Manual Chapter : Deployment

Applies To:

Show Versions Show Versions

BIG-IQ Security

  • 4.3.0
Manual Chapter

About BIG-IQ Web Application Security deployments

The BIG-IQ Web Application Security system displays individual deployments and their status (one action per row in the Deployment panel). To distribute policies to selected BIG-IP devices, create deployments from the Deployment panel.

You can deploy security policies to a device that already has the policy by overwriting the existing security policy. If the security policy does not yet exist on the device, you can deploy it as a new policy attached to an available virtual server or you can deploy it as an inactive policy.

To create a deployment, hover over the Deployment panel banner and click the + icon. Populate fields as needed and click Evaluate.

During the evaluation process, BIG-IQ Web Application Security:

  1. Contacts the selected remote BIG-IP devices and synchronizes the working-configuration sets for all.
  2. Takes a snapshot of the working-configuration set for each BIG-IP device.
  3. Compares the remote and local configurations.
  4. Calculates the set of changes to be deployed (number and type of each change).
  5. Displays the number and type of each change.

During the distribution phase, security policies are pushed out to remote BIG-IP devices. Any changes made locally to the BIG-IP device are overwritten.

Adding deployments

When you have completed edits to a policy, you can create a deployment to push changes from BIG-IQ Web Application Security to a target BIG-IP device.
  1. To begin the process, navigate to the Deployment panel.
  2. Hover in the Deployment banner and click the + icon to display the New Deployment panel.
  3. Edit the fields as required. Your changes are saved automatically.
    Option Description
    Deployment Name Name for the deployment that indicates its purpose. It can be useful to develop a convention such as ticket numbers.
    Description Optional description, including the purpose of the deployment or other relevant information.
    Select Devices to Evaluate Available devices are listed to the right of the field. Select or clear check boxes as appropriate.
  4. Click Evaluate to evaluate differences between the working configuration (BIG-IQ Web Application Security) and the configuration on the BIG-IP device.
A deployment is created and listed in the Deployment panel along with its status. A status of READY TO DEPLOY indicates that the working-configuration set can be deployed or the selected BIG-IP device can be rolled back.

Managing deployments

Distribute changes from BIG-IQ Web Application Security to managed BIG-IP devices when a deployment displays a status of READY TO DEPLOY. If there are no changes to deploy, a message displays to confirm this.
  1. To begin the process, navigate to the Deployment panel.
  2. Hover in the banner of the deployment you want to manage, and click the gear icon to expand the panel and display task properties.
    Option Description
    Deployment Name User-provided name of the deployment task.
    Description Optional description, including the purpose of the deployment or other relevant information.
    Task Status Status for deployment phases (evaluation and distribution).
    Start Time Time the deployment started in the format yyyy-mm-ddThh:mm:ss-hours-off-GMT. Example: 2013-05-31T08:16:17-07:00
    End Time Time the deployment ended in the format yyyy-mm-ddThh:mm:ss-hours-off-GMT. Example: 2013-05-31T08:16:36-07:00
    Available Devices List of BIG-IP devices that can be selected for deployment.
  3. Click View Diffs to view differences between the configuration on BIG-IQ Web Application Security and the BIG-IP device. A dialog box appears displaying the differences. The display shows four columns: Type (type of entity changed), Change (add, modify, remove), On BIG-IQ (name of the entity on BIG-IQ Web Application Security), and On BIG-IP (name of the entity on the BIG-IP device).
  4. When ready to deploy, click Deploy to push changes to the selected BIG-IP device.
Deployment states are reflected at the top of the expanded panel. At the end of the deployment process, changes are distributed to the selected BIG-IP device.