After you activate the license, complete the initial setup, and specify your network configuration options, you can customize settings for other Enterprise Manager features.
The configuration details of managed devices (including Enterprise Manager itself) are contained in a compressed user configuration set (UCS) file with the extension of .ucs. This file contains all of the information required to restore a device's configuration, and consists of these elements:
Enterprise Manager saves UCS files to a UCS archive. You can create a task to save UCS archives for devices at regularly scheduled intervals. Archives that are created and saved on a schedule are called, rotating archives. When the system creates rotating archives, it compares the most recently stored UCS archive file to the current configuration on the device at the specified interval. If there are any differences, Enterprise Manager stores a copy of the current configuration in a UCS archive. If there are no differences, Enterprise Manager does not store an additional copy of the current configuration, which leaves you room to store a higher number of unique historical UCS archives. When Enterprise Manager reaches the maximum number of archives specified to store, it deletes the oldest archive in the rotating archive list. By default, Enterprise Manager stores up to 10 rotating archives each, for itself and every managed device.
Another option for archive storage is to create an archive of a specific UCS for a device, referred to as a pinning an archive. Enterprise Manager also creates a pinned archive of a device's current configuration before it installs new software. Pinned archives are stored until you delete them.
|Include||Select this option if you want the system to store private key data when it creates a configuration archive. This is the default setting.|
|Exclude||Select this option if you do not want the system to store private key data when it creates a configuration archive. Note that if you select this option, you must manually restore the keys if you restore the archive.|
To ensure that the stored configuration for each managed device is up-to-date, Enterprise Manager compares it with the device's current configuration at regular intervals. If a configuration change has occurred, Enterprise Manager updates the stored configuration with those changes.
By default, Enterprise Manager contacts its managed devices to check for configuration changes once every 60 minutes. You can reduce the amount of management traffic by increasing this interval or you can more closely monitor the state of devices by decreasing the interval.
|Setting||Disable this option if:|
|Contact F5 During Refresh||Enterprise Manager is behind a firewall and cannot contact F5 licensing servers for updated license information|
|Send Event Notifications to EM||You want to reduce management traffic and refresh only at the interval defined in the Refresh Interval field|
|Check Connectivity From Device to EM||There is a firewall between Enterprise Manager and the managed device, and communication is only allowed unilaterally from Enterprise Manager to the device|
If you do not want to expose the IP address of the Enterprise Manager system or devices, you can use a proxy server specific to the type of communication.
|Internet proxy server||For outbound communication from the Enterprise Manager to F5 Networks for download licensing information, support information, and Application Security Manager attack signature files|
|Device proxy server||For communication between Enterprise Manager and managed devices in your network|
|iControl proxy server||For inbound communication to managed devices, required for authentication, pass-through, and device inventory|
|SMTP proxy server||For alert email notification|
You can configure Enterprise Manager to use a single proxy for SSL and FTP connections, or to use a unique proxy for each protocol.
When you specify an Internet proxy, Enterprise Manager uses that proxy for tasks configured through its task wizards, such as the Licensing wizard.
For example, if you create a task to update the licensing information for a device, Enterprise Manager sends the licensing information through the specified proxy. Conversely, if instead of using the Licensing wizard, you select License option from the System menu on the Main tab to update the licensing information for a device, Enterprise Manager does not send the licensing information through the configured proxy.
You can use Enterprise Manager to obtain updates to the IP Address Intelligence Service database for managed BIG-IP Application Security Manager (ASM) devices, without requiring that those devices connect directly to the public internet.
To do this, you configure Enterprise Manager to communicate with a web proxy connected to the internet. The ASM devices request and receive IP Address Intelligence Service updates transparently, through the Enterprise Manager system.
Before you perform this configuration, you must first: