Applies To:

Show Versions Show Versions

Manual Chapter: Integrating with VMware NSX 6.1
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

About integrating VMware NSX with a BIG-IP VE

BIG-IQ Cloud provides you with the tools to manage VMware resources required to deliver highly available applications. Management tasks include discovering and creating BIG-IP devices running in the private cloud. You can use this feature to accommodate seasonal traffic fluctuations by periodically adding and subtracting devices and application servers as needed. Additionally, you can provide NSX users access to self-deployable iApps through VMware integration.

The tasks you perform to set up and configure BIG-IQ devices to manage BIG-IP system traffic in a VMware NSX version 6.1 network, use both the BIG-IQ software user interface and the VMware NSX user interface. There is also a task for which you can have greater control and flexibility using a REST API call to the NSX API. This optional task is included at the end of the task sequence.

In most production environments, data plane and control plane traffic are segregated for security reasons. To accomplish this topology, the network management for all devices is on the control plane subnet.

There are several setup tasks that you must perform before you can begin to configure the BIG-IQ VMware-NSX integration to a BIG-IP VE device.

Important: For the most current instructions for performing these steps, refer to the VMware web site http://pubs.vmware.com/.
  • You must have installed a BIG-IQ system with a management network subnet. This subnet will be used for provisioning and discovering BIG-IP devices. This subnet must be configured to include DHCP services and the DHCP configuration must include a default gateway.
  • The DHCP IP pool must not include the IP address 192.168.1.245. This address is reserved for special use on the BIG-IP device.
  • You must set up VMware NSX Manager and VMware vCenter to share the management network subnet that you configured for the BIG-IQ system. When the BIG-IP VE that you configure boots for the first time, it attaches to this shared network.
  • You must configure the following objects in VMware vSphere Web Client before you can perform the VMware NSX integration.
    • A data center
    • A data store for your data center
    • A cluster

Network requirements for communication with VMware cloud services

For proper communication, BIG-IQ Cloud must have network access to the resources on which VMware software is installed. Before you can manage cloud resources, you must define a network route between the BIG-IQ Cloud device’s VLAN and the management VLAN on the VMware.

Setting up a VMware network for a BIG-IP VE

Before you can begin configuring the BIG-IQ device integration for a BIG-IP Virtual Edition (VE), you must perform the following setup tasks.

Important: For the most current instructions for performing these steps, refer to the VMware web site http://pubs.vmware.com/.
  1. You must have installed a BIG-IQ system with a management network subnet. This subnet will be used for provisioning and discovering BIG-IP devices. This subnet must be configured to include DHCP services and the DHCP configuration must include a default gateway.
  2. The DHCP IP pool must not include the IP address 192.168.1.245. This address is reserved for special use on the BIG-IP device.
  3. You must set up VMware NSX Manager and VMware vCenter to share the management network subnet that you configured for the BIG-IQ system. When the BIG-IP VE that you configure boots for the first time, it attaches to this shared network.
  4. You must configure the following objects in VMware vSphere Web Client before you can perform the VMare NSX integration.
    1. A data center
    2. A data store for your data center
    3. A cluster

Configuring VMware NSX and BIG-IQ Cloud for BIG-IP VE systems

Configuring the VMware objects described in this task makes it possible for a BIG-IQ system to configure and license a BIG-IP VE that you can manage with NSX as a load balancing service runtime. Your vCenter users can use this service runtime to deploy load-balanced virtual servers.

  1. Log in to vCenter using the vSphere Web Client.
  2. In the VMware vSphere Web Client, create additional virtual network connectivity options. One network must be a management network; typically the BIG-IQ system uses it for provisioning BIG-IQ systems and for discovering BIG-IP devices. You can use an internal network for provisioning and discovering BIG-IP devices as long as that network can be reached by the BIG-IQ device. The other required network is data plane; the BIG-IP device uses it to pass traffic. You need one management network and then you can create up to three data plane networks. You can choose whether each network is a Logical Switch, a Standard Portgroup, or a Distributed Portgroup.
    1. Define a management network for the BIG-IP device. Use a typical IP address range to refer to this network: 192.168.11.0/24.
    2. Define a data network. Use a typical IP address range to refer to this network: 10.22.0.0/16.
    3. Optionally, define another data network. Use a typical IP address range to refer to this network: 10.33.0.0/16.
    4. Optionally, define another data plane network for the BIG-IP device. Use a typical IP address range to refer to this network: 10.44.0.0/16.
  3. In the VMware vSphere Web Client, create two to four IP Pools, one for each network. As you create each pool, you are prompted for a name. Make a note of the names you choose so that when you need to associate each pool to a network interface, you will know which is which.
  4. In the VMware vSphere Web Client, set up a web server on the just-created management network. The NSX Manager uses the URL of this web server to access the installation file (OVA) for the BIG-IP VE you intend to provision.
  5. Decompress the OVA file and copy the contents (which include an OVF file) to an accessible location on the just-created web server. The NSX Manager uses the OVF file to create the BIG-IP VE.

The next tasks to perform are:

  • Create a new user
  • Activate a pool license
  • Create a BIG-IQ software - VMware NSX connector
  • Create a BIG-IQ device image (also referred to as an NSX node template)
  • Configure your virtual application networks

Creating an NSX callback user

Create an NSX callback user to provide that individual with access to specific NSX resources. You will need the name of this user when you add a VMware NSX 6.1 connector.
  1. Log in to BIG-IQ Cloud with your administrator user name and password.
  2. Hover over the User header, and click the + icon when it appears. The panel expands to display property fields for the new user.
  3. In the Full Name field, type a name to identify this user. The full name can contain a combination of symbols, letters, numbers and spaces.
  4. In the Password and Confirm Password fields, type the password for the new user.
  5. Click the Add button.
You can now specify this user name as the NSX Callback User Name.

About activating a pool license

When you integrate with VMware NSX to create BIG-IP VE virtual machines, you can activate a pool license so that BIG-IQ software can use a license from that pool to license the BIG-IP VE systems that it creates.

You can choose not to use a pool license and skip to discovering devices. If you make this choice, the BIG-IQ device still creates BIG-IP VE systems, but you need to license them before they can be used.

You initiate the license activation process with a base registration key. The base registration key is a character string that the license server uses to verify the functionality that you are entitled to license. If the system has access to the internet, you select an option to automatically contact the F5 license server and activate the license. If the system is not connected to the internet, you must manually retrieve the activation key from a system that is connected to the internet, and then transfer it to the BIG-IQ system.

Note: If you do not have a base registration key, contact your F5 Networks sales representative.

Automatically activating a pool license

You must have a base registration key before you can activate the license pool.
If the resources you are licensing are connected to the public internet, you can automatically activate the license pool.
  1. Log in to BIG-IQ Cloud with your administrator user name and password.
  2. In the Base Registration Key field, type or paste the BIG-IQ registration key.
  3. In the Add-on Keys field, paste any additional license key you have.
  4. For the Activation Method setting, select Automatic, and click the Activate button. The License Agreement displays.
  5. To accept the License Agreement, click the Agree button.
You can now assign this license to another BIG-IP device.

Manually activating a pool license

You must have a base registration key before you can activate the pool license.
If the BIG-IQ Device you are licensing is not connected to the public internet, you can still activate the pool license manually.
  1. Log in to BIG-IQ Device with your administrator user name and password.
  2. At the top of the screen, click Provisioning.
  3. Hover over the Licenses header, click the + icon when it appears, and then click Add New Pool License.
  4. In the License Name field, type the name you want to use to identify this license.
  5. In the Base Registration Key field, type or paste the BIG-IQ registration key.
  6. In the Add-on Keys field, paste any additional license key you have.
  7. For the Activation Method setting, select Manual and click the Generate Dossier button. The BIG-IQ system refreshes and displays the dossier in the Device Dossier field.
  8. Copy the text displayed in the Device Dossier field, and click the Access F5 manual activation web portal link. Alternatively, you can navigate to the F5 license activation portal at https://activate.f5.com/license/.
  9. Paste the dossier into the Enter your dossier field, and then click the Next button.
  10. To accept the License Agreement, click the Agree button.
  11. Copy the license file from the F5 license activation portal to BIG-IQ Device.
You can now assign this license to another BIG-IP device.

Creating a connection between BIG-IQ Cloud and NSX Manager

To enable integration between a third-party cloud provider and BIG-IQ Cloud, you must configure a cloud connector. A cloud connector is a resource that identifies the local or virtual environment in which a tenant deploys applications and, when necessary, adds parameters required by third-party cloud providers.
  1. Log in to BIG-IQ Cloud with your administrator user name and password.
  2. Hover over the Connectors header, click the + icon when it appears, and then click New Connector.
  3. In the Name and Description fields, type a name and description. You can use the name and description to help you organize network resources into logical groups based on certain criteria, such as the location or application.
    Important: You will need to recall the name you assign to this connector so that you can select it when you are configuring the VMware user interface. The name you specify is used as the service definition name in the VMware user interface.
  4. From the Cloud Provider list, select VMware NSX 6.1. The screen displays additional settings specific to VMware NSX.
  5. From the Devices list, select the device you want to associate with this connector.
  6. In the VMware NSX Address field, type the IP address of the VMware system. The VMware IP address must be fully accessible from the BIG-IQ device.
  7. In the VMware NSX User Name and VMware NSX Password fields, type the credentials that the BIG-IQ device will use to authenticate to the NSX Manager REST API.
  8. In the VMware vCenter Server Address field, type the IP address of the vCenter server.
  9. In the VMware vCenter Server User Name and VMware vCenter Server Password fields, type the credentials that the BIG-IQ device will use to authenticate to the vCenter SOAP API.
  10. From the BIG-IQ Callback User Name list, select the user name that NSX Manager uses to authenticate to the BIG-IQ REST API.
  11. In the BIG-IQ Callback Password field, type the password that NSX Manager uses to authenticate to the BIG-IQ REST API.
  12. From the BIG-IQ Callback Address list, select the IP address that this NSX Manager uses to access each BIG-IQ device in the HA cluster. By default, the management IP address is used, but you can specify a self IP address if you choose.
  13. Click the Save button.

As part of the connection creation process, the BIG-IQ system does the following:

  • Creates a new default tenant for the new connector.
  • Verifies connectivity to the NSX Manager and vCenter APIs, and registers the BIG-IQ system as an NSX Partner Service provider.
  • Creates a callback user role that enables NSX to access the BIG-IQ software resources necessary for interaction with the BIG-IQ REST API.

Provisioning a BIG-IP VE on NSX version 6.1

BIG-IQ software's NSX integration supports provisioning of a BIG-IP VE instance to provide load-balancing services in the context of an NSX Edge.

Important: You perform the following step-sequence using the vSphere Web Client user interface. At time of release, these steps accurately describe the VMware user interface. For the most current instructions for performing these steps, refer to the VMware web site http://pubs.vmware.com/.
  1. In the vSphere web client user interface, create a new NSX Edge in an undeployed state. If you specify a tenant ID when you create the Edge, BIG-IQ software will create a tenant with that ID when it creates the BIG-IP VE. Make sure that the NSX Edge you create identifies the Cluster/Resource Pool and the Datastore, but does not identify any interfaces. Otherwise, follow your standard practice for NSX Edge creation.
  2. For the just created NSX Edge, navigate to the Manage tab, and then select the Load Balancer tab. Then click the Edit button. The Edit Load balancer global configuration window displays.
  3. Select both Enable Load Balancer and Enable Service Insertion.
  4. For the Service Definition, select the name of the connector you created for NSX in a previous step.
  5. For the Service Configuration, select F5 ADC - Make a BIG-IP VE.
  6. Expand Typed Service Configuration Parameters and then determine which of these optional settings you want to specify.
    1. In the Value field next to F5-BIG-IP-VE key, type yes.
    2. If you want to specify a fully qualified host name of the node template to describe the kind of BIG-IP VE this template creates, in the Value field next to F5-BIG-IP-VE-FQ-HOST-NAME key, type that name in the value box next to Name of BIG-IP node template?.
      Tip: This step is optional. If you do not specify a host name, the template uses the default host name.
    3. Specify the name of the node template to describe the kind of BIG-IP VE this template creates; type that name in the Value field next to F5-BIG-IP-VE-OVF-NAME key.
      Tip: If you have already created a node template, than specify the name of it here. If you are creating a node template, then specify a name to go along with the URL that you specify in the next step.
    4. In the Value field next to the F5-BIG-IP-VE-OVF-URL key, type in the URL that describes the location of the OVF file that the BIG-IQ device uses to create the BIG-IP VE.
      Tip: This step is optional. You only need to specify the URL if the node template has not already been created.
      Tip: You can also specify this value using an API call.
    5. If you want to specify an admin password so that you can easily log in as administrator to this BIG-IP VE from NSX, type the password in the Value field next to the F5-BIG-IP-VE-ADMIN-PASSWORD key.
      Tip: If you choose to let the BIG-IQ system generate the password, you can view the password in the BIG-IQ device Servers panel.
      Tip: When the BIG-IP VE is initially provisioned, root login is disabled. To access the VE using root login, you must log in as admin and set the root password.
  7. Expand Service Instance Runtime Configuration, and then use the controls to specify settings for up to four virtual network interface controllers (vNICs). For each of the vNICs you specify, the IP Allocation Mode must be IP Pool.
    • The first required vNIC (vNIC0) provides the DHCP-enabled control plane network on which the BIG-IP VE boots. Choose the name specified previously that corresponds to the IP pool 192.168.11.0/24.
    • The next required vNIC (vNIC1) you specify provides the external data network on which the BIG-IP device creates virtual servers. Choose the name specified previously that corresponds to the IP pool 10.22.0.0/16.
    • The first optional vNIC you specify provides the internal data network on which load-balanced pool members are located. Choose the name specified previously that corresponds to the IP pool 10.33.0.0/16.
    • The next optional vNIC you specify provides the data plane network on which the BIG-IQ device discovers and manages BIG-IP devices. Choose the name specified previously that corresponds to the IP pool 192.44.0.0/16.
  8. Click OKto close the Edit Load balancer global configuration dialog box. VMware NSX configures the Edge Gateway based on the settings you specified.
When you finish editing an Edge with the settings described in this task, BIG-IQ software responds by creating and licensing the BIG-IP VE.

Using the API to define an NSX runtime deployment specification

VMware NSX uses a Runtime Deployment to specify parameters for BIG-IP virtual devices provisioned using a BIG-IQ software connection. Node templates simplify the task of specifying the parameters for the Runtime Deployment. This task uses the Create node template API to create a node template. The BIG-IQ system and NSX integration uses this template when it provisions new BIG-IP virtual devices.

Important: Using an API call to perform this task is optional. If you want to use the NSX user interface to specify the node template, you can do that. However, if you want to create the template in advance or see a list of existing templates before you define a new one, you can use a REST compliant HTTP request to execute an API call. To facilitate the process of submitting REST API calls, F5 includes an API management tool called Presentation Manager. This task steps you through its use.
  1. Use a web browser to access and log in to the BIG-IQ device. https://<BIG-IQ IP address>
  2. Use the Presentation Manager API tool to access the Create node template URL. https://<BIG-IQ IP address>/mgmt/cm/cloud/connectors/vmware-nsx/presentation The Presentation Manager interface opens for the Create node template API.
  3. Click Table of Contents. A lengthy list of API endpoints is displayed.
  4. From the list of API endpoints, locate the connector just created in the previous task. The connector will look something like this: /mgmt/cm/cloud/connectors/vmware-nsx/<connectorId>/nodes
  5. In the upper right corner, click the plus sign, and then scroll to the very bottom of the page and click the Advanced button. A small field, titled JSON Input opens.
  6. In the JSON Input field, type the values for three property IDs needed to register the node template as a deployment specification.
    • The OvfUrl entry identifies the URL specified previously for the OVF file that the BIG-IQ device uses to create the BIG-IP VE.
    • The BIG-IP entry set to true indicates that the template specifies provisioning details for a BIG-IP device.
    • The NodeTemplateName entry identifies the name you want NSX users to specify when requesting deployment of this type of BIG-IP VE.
    { "state": "TEMPLATE", "properties":[ { "id": "BIG-IP", "provider": "true" }, { "id": "NodeTemplateName", "value": "BIGIP-11.5.0.0.0.221.LTM_1SLOT-scsi.ovf" }, { "id": "OvfUrl", "provider": "http://server/ovfs/BIGIP-11.5.0.0.0.221.LTM_1SLOT-scsi/BIGIP-11.5.0.0.0.221-scsi.ovf" } ] }
  7. Click Save. Presentation Manager submits the REST API call with the JSON body you specified.
The API call registers the deployment specification received from the NSX API with the BIG-IQ software's NSX Partner Service. The REST API response includes the property ID ImageId. This value identifies the just-created deployment specification that confirms that the connection between the BIG-IQ system and the NSX device is established.

About integrating VMware NSX with a BIG-IP device

The integration between BIG-IQ Cloud and VMware NSX makes it possible for you to use existing physical BIG-IP devices to host NSX virtual servers. Using these servers, you can manage and deploy iApps on existing VMware NSX environments.

There are three connectivity options for this integration.

  • One connectivity option uses a pool of VLANs bridged to VXLAN networks.
  • One connectivity option uses VLAN trunks that the BIG-IQ device provisions for you. These VLANs must use a tagged interface.
  • One connectivity option uses VLANs that are already configured on the BIG-IP device. These VLANs can be either tagged or untagged depending on your network topology.

Most of the API calls for these options are the same; only the network setup varies. When there are specific differences in the API call, it is detailed in the task.

Important: NSX version 6.1.3 or later is required for this particular connectivity option.

Task summary

Setting up a VMware network for a VLAN pool bridged to a VXLAN network

Before you can begin configuring the BIG-IQ device integration for a VLAN pool bridged to a VXLAN network, you must perform the following setup tasks.

Important: For the most current instructions for performing these steps, refer to the VMware web site http://pubs.vmware.com/.
  1. Discover the device on which your VLANs will reside so you can configure the VLANs from the BIG-IQ device.
  2. Connect the BIG-IP device and the ESXi host to a physical switch. The BIG-IP device and the ESXi host must connect to a port set up to support a trunk interface.
  3. Create a vCenter distributed port group for each VLAN in the trunk. Each port group must have a tagged VLAN ID. This configuration is referred to as virtual switch tagging (VST). It ensures that outbound traffic to the BIG-IP device is tagged.
  4. Confirm that the vCenter distributed port group uplinks to the physical switch set up in the previous step.
  5. Pre-deploy a Logical Distributed Router (LDR) in the VMware NSX environment.
    1. Confirm that the VXLAN-transport VLAN uses the same physical switch as the BIG-IP device and the ESXi host.
    2. Confirm that the logical switches exist on the Distributed vSwitch (DVS).
    3. Deploy the LDR to the ESXi host on which the physical VLAN used for bridging to VXLAN is connected to the ESXi host.
    4. Configure the LDR with a unique interface to the management network with a valid IP Address. The management network LDR port group cannot be part of VXLAN-VLAN mapping.
    5. Configure the LDR with an interface to any port group on the DVS. You do not need to specify an IP address. This interface associates the LDR to the correct vSwitch.
      Important: There must be at least one LDR per DVS. If VXLAN to VLAN mapping goes above 255 for one DVS, more than one LDR per DVS is required.
  6. Define the IP pool for each port group in NSX. These IP addresses are used as the self IP address for the VLAN.
  7. You can also define an IP pool for the NSX virtual server when you deploy it. This step is optional.

Specifying VLANs on the interfaces to be provisioned

Specify VLANs for the interfaces that you plan to use in the VMware NSX integration.
  1. Log in to BIG-IQ Cloud with your administrator user name and password.
  2. On the Devices panel, select the device you want to configure, then click the gear icon and select Properties.
  3. If necessary, under VLAN Connectivity, select the plus sign to add a new entry to the VLAN Pools by Interface list.
  4. In the Interface field, type in the interface number to which the tagged interfaces are connected.
    Important: The BIG-IP device may use untagged, named interfaces in addition to the tagged, numbered interfaces that you configure here. Do not list the untagged interfaces on the BIG-IQ device.
  5. In the VLAN Pool field, type in the tag numbers assigned to the VLANs connected to this interface. Entries you make here can be comma-delimited to indicate specific tag numbers, or you can use a dash to indicate a range of tags, or both. (For instance, you could enter 20-60,90 to indicate the range of tags that exist from 20 to 60, and tag 90.
  6. Click Update.
The tagged VLANs you identified will be made available for the integration.

Creating a connection between BIG-IQ Cloud and NSX Manager

To enable integration between a third-party cloud provider and BIG-IQ Cloud, you must configure a cloud connector. A cloud connector is a resource that identifies the local or virtual environment in which a tenant deploys applications and, when necessary, adds parameters required by third-party cloud providers.
  1. Log in to BIG-IQ Cloud with your administrator user name and password.
  2. Hover over the Connectors header, click the + icon when it appears, and then click New Connector.
  3. In the Name and Description fields, type a name and description. You can use the name and description to help you organize network resources into logical groups based on certain criteria, such as the location or application.
    Important: You will need to recall the name you assign to this connector so that you can select it when you are configuring the VMware user interface. The name you specify is used as the service definition name in the VMware user interface.
  4. From the Cloud Provider list, select VMware NSX 6.1. The screen displays additional settings specific to VMware NSX.
  5. From the Devices list, select the device you want to associate with this connector.
  6. In the VMware NSX Address field, type the IP address of the VMware system. The VMware IP address must be fully accessible from the BIG-IQ device.
  7. In the VMware NSX User Name and VMware NSX Password fields, type the credentials that the BIG-IQ device will use to authenticate to the NSX Manager REST API.
  8. In the VMware vCenter Server Address field, type the IP address of the vCenter server.
  9. In the VMware vCenter Server User Name and VMware vCenter Server Password fields, type the credentials that the BIG-IQ device will use to authenticate to the vCenter SOAP API.
  10. From the BIG-IQ Callback User Name list, select the user name that NSX Manager uses to authenticate to the BIG-IQ REST API.
  11. In the BIG-IQ Callback Password field, type the password that NSX Manager uses to authenticate to the BIG-IQ REST API.
  12. From the BIG-IQ Callback Address list, select the IP address that this NSX Manager uses to access each BIG-IQ device in the HA cluster. By default, the management IP address is used, but you can specify a self IP address if you choose.
  13. Click the Save button.

As part of the connection creation process, the BIG-IQ system does the following:

  • Creates a new default tenant for the new connector.
  • Verifies connectivity to the NSX Manager and vCenter APIs, and registers the BIG-IQ system as an NSX Partner Service provider.
  • Creates a callback user role that enables NSX to access the BIG-IQ software resources necessary for interaction with the BIG-IQ REST API.

Creating an application template for NSX

Before you can customize an application template for a tenant, you must discover at least one F5 device that contains iApps templates.
As a cloud provider, you modify iApps templates to customize network settings, levels of services, and so forth, for tenants. You can create variations of the same application, offering different types of access (LAN or WAN), or providing a specific limit of connections.
Note: Once you customize and save an application as a catalog entry, you cannot modify it.
  1. Hover over the Catalog header, click the + icon when it appears. The panel expands to display the application template properties.
  2. In the Name field, type a name for this new application.
  3. From the Cloud Connector list select the just-created NSX cloud connector.
  4. From the Application Type list, select an application.
  5. If the Application Tiers settings are displayed (expanded), select the options that match the properties for this application; otherwise, keep the default settings.
    Important: If you must specify the options for these settings, select the Tenant Editable check box for the virtual server and pool members.
  6. To allow cloud tenants to specify certificates with SSL encryption when self-deploying applications, select options from the SSL Cert and SSL Key lists. BIG-IQ Cloud uses these options to provide the appropriate certificate and key when the tenant self-deploys this application to a BIG-IP device. These options are not available for all application templates.
  7. Finish making modifications by specifying the Application Properties and Customize Application Template variables. To allow a tenant to modify a particular setting, select the Tenant Editable check box for that setting. For further details about template variables and settings, refer to the BIG-IP iApps Developer's Guide.
  8. Click the Save button. You can now send the cloud IP addresses to the tenant and use this IP address range in configuring server tiers and pool members, within certain application services. The tenant can self-deploy the application from the catalog.
The customized application displays as an entry in the catalog. It will also display as an NSX service profile in the VMware NSX 6.1 user interface.

Confirming that connector is recognized as an NSX service definition

The NSX connector you created on BIG-IQ Cloud, must be recognized by vSphere Web Client as a Service Definition.

Important: You perform the following step using the vSphere Web Client user interface. At time of release, these steps accurately describe the VMware user interface. For the most current instructions for performing these steps, refer to the VMware web site http://pubs.vmware.com/.
On the Networking and Security panel, select Service Definitions and confirm that the NSX connector you created previously appears in the list of recognized service definitions.

Creating an NSX Edge Services Gateway for the BIG-IP device

The NSX Edge Service Gateway establishes the network within which network services such as firewall, NAT, and load balancing are deployed. To integrate a BIG-IP device with NSX, you must create at least one Edge Service Gateway.

Important: You perform the following step using the vSphere Web Client user interface. At time of release, these steps accurately describe the VMware user interface. For the most current instructions for performing these steps, refer to the VMware web site http://pubs.vmware.com/.
In the vSphere web client user interface, create a new NSX Edge. Make sure that the NSX Edge you create identifies the Cluster/Resource Pool and the Datastore, but does not identify any interfaces. Otherwise, follow your standard practice for NSX Edge creation. Both deployed and undeployed modes are supported. But using undeployed mode will simplify implementation.
When you finish editing an Edge, it appears in the list under NSX Edges.

Creating a load balancing service instance for VLANs bridged to a VXLAN

You create an NSX service instance to provide the load balancing service.

Important: You perform the following step-sequence using the VSphere Web Client user interface. At time of release, these steps accurately describe the VMware user interface. For the most current instructions for performing these steps, refer to the VMware web site http://pubs.vmware.com/.
  1. On the Networking and Security pane, select NSX Edges and then select the just-created NSX Edge Services Gateway.
  2. Ensure that Manage is active, and select Load Balancer, and then select Global Configuration. The Edit Load balancer global configuration screen is displayed.
  3. Click the Edit button. The Edit Load balancer global configuration screen is displayed.
  4. Select both Enable Load Balancer and Enable Service Insertion.
  5. For the Service Definition, select the name of the connector you created for NSX previously.
  6. For the Service Configuration, select F5 ADC - Use existing BIG-IP VE.
  7. Click the down arrow to expand the Service Instance Runtime Configuration Parameters area and then specify settings for the tagged VLANs.
    1. Select an available vNIC, and then click the edit icon (edit). The Edit Network window is displayed.
    2. In the Name field, type a name to identify the VLAN.
    3. For Connectivity Type, select Data.
    4. For the Connected To field, click Select. The Select Network screen opens.
    5. Select Logical Switch and then select the VXLAN to which the server pool members are connected, and then and click OK. The VXLAN you select will be bridged to a VLAN. The Select Network window closes, and the route for this tagged VLAN is created.
    6. Select IP_POOL for the IP allocation Mode, select the appropriate pool, and then click OK. The Edit Network window closes and the new Service Instance Runtime Configuration that you configured is displayed in place of vNIC0.
    7. Repeat the preceding six sub-steps, (as needed) until you have specified settings for each tagged VLAN that you want to use.
  8. Click the down arrow to expand the Typed Service Configuration Parameters area and then type the IP address of the BIG-IP device in the value field that corresponds to the second entry (F5 BIG-IP address/host).
  9. Click OK to close the Edit Load balancer global configuration dialog box.
VMware NSX configures the service instance based on the settings you specified, and associates it with the BIG-IP device.

Specifying pools for the virtual server

Before you can perform this task, you must have created an iApp template that uses the NSX connector on BIG-IQ Cloud.

You specify the virtual resources so that the iApp template has one on which to deploy.

Important: You perform the following step-sequence using the vSphere Web Client user interface. At time of release, these steps accurately describe the VMware user interface. For the most current instructions for performing these steps, refer to the VMware web site http://pubs.vmware.com/.
  1. On the Networking and Security panel, select NSX Edges and then select the just created NSX Edge Services Gateway.
  2. Ensure that the Manage option is active, select Load Balancer, and then select Pools. The list of existing pools is displayed.
  3. Click the add icon (add). The New Pool screen is displayed.
  4. In the Name field, type a name for the new server pool.
  5. Under Members, click the add icon (add). The New Member screen is displayed.
  6. Select Enable Member.
  7. In the Name field, type a name for the new pool member.
  8. In the IP Address/VC Container field, type the IP address for the new pool member.
    Important: Server pool members must be on the same portgroup or network you used when creating the load balancing service instance. In this case, use the network that you specified when you configured the load balancing service instance.
  9. In the Port field, type 80.
  10. Click OK. The New Member screen closes.
  11. Click OK.
The New Pool screen closes, and VMware NSX creates the new pool.

Specifying virtual servers for the load balancer

Before you can perform this task, you must have created an iApp template that uses the NSX connector on BIG-IQ Cloud.

You specify the virtual server on which you want the iApp template to deploy.

Important: You perform the following step-sequence using the vSphere Web Client user interface. At time of release, these steps accurately describe the VMware user interface. For the most current instructions for performing these steps, refer to the VMware web site http://pubs.vmware.com/.
  1. On the Networking and Security panel, select NSX Edges, and then select the just created NSX Edge Services Gateway.
  2. Ensure that the Manage option is active, select Load Balancer, and then select Virtual Servers. The list of existing virtual servers is displayed.
  3. Click the add icon (add). The New Virtual Server window is displayed.
  4. Select Enable Virtual Server.
  5. In the Application Profile field, select the name of the iApp template you created on the BIG-IQ device for this iApp deployment.
  6. In the Name field, type a name for this virtual server.
  7. In the IP Address field, specify the IP address of the virtual server just created.
    Important: The Virtual Server must be on the same portgroup or network you used when creating the load balancing service instance.

    There are two ways to specify the IP address.

    • Type the IP address in the IP Address field.
    • Click Select IP Pool and then choose the IP pool and click OK.
  8. In the Port field, type 80.
  9. From the Default Pool list select the just-created pool.
  10. If you specified Tenant Editable Application Properties when you created the application template, select the Advanced tab to display and revise them as necessary.
  11. Click OK. The New Virtual Server screen closes, and VMware NSX creates the new virtual server.
VMware NSX deploys the virtual server. The next time you log in to the BIG-IQ device, the virtual server should appear on the Applications tab.
Before you begin using the applications just deployed, you should make sure that the application is healthy in the BIG-IQ Cloud.

About integrating VMware NSX with a BIG-IP device using tagged interface VLANs

The integration between BIG-IQ Cloud and VMware NSX makes it possible for you to use existing physical BIG-IP devices to host NSX virtual servers. Using these servers, you can manage and deploy iApps on existing VMware NSX environments. One connectivity option for this integration uses VLAN trunks that the BIG-IQ device provisions for you. These VLANs must use a tagged interface.

This figure illustrates the network topology for this connectivity option.

VLANs

Task summary

Setting up a VMware network for a tagged interface VLAN pool

Before you can begin configuring the BIG-IQ device integration for a tagged interface VLAN pool, you must configure the VMware network.

Important: For the most current instructions for performing these steps, refer to the VMware web site http://pubs.vmware.com/.
  1. You must have discovered the device on which your VLANs will reside before you can configure them from the BIG-IQ device.
  2. Connect the BIG-IP device and the ESXi host to a physical switch. The BIG-IP device and the ESXi host must connect to a port with multiple tagged VLANs.
  3. Create a vCenter distributed port group for each VLAN in the trunk. Each port group must have a unique VLAN tag. This configuration is referred to as virtual switch tagging (VST). It ensures that outbound traffic to the BIG-IP device is tagged.
  4. Define the IP pool for each port group in NSX. These IP addresses are used as the self IP address for the VLAN.
  5. You also have the option to define an IP pool for the NSX virtual server when you deploy it. This step is not required.

Discovering devices located in the VMware cloud

After you license and perform the initial configuration for the BIG-IQ system, you can discover BIG-IP devices running version 11.5 or later. For proper communication between the managing BIG-IQ system and the devices it manages, you must configure the BIG-IQ system with a route to each F5 device you want to manage. If you do not specify the required network communication route between the devices, then device discovery fails.

You must know the IP address that the BIG-IQ device will use to access the BIG-IP device.

Discover a device by providing the BIG-IQ system with the device's IP address, user name, and password.

  1. Log in to BIG-IQ Cloud with your administrator user name and password.
  2. Hover over the Devices header, click the + icon when it appears, and then select New Device. The Devices panel expands to show the New Device screen.
  3. In the IP Address field, type the device's IP address. The preferred address for discovering a BIG-IP device is its management IP address.
  4. (This step applies only if the BIG-IQ system is not hosted on AWS version 4.4 or later.) If the BIG-IQ system and the BIG-IP device are on different subnets, then you need to log in to the BIG-IQ system using SSH to specify an IP route between them.
    • If the BIG-IQ system and the BIG-IP device communicate using the management IP address, then there must be a default route specified. If there is no default route, issue a route command.
      1. Use SSH to log in to the BIG-IQ system's management IP address as the root user.
      2. Type the following command: route <route name> {gw <x.x.x.x> network default}
    • If the BIG-IQ system and the BIG-IP device use something other than the management IP address to communicate, then issue a tmsh route command.
      1. Use SSH to log in to the BIG-IQ system's management IP address as the root user.
      2. Type the following command: tmsh create net route <route name> {gw <x.x.x.x> network default}
      Note: Where <route name> is a user-provided name to identify the new route, and <x.x.x.x> is the IP address of the default gateway for the internal network.
  5. In the User Name and Password fields, type the administrator user name and password for the managed device.
  6. For the Auto Update Framework setting, select the Update Automatically check box to direct the BIG-IQ system to perform any required REST framework updates on the BIG-IP device. For the BIG-IQ system to properly manage a BIG-IP device, the BIG-IP device must be running the most recent REST framework.
    Important: When you update the REST framework for BIG-IP devices running version 11.6 or earlier, the traffic management interface (TMM) restarts. Before you update the REST framework on a BIG-IP device, verify that no critical network traffic is targeted to that device. Additionally, In any system upgrade scenario, the potential exists for unexpected errors. Because there is not currently an automatic recovery and rollback feature, if an upgrade fails, it is conceivable that a BIG-IP device would not be left in the pre-discovery state. If you want to roll back the upgrade due to an error or any other reason, the recommended recovery for this situation is to perform a partition restore (restoring both the pre-discovery management components and any related configuration).
  7. Click the Add button.
The BIG-IQ system populates the properties of the device that you added, and displays the device in the Devices panel. Its configuration files display in the Configuration panel.
If you want to use the BIG-IP device just discovered to host NSX virtual servers, you should now associate it with a VMware cloud connector.

Specifying VLANs on the interfaces to be provisioned

Specify VLANs for the interfaces that you plan to use in the VMware NSX integration.
  1. Log in to BIG-IQ Cloud with your administrator user name and password.
  2. On the Devices panel, select the device you want to configure, then click the gear icon and select Properties.
  3. If necessary, under VLAN Connectivity, select the plus sign to add a new entry to the VLAN Pools by Interface list.
  4. In the Interface field, type in the interface number to which the tagged interfaces are connected.
    Important: The BIG-IP device may use untagged, named interfaces in addition to the tagged, numbered interfaces that you configure here. Do not list the untagged interfaces on the BIG-IQ device.
  5. In the VLAN Pool field, type in the tag numbers assigned to the VLANs connected to this interface. Entries you make here can be comma-delimited to indicate specific tag numbers, or you can use a dash to indicate a range of tags, or both. (For instance, you could enter 20-60,90 to indicate the range of tags that exist from 20 to 60, and tag 90.
  6. Click Update.
The tagged VLANs you identified will be made available for the integration.

Creating a connection between BIG-IQ Cloud and NSX Manager

To enable integration between a third-party cloud provider and BIG-IQ Cloud, you must configure a cloud connector. A cloud connector is a resource that identifies the local or virtual environment in which a tenant deploys applications and, when necessary, adds parameters required by third-party cloud providers.
  1. Log in to BIG-IQ Cloud with your administrator user name and password.
  2. Hover over the Connectors header, click the + icon when it appears, and then click New Connector.
  3. In the Name and Description fields, type a name and description. You can use the name and description to help you organize network resources into logical groups based on certain criteria, such as the location or application.
    Important: You will need to recall the name you assign to this connector so that you can select it when you are configuring the VMware user interface. The name you specify is used as the service definition name in the VMware user interface.
  4. From the Cloud Provider list, select VMware NSX 6.1. The screen displays additional settings specific to VMware NSX.
  5. From the Devices list, select the device you want to associate with this connector.
  6. In the VMware NSX Address field, type the IP address of the VMware system. The VMware IP address must be fully accessible from the BIG-IQ device.
  7. In the VMware NSX User Name and VMware NSX Password fields, type the credentials that the BIG-IQ device will use to authenticate to the NSX Manager REST API.
  8. In the VMware vCenter Server Address field, type the IP address of the vCenter server.
  9. In the VMware vCenter Server User Name and VMware vCenter Server Password fields, type the credentials that the BIG-IQ device will use to authenticate to the vCenter SOAP API.
  10. From the BIG-IQ Callback User Name list, select the user name that NSX Manager uses to authenticate to the BIG-IQ REST API.
  11. In the BIG-IQ Callback Password field, type the password that NSX Manager uses to authenticate to the BIG-IQ REST API.
  12. From the BIG-IQ Callback Address list, select the IP address that this NSX Manager uses to access each BIG-IQ device in the HA cluster. By default, the management IP address is used, but you can specify a self IP address if you choose.
  13. Click the Save button.

As part of the connection creation process, the BIG-IQ system does the following:

  • Creates a new default tenant for the new connector.
  • Verifies connectivity to the NSX Manager and vCenter APIs, and registers the BIG-IQ system as an NSX Partner Service provider.
  • Creates a callback user role that enables NSX to access the BIG-IQ software resources necessary for interaction with the BIG-IQ REST API.

Creating an application template for NSX

Before you can customize an application template for a tenant, you must discover at least one F5 device that contains iApps templates.
As a cloud provider, you modify iApps templates to customize network settings, levels of services, and so forth, for tenants. You can create variations of the same application, offering different types of access (LAN or WAN), or providing a specific limit of connections.
Note: Once you customize and save an application as a catalog entry, you cannot modify it.
  1. Hover over the Catalog header, click the + icon when it appears. The panel expands to display the application template properties.
  2. In the Name field, type a name for this new application.
  3. From the Cloud Connector list select the just-created NSX cloud connector.
  4. From the Application Type list, select an application.
  5. If the Application Tiers settings are displayed (expanded), select the options that match the properties for this application; otherwise, keep the default settings.
    Important: If you must specify the options for these settings, select the Tenant Editable check box for the virtual server and pool members.
  6. To allow cloud tenants to specify certificates with SSL encryption when self-deploying applications, select options from the SSL Cert and SSL Key lists. BIG-IQ Cloud uses these options to provide the appropriate certificate and key when the tenant self-deploys this application to a BIG-IP device. These options are not available for all application templates.
  7. Finish making modifications by specifying the Application Properties and Customize Application Template variables. To allow a tenant to modify a particular setting, select the Tenant Editable check box for that setting. For further details about template variables and settings, refer to the BIG-IP iApps Developer's Guide.
  8. Click the Save button. You can now send the cloud IP addresses to the tenant and use this IP address range in configuring server tiers and pool members, within certain application services. The tenant can self-deploy the application from the catalog.
The customized application displays as an entry in the catalog. It will also display as an NSX service profile in the VMware NSX 6.1 user interface.

Confirming that connector is recognized as an NSX service definition

The NSX connector you created on BIG-IQ Cloud, must be recognized by vSphere Web Client as a Service Definition.

Important: You perform the following step using the vSphere Web Client user interface. At time of release, these steps accurately describe the VMware user interface. For the most current instructions for performing these steps, refer to the VMware web site http://pubs.vmware.com/.
On the Networking and Security panel, select Service Definitions and confirm that the NSX connector you created previously appears in the list of recognized service definitions.

Creating an NSX Edge Services Gateway for the BIG-IP device

The NSX Edge Service Gateway establishes the network within which network services such as firewall, NAT, and load balancing are deployed. To integrate a BIG-IP device with NSX, you must create at least one Edge Service Gateway.

Important: You perform the following step using the vSphere Web Client user interface. At time of release, these steps accurately describe the VMware user interface. For the most current instructions for performing these steps, refer to the VMware web site http://pubs.vmware.com/.
In the vSphere web client user interface, create a new NSX Edge. Make sure that the NSX Edge you create identifies the Cluster/Resource Pool and the Datastore, but does not identify any interfaces. Otherwise, follow your standard practice for NSX Edge creation. Both deployed and undeployed modes are supported. But using undeployed mode will simplify implementation.
When you finish editing an Edge, it appears in the list under NSX Edges.

Creating a load balancing service instance for tagged VLANs

You should create an NSX service instance for each VLAN interface that will provide load balancing services.

Important: You perform the following step-sequence using the VSphere Web Client user interface. At time of release, these steps accurately describe the VMware user interface. For the most current instructions for performing these steps, refer to the VMware web site http://pubs.vmware.com/.
  1. On the Networking and Security pane, select NSX Edges and then select the just-created NSX Edge Services Gateway.
  2. Ensure that Manage is active, and select Load Balancer, and then select Global Configuration. The Edit Load balancer global configuration window is displayed.
  3. Click the Edit button. The Edit Load balancer global configuration window is displayed.
  4. Select both Enable Load Balancer and Enable Service Insertion.
  5. For the Service Definition, select the name of the connector you created for NSX previously.
  6. For the Service Configuration, select F5 ADC - Use an existing BIG-IP VE.
  7. Click the down arrow to expand the Service Instance Runtime Configuration Parameters area and then specify settings for the tagged VLANs.
    1. Select an available vNIC, and then click the edit icon (). The Edit Network screen opens.
    2. In the Name field, type a name to identify the VLAN.
    3. For Connectivity Type, select Data.
    4. For Connected To field click Select. The Select Network window is displayed.
    5. Select one of the distributed port groups associated with the tagged VLANs that are configured on the BIG-IP device, and then click OK. The Select Network window closes, and the route for this tagged VLAN is created.
    6. Select IP Pool for the IP allocation Mode, select the appropriate pool, and then click OK. The Edit Network window closes, and the new Service Instance Runtime Configuration you configured is displayed in place of vNIC0.
    7. Repeat the previous six sub-steps, (as needed) until you have specified settings for each tagged VLAN you want to use.
  8. Click the down arrow to expand the Typed Service Configuration Parameters area, and then type the IP address of the BIG-IP device in the value field that corresponds to the second entry (F5 BIG-IP address/host).
  9. Click OK to close the Edit Load balancer global configuration dialog box.
VMware NSX configures the service instance based on the settings you specified and associates it with the BIG-IP device.

Specifying pools for the virtual server

Before you can perform this task, you must have created an iApp template that uses the NSX connector on BIG-IQ Cloud.

You specify the virtual resources so that the iApp template has one on which to deploy.

Important: You perform the following step-sequence using the vSphere Web Client user interface. At time of release, these steps accurately describe the VMware user interface. For the most current instructions for performing these steps, refer to the VMware web site http://pubs.vmware.com/.
  1. On the Networking and Security panel, select NSX Edges and then select the just created NSX Edge Services Gateway.
  2. Ensure that the Manage option is active, select Load Balancer, and then select Pools. The list of existing pools is displayed.
  3. Click the add icon (add). The New Pool screen is displayed.
  4. In the Name field, type a name for the new server pool.
  5. Under Members, click the add icon (add). The New Member screen is displayed.
  6. Select Enable Member.
  7. In the Name field, type a name for the new pool member.
  8. In the IP Address/VC Container field, type the IP address for the new pool member.
    Important: Server pool members must be on the same portgroup or network you used when creating the load balancing service instance. In this case, use the network that you specified when you configured the load balancing service instance.
  9. In the Port field, type 80.
  10. Click OK. The New Member screen closes.
  11. Click OK.
The New Pool screen closes, and VMware NSX creates the new pool.

Specifying virtual servers for the load balancer

Before you can perform this task, you must have created an iApp template that uses the NSX connector on BIG-IQ Cloud.

You specify the virtual server on which you want the iApp template to deploy.

Important: You perform the following step-sequence using the vSphere Web Client user interface. At time of release, these steps accurately describe the VMware user interface. For the most current instructions for performing these steps, refer to the VMware web site http://pubs.vmware.com/.
  1. On the Networking and Security panel, select NSX Edges, and then select the just created NSX Edge Services Gateway.
  2. Ensure that the Manage option is active, select Load Balancer, and then select Virtual Servers. The list of existing virtual servers is displayed.
  3. Click the add icon (add). The New Virtual Server window is displayed.
  4. Select Enable Virtual Server.
  5. In the Application Profile field, select the name of the iApp template you created on the BIG-IQ device for this iApp deployment.
  6. In the Name field, type a name for this virtual server.
  7. In the IP Address field, specify the IP address of the virtual server just created.
    Important: The Virtual Server must be on the same portgroup or network you used when creating the load balancing service instance.

    There are two ways to specify the IP address.

    • Type the IP address in the IP Address field.
    • Click Select IP Pool and then choose the IP pool and click OK.
  8. In the Port field, type 80.
  9. From the Default Pool list select the just-created pool.
  10. If you specified Tenant Editable Application Properties when you created the application template, select the Advanced tab to display and revise them as necessary.
  11. Click OK. The New Virtual Server screen closes, and VMware NSX creates the new virtual server.
VMware NSX deploys the virtual server. The next time you log in to the BIG-IQ device, the virtual server should appear on the Applications tab.
Before you begin using the applications just deployed, you should make sure that the application is healthy in the BIG-IQ Cloud.

About integrating VMware NSX with a BIG-IP device using existing VLANs

The integration between BIG-IQ Cloud and VMware NSX makes it possible for you to use existing physical BIG-IP devices to host virtual servers. One connectivity option for this integration uses VLANs that you configure on the BIG-IP device. These VLANs can be either tagged or untagged depending on your network topology.

Task summary

Setting up a VMware network for an existing VLAN

Before you can begin configuring the BIG-IQ device integration for a existing VLAN, you must configure the VMware network.

Important: For the most current instructions for performing these steps, refer to the VMware web site http://pubs.vmware.com/.
  1. You must have discovered the device on which your VLANs will reside before you can configure them from the BIG-IQ device.
  2. Make sure that the BIG-IP device has VLANs (internal and external) and self-IPs configured.
  3. Create a vCenter distributed port group for the internal and external VLANs. Each port group must be untagged (that is, the VLAN ID must be set to 0).
  4. You can also define an IP pool for the NSX virtual server when you deploy it. This step is optional.

Creating a connection between BIG-IQ Cloud and NSX Manager

To enable integration between a third-party cloud provider and BIG-IQ Cloud, you must configure a cloud connector. A cloud connector is a resource that identifies the local or virtual environment in which a tenant deploys applications and, when necessary, adds parameters required by third-party cloud providers.
  1. Log in to BIG-IQ Cloud with your administrator user name and password.
  2. Hover over the Connectors header, click the + icon when it appears, and then click New Connector.
  3. In the Name and Description fields, type a name and description. You can use the name and description to help you organize network resources into logical groups based on certain criteria, such as the location or application.
    Important: You will need to recall the name you assign to this connector so that you can select it when you are configuring the VMware user interface. The name you specify is used as the service definition name in the VMware user interface.
  4. From the Cloud Provider list, select VMware NSX 6.1. The screen displays additional settings specific to VMware NSX.
  5. From the Devices list, select the device you want to associate with this connector.
  6. In the VMware NSX Address field, type the IP address of the VMware system. The VMware IP address must be fully accessible from the BIG-IQ device.
  7. In the VMware NSX User Name and VMware NSX Password fields, type the credentials that the BIG-IQ device will use to authenticate to the NSX Manager REST API.
  8. In the VMware vCenter Server Address field, type the IP address of the vCenter server.
  9. In the VMware vCenter Server User Name and VMware vCenter Server Password fields, type the credentials that the BIG-IQ device will use to authenticate to the vCenter SOAP API.
  10. From the BIG-IQ Callback User Name list, select the user name that NSX Manager uses to authenticate to the BIG-IQ REST API.
  11. In the BIG-IQ Callback Password field, type the password that NSX Manager uses to authenticate to the BIG-IQ REST API.
  12. From the BIG-IQ Callback Address list, select the IP address that this NSX Manager uses to access each BIG-IQ device in the HA cluster. By default, the management IP address is used, but you can specify a self IP address if you choose.
  13. Click the Save button.

As part of the connection creation process, the BIG-IQ system does the following:

  • Creates a new default tenant for the new connector.
  • Verifies connectivity to the NSX Manager and vCenter APIs, and registers the BIG-IQ system as an NSX Partner Service provider.
  • Creates a callback user role that enables NSX to access the BIG-IQ software resources necessary for interaction with the BIG-IQ REST API.

Creating an application template for NSX

Before you can customize an application template for a tenant, you must discover at least one F5 device that contains iApps templates.
As a cloud provider, you modify iApps templates to customize network settings, levels of services, and so forth, for tenants. You can create variations of the same application, offering different types of access (LAN or WAN), or providing a specific limit of connections.
Note: Once you customize and save an application as a catalog entry, you cannot modify it.
  1. Hover over the Catalog header, click the + icon when it appears. The panel expands to display the application template properties.
  2. In the Name field, type a name for this new application.
  3. From the Cloud Connector list select the just-created NSX cloud connector.
  4. From the Application Type list, select an application.
  5. If the Application Tiers settings are displayed (expanded), select the options that match the properties for this application; otherwise, keep the default settings.
    Important: If you must specify the options for these settings, select the Tenant Editable check box for the virtual server and pool members.
  6. To allow cloud tenants to specify certificates with SSL encryption when self-deploying applications, select options from the SSL Cert and SSL Key lists. BIG-IQ Cloud uses these options to provide the appropriate certificate and key when the tenant self-deploys this application to a BIG-IP device. These options are not available for all application templates.
  7. Finish making modifications by specifying the Application Properties and Customize Application Template variables. To allow a tenant to modify a particular setting, select the Tenant Editable check box for that setting. For further details about template variables and settings, refer to the BIG-IP iApps Developer's Guide.
  8. Click the Save button. You can now send the cloud IP addresses to the tenant and use this IP address range in configuring server tiers and pool members, within certain application services. The tenant can self-deploy the application from the catalog.
The customized application displays as an entry in the catalog. It will also display as an NSX service profile in the VMware NSX 6.1 user interface.

Confirming that connector is recognized as an NSX service definition

The NSX connector you created on BIG-IQ Cloud, must be recognized by vSphere Web Client as a Service Definition.

Important: You perform the following step using the vSphere Web Client user interface. At time of release, these steps accurately describe the VMware user interface. For the most current instructions for performing these steps, refer to the VMware web site http://pubs.vmware.com/.
On the Networking and Security panel, select Service Definitions and confirm that the NSX connector you created previously appears in the list of recognized service definitions.

Creating an NSX Edge Services Gateway for the BIG-IP device

The NSX Edge Service Gateway establishes the network within which network services such as firewall, NAT, and load balancing are deployed. To integrate a BIG-IP device with NSX, you must create at least one Edge Service Gateway.

Important: You perform the following step using the vSphere Web Client user interface. At time of release, these steps accurately describe the VMware user interface. For the most current instructions for performing these steps, refer to the VMware web site http://pubs.vmware.com/.
In the vSphere web client user interface, create a new NSX Edge. Make sure that the NSX Edge you create identifies the Cluster/Resource Pool and the Datastore, but does not identify any interfaces. Otherwise, follow your standard practice for NSX Edge creation. Both deployed and undeployed modes are supported. But using undeployed mode will simplify implementation.
When you finish editing an Edge, it appears in the list under NSX Edges.

Creating a load balancing service instance for existing VLANs

You create an NSX service instance to provide the load balancing service.

Important: You perform the following step-sequence using the VSphere Web Client user interface. At time of release, these steps accurately describe the VMware user interface. For the most current instructions for performing these steps, refer to the VMware web site http://pubs.vmware.com/.
  1. On the Networking and Security pane, select NSX Edges and then select the just created NSX Edge Services Gateway.
  2. Ensure that Manage is active, and select Load Balancer, and then select Global Configuration. The Edit Load balancer global configuration screen opens.
  3. Click the Edit button. The Edit Load balancer global configuration screen opens.
  4. Select both Enable Load Balancer and Enable Service Insertion.
  5. For the Service Definition, select the name of the connector you created for NSX previously.
  6. For the Service Configuration, select F5 ADC - Use an existing BIG-IP.
  7. Click the down arrow to expand the Service Instance Runtime Configuration Parameters area, and then specify settings for each of the vNICs.
    1. Select vnic0, and then click the edit icon (). The Edit Network screen opens.
    2. In the Name field, type a name that describes the role this subnet plays in your network.
    3. For Connectivity Type, select Data.
    4. For Connected To, click Select. The Select Network screen opens.
    5. Select the distributed port group associated with the VLANs that are configured on the BIG-IP device, and then and click OK. The Select Network window closes.
    6. Select DHCP (the default setting) for the IP allocation Mode, and then click OK. The Edit Network window closes and the new Service Instance Runtime Configuration you configured is displayed in place of vnic0.
    7. Repeat the previous six sub-steps, but this time configure settings for vnic1 and specifying the name internal.
  8. Click the down arrow to expand the Typed Service Configuration Parameters area and then type the IP address of the BIG-IP device in the value field that corresponds to the second entry (F5 BIG-IP address/host).
  9. Click OK to close the Edit Load balancer global configuration dialog box.
VMware NSX configures the service instance based on the settings you specified, and associates it with the BIG-IP device.

Specifying pools for the virtual server

Before you can perform this task, you must have created an iApp template that uses the NSX connector on BIG-IQ Cloud.

You specify the virtual resources on which you want the iApp template to deploy.

Important: You perform the following step-sequence using the vSphere Web Client user interface. At time of release, these steps accurately describe the VMware user interface. For the most current instructions for performing these steps, refer to the VMware web site http://pubs.vmware.com/.
  1. On the Networking and Security panel, select NSX Edges and then select the just created NSX Edge Services Gateway.
  2. Ensure that the Manage option is active, select Load Balancer, and then select Pools. The list of existing pools is displayed.
  3. Click the add icon (). The New Pool screen opens.
  4. In the Name field, type a name for the new server pool.
  5. Under Members, click the add icon (). The New Member screen opens.
  6. Select Enable Member.
  7. In the Name field, type a name for the new pool member.
  8. In the IP Address/VC Container field, type the IP address for the new pool member.
    Important: Server pool members must be on the same portgroup or network you used when creating the load balancing service instance. In this case, use the network that you specified when you configured NIC1 (internal).
  9. In the Port field, type 80.
  10. Click OK. The New Member screen closes.
  11. Click OK.
The New Pool screen closes and VMware NSX creates the new pool.

Specifying virtual servers for the load balancer

Before you can perform this task, you must have created an iApp template that uses the NSX connector on BIG-IQ Cloud.

You specify the virtual server on which you want the iApp template to deploy.

Important: You perform the following step-sequence using the vSphere Web Client user interface. At time of release, these steps accurately describe the VMware user interface. For the most current instructions for performing these steps, refer to the VMware web site http://pubs.vmware.com/.
  1. On the Networking and Security panel, select NSX Edges, and then select the just created NSX Edge Services Gateway.
  2. Ensure that the Manage option is active, select Load Balancer, and then select Virtual Servers. The list of existing virtual servers is displayed.
  3. Click the add icon (add). The New Virtual Server window is displayed.
  4. Select Enable Virtual Server.
  5. In the Application Profile field, select the name of the iApp template you created on the BIG-IQ device for this iApp deployment.
  6. In the Name field, type a name for this virtual server.
  7. In the IP Address field, specify the IP address of the virtual server just created.
    Important: The Virtual Server must be on the same portgroup or network you used when creating the load balancing service instance.

    There are two ways to specify the IP address.

    • Type the IP address in the IP Address field.
    • Click Select IP Pool and then choose the IP pool and click OK.
  8. In the Port field, type 80.
  9. From the Default Pool list select the just-created pool.
  10. If you specified Tenant Editable Application Properties when you created the application template, select the Advanced tab to display and revise them as necessary.
  11. Click OK. The New Virtual Server screen closes, and VMware NSX creates the new virtual server.
VMware NSX deploys the virtual server. The next time you log in to the BIG-IQ device, the virtual server should appear on the Applications tab.
Before you begin using the applications just deployed, you should make sure that the application is healthy in the BIG-IQ Cloud.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)