Applies To:

Show Versions Show Versions

Manual Chapter: Optional Configuration
Manual Chapter
Table of Contents   |   << Previous Chapter

Overview of configuration customization options

After you activate the license, complete the initial setup, and specify your network configuration options, you can customize settings for other Enterprise Manager™ features.

Customizable features:

About UCS archive storage

A benefit of using Enterprise Manager is the ability to store, or archive, the user configuration set (UCS) for each managed device in your network. A UCS archive is a compressed file that contains all of the information required to restore a managed device's configuration, and consists of:

  • System-specific configuration files
  • License
  • User account and password information
  • DNS zone files
  • NameSurfer configuration
  • SSL certificates and keys

Each time you create a new configuration for a device, Enterprise Manager also creates a UCS archive of that configuration. You can also create and store UCS archives for managed devices on demand. These UCS archives are referred to as pinned and are saved until you delete them. The third option is to create a task to save UCS archives on a specified schedule. These archives are called rotating archives.

Enterprise Manager saves multiple archives and cycles out the oldest UCS archive when it saves a new one. By default, Enterprise Manager stores ten rotating and ten pinned UCS archives in its database.

It is best practice to create a rotating UCS archive schedule so that you always have a copy of the most recent configuration for any given device. When Enterprise Manager is prompted to store a UCS archive on a schedule, it compares the UCS archive file to the current configuration at the specified interval. If there are any differences, Enterprise Manager stores a copy of the current configuration. If there are no differences, Enterprise Manager does not create an additional copy of the current configuration.

Note: For additional information about UCS archive features, including information specific to pinned archives and instructions about changing the default number of archives saved, see the Enterprise Manager™ Administrator Guide.

Creating a rotating UCS archive schedule

The benefit of creating a scheduled rotating archive is that you always have the current configurations stored for your devices without storing duplicate archives. This leaves you room to store a higher number of historical UCS archive files.
  1. On the Main tab, click Enterprise Management > Tasks > Schedules > Archive Collection. The Archive Collection screen opens.
  2. Click the Create button.
  3. In the Archive File Name field, type a name for the rotating archive schedule.
  4. From the Check for Changes list, select the frequency that you want Enterprise Manager to check the configurations of your managed devices. Depending on your selection, the screen refreshes to display associated options.
  5. Specify the day of the week or month, and the time of day that you want Enterprise Manager to check for device configuration changes.
  6. From the Private Keys list, select an option to include or exclude private SSL keys in the rotating archive.
  7. From the Status list, select an option to enable or disable the rotating archive schedule after you create it.
  8. For the Devices or Devices Lists setting, in the Available list, select a device or device list and click the Move button to move the selected devices or device list to Assigned.
  9. Click Finished to save the settings.
The Archive Collection list screen opens and the new rotating archive schedule appears in the list. If a device in the Assigned list changes its configuration during the interval you specified, Enterprise Manager creates an archive of the device's configuration and adds it to the rotating archives on the Archives Collection screen.

Changing private key archive settings

When Enterprise Manager™ creates a configuration archive, it stores the private keys in an archive by default. If you would prefer not to have the system store the private keys in an archive, you can change this default behavior.
Important: If you choose not to have Enterprise Manager™ store the private keys when a configuration archive is created, you must manually restore the keys if you restore the archive.
  1. From the Main tab, click Enterprise Management > Options > Certificates > SSL Private Keys .
  2. From the Private Keys in Archives list, select an option:
    Option Description
    Include Select this option if you want the system to store private key data when it creates a configuration archive. This is the default setting.
    Exclude Select this option if you do not want the system to store private key data when it creates a configuration archive. Note that if you select this option, you must manually restore the keys if you restore the archive.
  3. Click Save Changes.

About the health and performance monitoring database

When statistics data collection is enabled, Enterprise Manager™ stores the following information in its statistics database for each managed device on which the Data Collection Agent is installed:

  • Specifics about the managed devices, such as host name, IP address, and software version.
  • Details, such as object type and name, about any enabled network objects associated with a managed device.
  • Performance and health data for managed devices and associated network objects.

You can use the collected statistics to display standardized reports about the health and performance of managed devices in your network. This helps you identify any systems that are not performing at full capacity and assists you in determining when you should add new devices.

Important: Enterprise Manager collects statistics only from devices that have BIG-IP® Local Traffic Manager™ licensed and provisioned. Starting with Enterprise Manager version 2.3, Enterprise Manager can also collect statistics from devices licensed and provisioned for BIG-IP Global Traffic Manager™.

To start collecting statistics, you must enable the collect statistics data feature and install the Data Collection Agent.

Note: For additional information about the health and performance monitoring feature, see the Enterprise Manager™ Administrator Guide.

Task summary

Enabling statistics data collection

To collect statistics you must enable data collection, which is disabled by default.
Important: Due to the processing power required to collect and store statistics data, only Enterprise Manager™ 3000 and 4000 platforms and Enterprise Manager Virtual Edition (VE) support statistics data collection. If you are upgrading from a version of Enterprise Manager that is earlier than 1.7, you must re-license the system before enabling data collection.
  1. On the Main tab, click Enterprise Management > Options > Statistics > Data Collection.
  2. For the Collect Statistics Data setting, select Enabled.
  3. Click the Save Changes button.
When you enable statistics collection, Enterprise Manager verifies that each managed device has a compatible version of the Data Collection Agent installed.

Installing the Data Collection Agent

When data collection is enabled, Enterprise Manager™ collects health and performance monitoring statistics data for each managed device in your network on which the most current version of the Data Collection Agent is installed. If a device on which statistics is enabled requires a more recent version of the Data Collection Agent, Enterprise Manager displays that device as Impaired in the device list, and indicates that an upgrade is required.
You can use the Data Collection Agent Installation wizard to update and install the Data Collection Agent.
  1. On the Main tab, click Enterprise Management > Tasks > Task List.
  2. Click the New Task button.
  3. For the Software Installation setting, click Install Data Collection Agent, and then click Next. The Data Collection Agent Installation screen opens.
  4. For the Device Filter setting, click the Devices with data collection enabled requiring update option. The screen refreshes to display the devices that require an update.
  5. Select the check box next to each device on which you want to install the most recent version of the Data Collection Agent, and click Next. The Task Options screen opens.
  6. From the Configuration Archive list, select an option to include or exclude private SSL keys in the configuration archive.
  7. From the Device Error Behavior list, select an option to specify how you want the system to proceed if an error occurs during the Data Collection Agent installation task.
  8. Click Next. The Task Review screen opens.
  9. In the Task Name field, you can type a new name to customize the name that displays in the task list.
  10. Click the Start Task button. The Task Properties screen opens, displaying the progress of the task. The task progress displays as Finished when the Data Collection Agent is installed.
Enterprise Manager starts collecting and storing health and performance monitoring statistics for the devices on which data collection is enabled and the Data Collection Agent is installed.

About the startup screen

Each time you log on to Enterprise Manager™ a startup screen displays. By default, the startup screen is the Welcome screen, but you have the option to change this screen if you find an alternative screen more useful.

Changing the default startup screen

To change the default screen, perform these steps.
  1. On the Main tab, click System > Preferences.
  2. From the Start Screen list, select the default screen that you want displayed at startup.
Default startup screen options

You can use this table to determine which screens are most relevant to your needs.

Default startup screen option Description To access
Welcome Contains links to setup, support, plug-ins, and additional downloads. Click Overview and Welcome.
Performance Displays statistics related to the Enterprise Manager system performance. Click Overview and Performance.
Device List Displays a list of all of the devices you are managing with Enterprise Manager. Click Enterprise Management and Devices.
Task List Displays a list of running and completed tasks. Click Enterprise Management and Tasks.
Device Statistics Displays a summary of statistics graphs for all managed devices. Click Enterprise Management, Statistics, and View.
Custom Lists Displays a customizable list of objects. Click Enterprise Management and Custom Lists.

About alert management

You can configure Enterprise Manager™ to manage alerts in these ways:

  • Send SNMP traps to a remote SNMP server
  • Send email alerts to a specific recipient

Simple Network Management Protocol (SNMP) is an industry-standard protocol that gives an SNMP management system the ability to remotely manage a device on your network. You have the option to configure alerts that prompt Enterprise Manager™ to send SNMP traps to a remote SNMP server.

To send SNMP traps in this manner, you provide the SNMP agent and SNMP client access to the Enterprise Management system. As Enterprise Manager system shares the same operating system as a BIG-IP® system, you can configure SNMP on the Enterprise Manager system in the same way that you do on a BIG-IP system. For detailed information about how to configure SNMP traps, see the TMOS® Management Guide for BIG-IP® Systems. The SNMP versions that the Enterprise Manager system supports are: SNMP v1, SNMP v2c, and SNMP v3.

If you want to have a specific recipient receive an email message when an alert is triggered, you must complete specific tasks so that Enterprise Manager™ can deliver locally generated email messages.

Attention:

To perform the specific tasks, you must have administrator privileges with root access for the Configuration utility.

Task summary:

Verifying that the postfix service is enabled

Use this procedure to confirm that the postfix mail server service is enabled.
  1. On the Main tab, click System > Services. The Services List screen opens.
  2. Locate the postfix service in the list.
  3. Verify that postfix is running by viewing the History column.
  4. If postfix is not running, select the check box next to postfix and click the Start button.

Specifying the IP address of your DNS server

Enterprise Manager™ must specify the IP address of your DNS server in order to set up and send an email alert.
  1. On the Main tab, click System > Configuration > Device > DNS.
  2. In the DNS Lookup Server List area, in the Address field, type the IP address of your DNS server(s).
  3. Click the Add button.
  4. Click Update to save the changes.

Verifying DNS resolution

After you specify the IP address of your DNS server, you can verify that the address properly resolves.
  1. Log in as root at the command line.
  2. Type the following command: dig <domain> For example, to query MX and siterequest.com, you would type dig siterequest.com mx. The result to this query should appear similar to this example, indicating that Enterprise Manager™ is able to resolve the email exchanger. ; << >> DiG 9.2.2 << >> siterequest.com mx ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16174 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;siterequest.com. IN MX ;; ANSWER SECTION: siterequest.com. 86400 IN MX 10 mail.siterequest.com. ;; Query time: 65 msec ;; SERVER: 172.16.100.1#53(172.16.100.1) ;; WHEN: Mon Nov 8 14:32:07 2011 ;; MSG SIZE rcvd: 51

Specifying alert defaults

It is important to specify default behavior for alerts before you enable the alert options.
  1. On the Main tab, click Enterprise Management > Options > Alerts .
  2. In the Email Recipient field, type the email address of the user, or the alias, that you want to Enterprise Manager™ to send the alert to by default.
  3. If you want to log alert events to a syslog file:
    1. In the Syslog Server Address field, type the IP address of the remote server where you want to store alert event logs.
    2. In the Maximum History Entries field, type the maximum number of alerts that you want stored in the syslog file. If the alert history reaches the limit you set, Enterprise Manager deletes the oldest entries to create room for newer entries.
  4. Click Save Changes.

About modifications for email alerts

The postfix mail server is initiated by default when you start Enterprise Manager™. You can, however, customize the configuration for email notification from the Enterprise Manager system's command line.

Modifying the postfix configuration file for email notification
You can modify the postfix configuration file to specify variables required for your email domain, host, and interface.
  1. Using a text editor, such as vi or pico, edit the configuration file: /etc/postfix/main.cf.
  2. Find the variable mydomain, and change it to specify the domain for your site. For example, for domain siterequest.com you would type the following command: mydomain = siterequest.com.
  3. Set the relayhost variable as in the following example. relayhost = $mydomain
  4. If you want only the local host to send email, set the inet_interfaces variable to local host by typing the following command: inet_interfaces = localhost
  5. Save and exit the file.
Specifying a mailserver domain
After you modify the postfix configuration file, you can then specify your mailserver domain name in the hosts files.
You need to perform several steps from the command line in order to specify the mailserver domain and configure your email alert.
  1. Using a text editor, such as vi or pico, edit the /etc/hosts file.
  2. Create a record for the fully qualified domain name (FQDN) of your mail server by typing the following command: echo "<yourmailserver_IP_address> <your_mailserver_fqdn>" >> For example: echo "10.10.65.1 mail.siterequest.com" >> /etc/hosts
  3. Save and exit the file.
  4. Send a test email by typing the following command: echo test | mail <your email address>
  5. View the email queue by typing the following command: mailq
  6. To send any unsent email, type the following command: postfix flush
  7. In the /etc/postfix/aliases file, locate the following entry: # Person who should get root's mail. This alias # must exist. # CHANGE THIS LINE to an account of a HUMAN root: postfix
  8. Change the root alias to the email account to which you want mail to be sent. For example: root: helpdesk@postfix.fix
  9. Save and exit the file.
  10. Type the following command: newaliases
  11. Send a test email by typing the following command: t>echo test | mail <your email address> If configured properly, the email is delivered to the address that you specified in the /etc/postfix/aliases file.
  12. Type the service postfix restart command and press Enter.

Understanding user roles

Enterprise Manager™ classifies the permissions for the user roles as either non-restricted or restricted. These user roles are defined as:

Administrator
This role (non-restricted) can perform all management functions available to Enterprise Manager, including managing other user accounts and roles.
Operator and Application Editor
By default, these roles (restricted) perform fewer management tasks than the Administrator. You can customize each role by specifying the tasks that the role is allowed to perform.

Customizing user role permissions

When you initially set up Enterprise Manager™, you configure a default administrator-level user account that permits you to configure and start working with the system through the web interface. You can use this procedure to customize permissions for users, defining which user role (Operator or Application Editor) can perform specific device management tasks.
  1. On the Main tab, click Enterprise Management > Access Control > Role Permissions.
  2. For each restricted user role, select or clear the check box next to the permission you want to modify.
  3. Click Apply to save your changes.
User role permissions and management tasks

There are eight different types of permissions that you can specify for each restricted user role. You can specify any of these management task permissions to the Operator and Application Editor user roles.

Permission Management task
Manage Device Configuration Archives Create and manage UCS archives for all managed devices
Browse Device Configurations View device configuration settings using the Enterprise Manager configuration browser
Compare Device Configuration Archives Compare UCS configuration files between two devices
Stage Changesets for Deployment from Published Templates Create a new staged changeset from a published template
Deploy Staged Changesets Deploy a staged changeset created by the user, or another user
Administer Device Lists Manage device list members
Synchronize Device Configuration with Peer Synchronize peer device configurations
Failover Devices Initiate a failover to a peer managed device

Overview of communication settings

Enterprise Manager™ communicates with devices in your network and F5 servers through a secure HTTPS connection. You can also use a proxy server for communication with network devices to download licensing information, support information, or Application Security Manager™attack signature files and an FTP proxy to send support data in a support data collection task.

Specifying a proxy server for downloading files and information

When you specify a proxy server address, it applies only to tasks configured through Enterprise Manager™ task wizards, such as the Licensing wizard. For example, if you specify a proxy server address and select License option from the System menu on the Main tab to update the licensing information for a device, Enterprise Manager does not send the licensing information through the proxy. However, if you create a task to update the licensing information for a device instead, Enterprise Manager sends the licensing information through the specified proxy.
  1. On the Main tab, click Enterprise Management > Options > Proxies.
  2. On the menu bar, click Options.
  3. In the Internet Proxy area, select the Use Proxy check box. The screen refreshes, displaying additional options.
  4. In the SSL Proxy Address field, type the address of the SSL proxy server.
  5. If you want to use a separate SSL proxy for FTP connections:
    1. Clear the Also use this proxy address for FTP protocol check box.
    2. In the FTP Proxy Address field, type the FTP proxy server address.
  6. Click Save Changes.

Specifying a proxy server for communication between Enterprise Manager and devices

By default, Enterprise Manager™ communicates with devices through HTTPS. You have the option to specify a proxy server for communication between Enterprise Manager and your network devices.
  1. On the Main tab, click Enterprise Management > Options > Proxies.
  2. In the Device Proxy area, select the Use Proxy check box. The screen refreshes, displaying additional options.
  3. In the EM-side SSL Proxy Address field, type the SSL proxy server address that you want to use for Enterprise Manager.
  4. If you want to use the same SSL proxy address for the device side, select the Also use this proxy address for the device-side connections check box.
  5. To specify a separate device-side SSL proxy address, in the Device-side SSL Proxy Address field, type the SSL proxy server address that you want to use for your devices.
  6. Click Save Changes.
Table of Contents   |   << Previous Chapter

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)