There are three VMware products that you can integrate with BIG-IQ software.
To provide access to these services for VMware tenants, you configure communication between VMware products, and BIG-IQ Cloud. Then you associate a VMware cloud connector with a device, and create a catalog entry for a corresponding VMware service profile. The tenants to whom you give access to the catalog entry see it in their applications panel. From there, they can use it to self-deploy their own iApps.
For proper communication, BIG-IQ Cloud must have network access to the resources on which VMware software is installed. Before you can manage cloud resources, you must define a network route between the BIG-IQ Cloud device’s internal VLAN and the management VLAN on the VMware.
Integrating VMware with your cloud applications makes it possible for you to use the VMware interface to manage your F5 cloud applications.
There are a few complexities to be aware of when you create a service profile in the vShield interface to access the applications in your template.
|Tenant Editable Field||Action|
|Tenant Name||Make a note of the tenant name you created. You need to enter it in the vShield interface. If you choose an incorrect tenant name or leave the tenant name blank, the VSM create service profile task fails.|
|Pool members||Enter values in the Service Attributes portion of the VSM interface.|
|Virtual IP addresses||Enter values in the Service Attributes portion of the VSM interface.|
|Tabular data||There is additional complexity for API values represented in a table. Editable table columns appear in the VSM interface as an entry in the list of Vendor Attributes. To specify multiple values for an entry, you enter them in a comma-delimited list. Consider the following example.|
For the table represented in this example, there are two editable columns, port and port_secure. In the VSM interface there are Vendor Attributes rows to represent these values. The port appears as pool__members.port and the secure port entry appears as pool__members.port_secure. Enter values for these in a comma-delimited list (for example, pool__members.port_secure 443, 444).
The tasks you perform to set up and configure BIG-IQ devices to manage BIG-IP system traffic in a VMware NSX version 6.1 network, use both the BIG-IQ software user interface and the VMware NSX user interface. There is also a task for which you can have greater control and flexibility using a REST API call to the NSX API. This optional task is included at the end of the task sequence.
In most production environments, data plane and control plane traffic are segregated for security reasons. To accommodate this requirement, traffic management functions are not permitted on the same network subnet with flowing network traffic. To accomplish this topology, this integration configures a total of four subnets. Two are used for BIG-IQ network management and the other two are for BIG-IP system traffic flow.
You must have installed a BIG-IQ system with two control plane subnets: one to be used for provisioning BIG-IP devices, and the other for BIG-IP device discovery. These two subnets need to be interconnected.
Additionally, you must configure the following objects in VMware vSphere Web Client before you can perform this task.
Configuring the VMware objects described in this task makes it possible for a BIG-IQ system to configure and license a BIG-IP VE that you can manage with NSX as a load balancing service runtime. Your vCenter users can use this service runtime to deploy load-balanced virtual servers.
Next you must activate a pool license.
When you integrate with VMware NSX to create BIG-IP VEs, you can activate a pool license so that BIG-IQ software can use a license from that pool to license the BIG-IP VEs that it creates.
If you choose not to use a pool license, the BIG-IQ device still creates BIG-IP VEs, but you need to license them.
You initiate the license activation process with a base registration key. The base registration key is a character string that the license server uses to verify the functionality that you are entitled to license. If the system has access to the internet, you select an option to automatically contact the F5 license server and activate the license. If the system is not connected to the internet, you must manually retrieve the activation key from a system that is connected to the internet, and then transfer it to the BIG-IQ system.
VMware NSX uses a Runtime Deployment to specify parameters for BIG-IP virtual devices provisioned using a BIG-IQ software connection. Node templates simplify the task of specifying the parameters for the Runtime Deployment. This task uses the Create node template API to create a node template. The BIG-IQ and NSX integration uses this template when it provisions new BIG-IP virtual devices.
|OvfUrl||The entry identifies the URL specified previously for the OVF file that the BIG-IQ device uses to create the BIG-IP VE.|
|BIG-IP||Setting this entry to true indicates that the template specifies provisioning details for a BIG-IP device.|
|NodeTemplateName||The entry identifies the name you want NSX users to specify when requesting deployment of this type of BIG-IP VE.|
After you license and perform the initial configuration for the BIG-IQ system, you can discover BIG-IP devices running version 11.3 or later. For proper communication, you must configure each F5 device you want to manage with a route to the BIG-IQ system. If you do not specify the required network communication route between the devices, then device discovery fails.
For devices located in a third-party cloud, you must know the internal self IP address (For OpenStack or VMware cloud) or the external self IP address for Amazon EC2. You also must configure BIG-IQ Cloud with DNS so it can resolve the endpoint by name. To access this setting, log in to BIG-IQ System, select the BIG-IQ system you want to modify, and click the gear icon.
Integrating vCloud Director (VCD) with your cloud applications makes it possible for you to use the VCD interface to manage the F5 cloud applications. The integration process involves tasks using the user interface in both the F5 BIG-IQ Cloud and the VMware VCD.
After you integrate vCloud Director (VCD) with BIG-IQ Cloud, you can use VCD to manage your cloud applications. After integration, a catalog of BIG-IP Cloud applications appears in the VCD user interface.
BIG-IQ Cloud refers to a service provider's customers as tenants. The VCD equivalent to a tenant is referred to as an organization. BIG-IQ Cloud identifies tenants using a tenant ID. One key to successfully integrating VCD with BIG-IQ Cloud is associating the tenant ID assigned to that catalog with a VCD organization.
To deploy an F5 application catalog in vShield Manager (VSM), you deploy a VSM service profile. While VSM service profiles do not currently recognize F5 tenants, they do recognize VCD organizations. So when your tenant’s ID is associated with a VCD organization, you can use VSM and VCD to administer and deploy the tenant’s application catalog.
When you create a tenant for VCD integration, make a note of the tenant ID so you can connect it to a VCD organization.
When you are integrating vCloud Director (VCD) and BIG-IQ Cloud, you must configure VCD, then BIG-IQ, then VCD again.
Before you integrate BIG-IQ Cloud with your vCloud Director applications, make sure that you have completed the following prerequisites.
The globally unique identifier (GUID) is the figurative glue that binds the BIG-IQ Cloud connector to your vCloud Director (VCD) applications. You use the GUID when you create a tenant for a VCD connector.
The BIG-IQ Cloud integration objects you create in this task are available in your VMware vCloud Director (VCD) applications, so you can manage these objects using the VCD user interface.
Connecting BIG-IQ integration objects to your vCloud Director (VCD) applications makes it possible for you to manage BIG-IQ applications using the VCD user interface.