F5 Logo MyF5
Search
  1. MyF5 Home
  2. Knowledge Centers
  3. BIG-IQ Device
  4. BIG-IQ Device: Device Management
  5. Device Discovery
Manual Chapter : Device Discovery

Applies To:

Show Versions Show Versions

BIG-IQ Device

  • 4.5.0
Manual Chapter
Table of Contents | << Previous Chapter | Next Chapter >>

About device discovery and management

You use the BIG-IQ® system to centrally manage resources located on BIG-IP® devices in your local network, in a public cloud like Amazon EC2, or in combination.

The first step to managing devices is making the BIG-IQ system aware of them through the discovery process. To discover a device, you provide the BIG-IQ system with the device IP address, user name, and password. Alternatively, you can upload a CSV file to discover a large number of devices. When you discover a device, you place it into a group. These groups help you organize devices with similar features, like those in a particular department or running a certain software version.

After you discover devices, you can view and export inventory details about those devices for easy asset management, and you can modify device configurations as required without having to log in to each device individually.

Discovering devices

After you license and perform the initial configuration for the BIG-IQ® system, you can discover BIG-IP® devices running version 11.3.0 or later. For proper communication between the managing BIG-IQ system and the devices it manages, you must configure the BIG-IQ system with a route to each F5 device you want to manage. If you do not specify the required network communication route between the devices, then device discovery fails.

Important: If the BIG-IP devices are running a version earlier than version 11.3.0, you must upgrade the legacy device before you can successfully discover it.
Discovering BIG-IP devices is the first step to managing them.
  1. Log in to BIG-IQ Device with the administrator user name and password.
  2. Hover over the Devices header, click the + icon when it appears, and then select New Device. The Devices panel expands to show the New Device screen.
  3. For devices on the same subnet as the BIG-IQ system, in the IP Address field, specify the IP address of the device:
    • For devices in your local network, or located on an OpenStack or VMware cloud device, type the IP address of the device.
    • For devices located on Amazon EC2 cloud, type the device's external self IP address.
    The preferred address for discovering a BIG-IP device is its management IP address.
  4. (This step applies only when the BIG-IQ system is hosted on AWS version 4.4 or later.) If the BIG-IQ system and the BIG-IP device are on different subnets, then you need to log in to the BIG-IQ system using SSH to specify an IP route between them.
    • If the BIG-IQ system and the BIG-IP device communicate using the management IP address, then there must be a default route specified. If there is no default route, issue a route command.
      1. Use SSH to log in to the BIG-IQ system's management IP address as an admin user.
      2. Type the following command: run /util bash
      3. Type the following command: route <route name> {gw <x.x.x.x> network default}
    • If the BIG-IQ system and the BIG-IP device use something other than the management IP address to communicate, then issue a tmsh route command.
      1. Use SSH to log in to the BIG-IQ system's management IP address as an admin user.
      2. Type the following command: create net route <route name> {gw <x.x.x.x> network default}
      Note: Where <route name> is a user-provided name to identify the new route, and <x.x.x.x> is the IP address of the default gateway for the internal network.
  5. (This step applies only if the BIG-IQ system is not hosted on AWS version 4.4 or later.) If the BIG-IQ system and the BIG-IP device are on different subnets, then you need to log in to the BIG-IQ system using SSH to specify an IP route between them.
    • If the BIG-IQ system and the BIG-IP device communicate using the management IP address, then there must be a default route specified. If there is no default route, issue a route command.
      1. Use SSH to log in to the BIG-IQ system's management IP address as the root user.
      2. Type the following command: route <route name> {gw <x.x.x.x> network default}
    • If the BIG-IQ system and the BIG-IP device use something other than the management IP address to communicate, then issue a tmsh route command.
      1. Use SSH to log in to the BIG-IQ system's management IP address as the root user.
      2. Type the following command: tmsh create net route <route name> {gw <x.x.x.x> network default}
      Note: Where <route name> is a user-provided name to identify the new route, and <x.x.x.x> is the IP address of the default gateway for the internal network.
  6. In the User Name and Password fields, type the administrator user name and password for the managed device.
  7. For the Auto Update Framework setting, select the Update Automatically check box to direct the BIG-IQ system to perform any required REST framework updates on the BIG-IP device. For the BIG-IQ system to properly manage a BIG-IP device, the BIG-IP device must be running the most recent REST framework.
    Important: When you update the REST framework for BIG-IP devices running version 11.6 or earlier, the traffic management interface (TMM) restarts. Before you update the REST framework on a BIG-IP device, verify that no critical network traffic is targeted to that device. Additionally, In any system upgrade scenario, the potential exists for unexpected errors. Because there is not currently an automatic recovery and rollback feature, if an upgrade fails, it is conceivable that a BIG-IP device would not be left in the pre-discovery state. If you want to roll back the upgrade due to an error or any other reason, the recommended recovery for this situation is to perform a partition restore (restoring both the pre-discovery management components and any related configuration).
  8. Click the Add button.
The BIG-IQ system populates the properties of the device that you added, and displays the device in the Devices panel. Its configuration files display in the Configuration panel.

Discovering a large group of devices

After you license and perform the initial configuration for the BIG-IQ® system, you can discover BIG-IP® devices running version 11.3.0 or later. For proper communication between the managing BIG-IQ system and the devices it manages, you must configure the BIG-IQ system with a route to each F5 device you want to manage. If you do not specify the required network communication route between the devices, then device discovery fails.

Before you discover a large group of devices, you must save the information in a .csv file in one of the following formats:

  • [address],[userName],[password],[automaticFrameworkUpdate?],[rootUser],[rootPassword], for example: 192.168.2.xxx,admin,password,true,root,password Use this option if you want BIG-IQ Device to automatically update the framework required to manage the devices.
  • [address],[userName],[password], for example: 192.168.2.xxx,admin,password
If you have a large number of devices to discover, discovering them in a group saves you a significant amount of time, because you are not required to provide the device identification details for each individual device. Instead, you can upload a CSV file that contains the IP address, user name, and password for the devices you want to discover.
Important: When you update the REST framework for BIG-IP devices running version 11.6 or earlier, the traffic management interface (TMM) restarts. Before you update the REST framework on a BIG-IP device, verify that no critical network traffic is targeted to that device. Additionally, In any system upgrade scenario, the potential exists for unexpected errors. Because there is not currently an automatic recovery and rollback feature, if an upgrade fails, it is conceivable that a BIG-IP device would not be left in the pre-discovery state. If you want to roll back the upgrade due to an error or any other reason, the recommended recovery for this situation is to perform a partition restore (restoring both the pre-discovery management components and any related configuration).
  1. Log in to BIG-IQ Device with your administrator user name and password.
  2. At the top of the screen, click Provisioning.
  3. Hover over the Devices header, click the + icon when it appears, and then select Import Devices.
  4. From the Group Name list select the group to which you want to add the imported devices.
  5. Click the Choose File button and select the CSV file to which you exported the device list. Alternatively, you can navigate to the CSV file on your computer and drag and drop it to the Import Devices screen.
  6. Click the Discover button to complete the discovery process. If there was a format error for the data in the .csv file, discovery fails and BIG-IQ Device returns an error.
The BIG-IQ system populates the properties of the device that you added, and displays the device in the Devices panel. Its configuration files display in the Configuration panel.

Viewing and exporting device inventory details

You can view detailed data about the managed devices in your network. Information includes associated IP addresses, platform type, license details, software version, and so forth. In addition to viewing this information, you can also export it to a CSV file and edit the data as required to create reports for asset management.

  1. Log in to BIG-IQ Device with your administrator user name and password.
  2. At the top of the screen, click Configuration.
  3. In the Devices panel, click the gear icon next to the device you want to view, and then select Properties. The panel expands to display device properties.
  4. To export the data to a CSV file, click the Export button. You can modify the report as required in Microsoft Excel.

Modifying device configurations

You must first discover a device before you can modify its configuration.

Note: The BIG-IQ Device REST proxy is enabled by default to allow you to edit configurations. If you have disabled the REST proxy, re-enable it by clicking the gear icon for the Device, clicking Permissions, and selecting the Enable REST Proxy check box.
With BIG-IQ® Device, you can easily view and modify configuration details for a device from one central location. For example, after you discover several devices, you might want to review the network settings for those devices to ensure that they are correctly configured. To do this, you start by filtering objects. Filtering network objects by their associated devices helps you refine the view to show only those you want to see. You can then select the particular properties you want to modify. This centralized configuration management saves time, because you are not required to physically interface with individual devices in your network.
  1. Log in to BIG-IQ Device with your administrator user name and password.
  2. To display only items associated with a specific object, hover over the object, click the gear icon, and then select Show Only Related Items. The screen refreshes to display only associated objects in each panel.
  3. To search for a specific object, in the Filter field at the top of the screen, type all or part of an object's name.
  4. Click the Apply button. The screen refreshes to display only the objects associated with the term you typed in the Filter field.
  5. To further refine the filter, type another term into the Filter field, and click the Apply button again.
  6. To remove a filter term, click the X icon next to it.
  7. Once you have located items associated for a particular configuration, click the gear icon next to the object you want to modify, and then click Properties.
  8. Modify the editable fields as required.
  9. Click the Save and Deploy button. Valid changes you make to this object become effective on the managed device immediately after you click the Save and Deploy button. If the changes you make are invalid, BIG-IQ Device displays an error and allows you to re-edit the property.
  10. To add a new object:
    1. Hover on the panel header and click the + sign when it appears. The + sign appears only if you are permitted to add that object.
    2. Specify the properties of the new object.
    3. Click the Add and Deploy button.

      Settings you specify for this object become effective on the managed device immediately after you click the Add and Deploy button.

  11. Click the Save button.

About managing BIG-IP devices in a device service clustering

Device service clustering, or DSC®, is an underlying architecture within BIG-IP® Traffic Management Operation System (TMOS®). DSC provides synchronization and failover of BIG-IP system configuration data at user-defined levels of granularity, among multiple BIG-IP devices on a network. When your network includes BIG-IP devices running version 11.5 and later that are configured in a DSC, BIG-IQ® Device populates the DSC Groups panel with the device's details when you discover those devices.

Note: For specific information about BIG-IP DSC groups, refer to the BIG-IP® Device Service Clustering: Administration guide.

Viewing properties and state of BIG-IP in a device service clustering

You must discover BIG-IP devices configured in a DSC before you can manage them from BIG-IQ Device. If you add a BIG-IP device to a DSC group after you discover it, you must hover on the Clusters header and click the refresh button when it appears. After you refresh the panel, BIG-IQ Device populates the panel with the BIG-IP devices you added to the DSC group.

BIG-IQ Device provides you a way to centrally view properties about BIG-IP devices configured in a cluster. These properties include sync and fail over settings and status, trust domain details, participating BIG-IP devices, and associated traffic groups. Viewing these properties from BIG-IQ Device eliminates the need for you to log on to each BIG-IP device in the cluster.

Important: BIG-IQ Device can discover only BIG-IP devices running version 11.5 or later when configured in a cluster.
  1. Log in to BIG-IQ Device with your administrator user name and password.
  2. At the top of the screen, click Cluster Management.
  3. On the Clusters header, click the refresh button. Refreshing this panel ensures you have the most recent configuration for the devices in the DSC group.
  4. Click the gear icon next to the DSC group you want to view, and then click Properties. The panel expands to display the properties for this DSC.
  5. To validate the trust certificate associated with this DSC group, click the View Details button. A window opens to display the trust domain details.
  6. To view the devices included in this DSC, click Devices.
  7. To view the traffic groups associated with this DSC, click Traffic Groups.
  8. To close the panel, click the Close button.

Viewing and synchronizing configurations for BIG-IP devices in a DSC

You must discover BIG-IP devices configured in a DSC before you can manage them from BIG-IQ Device. If you add a BIG-IP device to a DSC group after you discover it, you must hover on the Clusters header and click the refresh button when it appears. After you refresh the panel, BIG-IQ Device populates the panel with the BIG-IP devices you added to the DSC group.

BIG-IQ Device provides you a way to view and synchronize configuration changes for BIG-IP devices in a DSC active-standby or active-active configuration. Synchronizing configurations from BIG-IQ Device eliminates the need for you to log on to each BIG-IP device in the DSC.

  1. Log in to BIG-IQ Device with your administrator user name and password.
  2. At the top of the screen, click Cluster Management.
  3. On the Clusters header, click the refresh button. Refreshing this panel ensures you have the most recent configuration for the devices in the DSC group.
  4. Click the device for which you want to perform synchronization.
  5. For the Sync Option setting, select one of the following options:
    • Device to Group - Select this option to prompt BIG-IQ Device to push this device's configuration out to every other device in this DSC group. When you select this option, BIG-IQ Device warns you if the configuration on this device is not as current as the configuration on the rest of the DSC group devices.
    • Group to Device - Select this option you add a new BIG-IP device to the DSC group and you want BIG-IQ Device to pull the group's configuration and load it onto that new DSC group member. When you select this option, BIG-IQ Device warns you if the configuration on this device is more current than the configuration on the rest of the DSC group devices.
  6. Click the Sync button. If a BIG-IP device in a DSC configuration was detected in your network, but not discovered from BIG-IQ Device, it displays with the Sync button unavailable. You must discover BIG-IP devices in a DSC configuration from BIG-IQ Device before you can synchronize configurations.
  7. To close the panel, click the Close button.

About static and dynamic device groups

To help you manage a large number of BIG-IP® devices, you can organize them into groups. You can create two different types of device groups:

  • Static group
  • Dynamic group

A static group contains a specific set of devices. You may want to create a static group for devices hosting certain applications, in a certain geographical location, or running specific version of BIG-IP software. In contrast, a dynamic group is essentially a saved query on against a static group. For example, if you create a static group that contained all of your managed BIG-IP devices and you wanted to view only those devices running a specific version of software, you would create a dynamic group with that parameter.

If you delete a managed BIG-IP device from the static group, that change reflects in the dynamic group when you view it.

Creating static group of managed devices

You must license and discover BIG-IP® devices before you can place them into a group.

To help you manage a large number of devices, you can organize them into groups. For example, you could group devices by applications, geographical location, or department.

  1. Log in to BIG-IQ Device with your administrator user name and password.
  2. At the top of the screen, click Configuration.
  3. Hover over the Devices header, click the + icon when it appears, and then select New Group.
  4. In the Display Name field, type the name you want to use to identify this group. This name is displayed in the Devices panel. You can change this name at any time, after you save this group.
  5. In the Description field, type a description for this group. For example, BIG-IP devices located in Seattle. You can change this name at any time, after you save this group.
  6. For the Group Type setting, select Static Group.
  7. From the Parent Group list, select the source for the group you are creating.
  8. Click the Save button.
The associated managed devices now display in the Device panel, within the group you created.
If you want to further filter specific devices from within this group, you can create a dynamic group.

Creating a dynamic group of managed devices

You must license, discover devices, and create a static group before you can create a dynamic group.

To filter a static group on specific parameters, you can create a dynamic group. For example, if you have a static group for all devices located in a particular city, you might want to view only those running a specific version of software.

  1. Log in to BIG-IQ Device with your administrator user name and password.
  2. At the top of the screen, click Configuration.
  3. Hover over the Devices header, click the + icon when it appears, and then select New Group.
  4. In the Display Name field, type the name you want to use to identify this group. This name is displayed in the Devices panel. You can change this name at any time, after you save this group.
  5. In the Description field, type a description for this group. For example, BIG-IP devices located in Seattle. You can change this name at any time, after you save this group.
  6. For the Group Type setting, select Dynamic Group.
  7. For the Source Group setting, select the static group on which you want to query for results.
  8. In the Search Filter field, type a term on which you want to filter the group. You can filter on a single term or, if you want to filter on more than one parameter, use the standard Open Data Protocol (OData) format.
  9. Click the Save button.
This dynamic group displays in the Device panel as a child of the associated static group.
Table of Contents | << Previous Chapter | Next Chapter >>
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5 Networks, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information