Applies To:

Show Versions Show Versions

Manual Chapter: VMware vShield Cloud Integration
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

About VMware vShield Manager integration

After you integrate VMware vShield Manager with BIG-IQ™ Cloud, you can deploy your tenant application environment using the service insertion portion of the vShield interface. A tenant application on BIG-IQ Cloud corresponds to a service profile in the vShield Manager. The tenants see a catalog of application templates that they can deploy and delete as needed to deploy their own new vApps.

Using the vShield Manager interface, you can manage the virtual machines necessary for application deployments, add or remove a virtual machine, and start or stop virtual machines. You can use your cloud vendor's user interface to duplicate changes.

Important: To integrate with BIG-IQ Cloud, you must use vShield Manager version 5.1.1 or later.

Network configuration for VMware vShield Manager

BIG-IQ™ Cloud must have network access to the resources on which VMware Shield Manager software is installed for communication purposes. Before you can manage cloud resources, you must define a network route between the BIG-IQ Cloud's internal VLAN and the management VLAN on the VMware vShield Manager. For specific instructions, refer to your VMware vShield Manager documentation.

Associating a VMware vShield cloud connector with a device

The self-service resources that your tenants use can be stored remotely in a third party cloud, or locally on F5 devices in your network. Before you can give tenants access to these resources, you must configure a cloud connector. A cloud connector provide two services. First, you can use it to identify a specific set of resources, much like a virtual container, and second it provides integration with third-party cloud services. Associating a cloud connector to a device allows you to segregate cloud resources across data centers. As the cloud service provider, you can create groups of network resources based on certain criteria, such as location or levels of service. You then link a tenant with that cloud connector to deploy tenant-specific cloud and application services.
  1. Log into the BIG-IQ™ system using your administrator user name and password.
  2. Click BIG-IQ Cloud.
  3. Hover on the Connectors header and click the + icon when it appears.
  4. In the Name and Description fields, type a name and description for this connector. You can use the name and description to help you organize network resources into logical groups based on certain criteria, such as the location or application.
  5. From the Cloud Provider list, select VMware vShield Manager.
  6. From the Devices list, select the device you want to associate with this connector.
  7. To select additional devices to associate with this connector, click the + icon at the right of the list.
  8. In the vShield Manager User Name and vShield Manager Password fields, type the credentials for the vShield Manager administrator.
  9. From the BIG-IQ User Name list, select the BIG-IQ user the vShield manager should contact and, in the BIG-IQ Password field, type the password for that user.
  10. Click the Save button at the top of the New Connector header.
You can now discover devices to associate with this connector.

Discovering devices

After you have licensed and performed the initial configuration for the BIG-IQ™ Cloud system, you can discover devices in your network. For successful device discovery, each BIG-IP device that you want to manage must be configured with a route to the BIG-IQ Cloud system. To discover BIG-IP systems associated with a Local Cloud connector, use the BIG-IP device's internal self-IP address. For BIG-IP systems located in the Amazon EC2 cloud, discover the BIG-IP device using its external self-IP address. To use an Amazon EC2 connector, you must configure DNS for the BIG-IQ Cloud system so it can resolve the AWS endpoint by name.

The self-service resources that you provide for your tenants can be stored locally on F5 devices in your network. To provide access to a device's resources, you must make the BIG-IQ system aware of the device's existence.

  1. Log into the BIG-IQ™ system using your administrator user name and password.
  2. Click BIG-IQ Cloud.
  3. Hover on the Devices header, and click the + icon when it appears. The New Device panel opens.
  4. In the IP Address field, type the IP address of the managed device that you want to discover.
  5. In the User Name and Password fields, type the administrator user name and password for the managed device.
  6. Click the Add button.
BIG-IQ system populates the properties of the device that you added, and displays the device information in the Devices panel.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?

NOTE: Please do not provide personal information.

Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)