Using BIG-IQ® ADC to manage the devices in your network means that you can deploy configuration changes without having to log in to each individual BIG-IP® device. You can review deployment changes before you make them, and then either make the changes, or revert them.

When you deploy changes to a managed device, before the BIG-IQ device applies the configuration changes, it first does a fresh import from the managed device to ensure there are no conflicts. If there are conflicts, the default behavior is to discard any changes made on the managed device before deploying the configuration changes. You can work around this by overwriting undeployed changes. Overwriting undeployed changes performs a fresh import from the managed BIG-IP device and uses those objects and settings to overwrite any revisions performed on the managing BIG-IQ device.

Note: When settings for configuration objects are changed on the managed device, you have two options:
  • Review and deploy the configuration settings from the BIG-IQ device. The settings from the managing BIG-IQ device overwrite the settings on the managed BIG-IP device.
  • Overwrite undeployed changes. Any changes that have been made using the BIG-IQ device user interface are overwritten with the settings from the managed BIG-IP device.

Reviewing and deploying configuration settings

Before you deploy configuration changes, be aware of the following prerequisites:
  • You must have a role of Administrator to deploy configuration changes.
  • Before you deploy changes to a managed device, make sure that changes have not been made to that device while you were assembling your configuration changes. Deploying changes to a managed device overwrites the objects and settings on the managed device with the settings specified on the BIG-IQ® device. To make sure you are not overwriting settings that you didn't know about, refresh the managed object view before deploying configuration changes.

You must create a deployment job and submit that job before changes to configuration objects you have made are applied to the managed device.

  1. Log in to BIG-IQ ADC with the administrator user name and password.
  2. At the top of the screen, click Deployment.
    The screen displays a list of active deployment jobs. Jobs are categorized as Pending, Error, or Completed. These are deployments that are already in process. To get your configuration changes applied to the appropriate device, you need to create a new job.
  3. In the Deployments panel, click the ( + ) icon.
    The New Deployment screen opens.
  4. In the Name field, type in a name for the deployment task you are creating.
  5. In the Description field, type in a brief description for the deployment task you are creating.
  6. From the list of configuration changes pending deployment, select the device for which you want to deploy changes.
  7. To review the changes before deploying them, select Review Pending Changes (to deploy without reviewing, skip this step).
    1. In the Modified area of the Configuration Differences popup screen, select each configuration object and scroll through the revisions.
      Important: As a prerequisite to this task, make sure that you know the most current configuration settings on the managed device. If you did not perform that refresh, the configuration settings you are comparing your revisions with may be out of sync with any changes made to the BIG-IP device since the last refresh.
      Note: If the refresh and review reveals minor changes that have been made on the managed device, and you do not want to lose those changes, consider adding those configuration changes to the managed object settings on the BIG-IQ system before you deploy the changes. If the changes are more substantial, you might want to reimport the managed device object settings to overwrite the undeployed changes on the BIG-IQ system.
    2. When you finish reviewing the pending changes, click Cancel on the popup screen.
  8. To start the task of deploying changes to the managed device, click Deploy. The BIG-IQ system starts processing the deployment job. When the job completes successfully, configuration settings on the managed device are overwritten with the settings from the managing BIG-IQ system.
    Note: To discard the just reviewed changes, overwrite the undeployed changes. The configuration settings currently on the managed device are freshly imported and overwrite the settings on the managing BIG-IQ system. For details, refer to Overwriting undeployed changes.

When you deploy a configuration job, details display in the Deployment panel's Pending list while the deployment is being processed. These details display until the job either fails or succeeds.

  • If the deployment fails, details display in the Deployment panel's Error list.
  • If the deployment is successful, details display in the Deployment panel's Completed list.
Important: The Completed deployments and Error lists maintain a 7-day history of deployment changes. After a week, these deployment change records are deleted.