Applies To:

Show Versions Show Versions

Manual Chapter: Enterprise Manager Administrator Guide: Installation and Setup
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>


2

Installation and Setup


Installing Enterprise Manager in the network

Incorporating Enterprise Manager into your network is as simple as adding any F5 Networks device. You can use the Enterprise Manager Quick Start Instructions included with the system to get started with the physical installation and initial network configuration. See Chapter 3, Licensing and Configuring the System for detailed information on licensing, platform configuration, and basic default settings.

This chapter describes how to configure devices in your network to work with Enterprise Manager.

Depending on your network topology, you may have to configure a SNAT, NAT, or multiple virtual servers external to the Enterprise Manager device in order to ensure proper communication between Enterprise Manager and managed devices.

Choosing a network topology

Enterprise Manager is designed to work within virtually any network configuration and can adapt to the management configuration you already use for F5 Networks devices in your network. You connect Enterprise Manager to devices in the network through the interfaces available on both the Enterprise Manager device and the F5 Networks devices in the network. The interfaces on the Enterprise Manager or other F5 Networks system are the physical ports that you use to connect each system to other devices on the network.

Note

Throughout this guide, the term interface refers to the physical ports on the Enterprise Manager or BIG-IP system.

Enterprise Manager can work with the network topology of your choice in two distinct ways:

  • You can use a management network through the management interface (MGMT port) on both the Enterprise Manager device and each managed device for enterprise management communications.
  • You can use a self IP through a TMM switch interface on both the Enterprise Manager device and each managed device for enterprise management communications.
Important

For Enterprise Manager to work properly, you must enable two-way communication between the Enterprise Manager device and each managed device. Enterprise Manager communicates with managed devices using port 443, and requests a response from each device through this port.

Using the management interface

We recommend that, whenever possible, you create a management network that you administer through the management interface on each managed device and the Enterprise Manager system. The management interface is a special port on the BIG-IP system, used for managing administrative traffic. Named MGMT, the management interface does not forward user application traffic, such as traffic slated for load balancing.

This type of configuration requires the least amount of additional configuration when you discover and begin to manage devices. Additionally, when you add new devices to a management network, you do not need to perform extensive configuration to manage the new device with Enterprise Manager when you add a new device to the network, as long as all devices on the management network exist on the same subnet.

This type of configuration keeps traffic management communication separate from enterprise management communications, and does not require you to dedicate a TMM switch interface to device management traffic.

Using a TMM switch interface for device management

You can use Enterprise Manager to communicate with managed devices through one of the managed device's TMM switch interfaces. TMM switch interfaces are those interfaces that the BIG-IP system uses to send or receive application traffic, that is, traffic slated for load balancing. However, this type of network setup frequently requires some additional configuration in order to maintain a two-way connection between Enterprise Manager and managed devices.

If you want to connect to a managed device through a TMM switch interface, you must associate the interface on the managed device with a VLAN and a self IP address so that Enterprise Manager can recognize and connect to the device in the network (through its own MGMT interface or through a self IP and VLAN that you configure on Enterprise Manager). If you choose to use a TMM switch interface on managed devices, Enterprise Manager uses this interface for sending software upgrades to the managed device and we recommend that you do not use the interface for managing traffic. When you are deciding on which interface to use for the connection to Enterprise Manager, we recommend that you use the same interface that you currently use for device administration.

For information on how to configure and use the management interface, see Chapter 4, Configuring the BIG-IP Platform and General Properties in the BIG-IP Network and System Management Guide.

Working with different network configurations

When you initially configured the F5 Networks devices in your network, you made a decision to administer each device through the MGMT interface or through a TMM switch interface. Your previous device management choice generally determines how you configure Enterprise Manager to work as your enterprise management system, but you can use this opportunity to build separate management networks that will keep device administration separate from traffic management.

Because Enterprise Manager communicates with managed devices on a regular interval, you must keep a two-way communication open between Enterprise Manager and managed devices. On each managed device, you must ensure that device management traffic does not interfere with traffic management activity.

Whether this means configuring your managed devices to use virtual servers to communicate through a multi-tiered device configuration or, configuring a firewall NAT to translate IP addresses depends on your existing network topology.

The following sections outline three of the most common network topology scenarios:

  • A network using a NAT to facilitate address translation
  • A network set up in a tiered configuration with multiple BIG-IP systems.
  • A tiered network configuration using a SNAT to communicate with Enterprise Manager

Enterprise Manager can work well in any of these configurations, or in configurations that combine some of the scenarios described.

In many cases, you may have already completed some of the required tasks while configuring your network for traffic management.

Working with a NAT configuration

If you use a firewall with a NAT to translate IP addresses, you must ensure that the NAT is properly configured for Enterprise Manager to use for device management. Usually, if your NAT works well for your traffic management, you may not have to perform any additional configuration other than ensuring that Enterprise Manager recognizes devices in the network at the IP addresses you expect, and that each device can properly communicate back to Enterprise Manager.

In this common configuration, a NAT translates the IP addresses of managed devices through the firewall into addresses that Enterprise Manager can use to talk to a managed device.

After you discover devices in this kind of configuration, you must configure the device general properties so that each managed device can initiate communications with Enterprise Manager.

Tip


If you use a NAT in your network, you may want to take notes of translated addresses for reference when discovering and managing devices with Enterprise Manager.

Configuring your devices to work with NAT

To open a two-way connection between each managed device and Enterprise Manager, ensure that you perform the following tasks:

  • Configure a TMM switch interface or the MGMT interface on each managed device to accept and send communications on port 443.
  • if you choose to use TMM switch interfaces, on each of these interfaces, configure a self IP that the managed device should use for device management activity such as receiving software or hotfix upgrades.
    Note: You do not need to configure a self IP on the managed device if you connect to the MGMT interface on the managed device.
  • Configure the NAT so that the management IP address that Enterprise Manager uses to connect to each device maps to the MGMT interface on each managed device, or to the management self IP you defined for a TMM switch interface.
  • Discover the devices using the IP addresses translated by the NAT. See Discovering devices, on page 4-2 for detailed information on discovering devices.
  • Configure the general properties of newly discovered devices so that each managed device can initiate communications to the Enterprise Manager device. See Setting device communication properties, on page 4-5 for instructions on how to set device communication properties.
  • Test the two way connection by opening a Telnet session on the managed device to test communication over port 443 to the Enterprise Manager system. See Testing communications between devices and Enterprise Manager, on page 4-6 for more information on working with the connection between Enterprise Manager and managed devices.

Working with a tiered network configuration

Another common network deployment involves placing multiple F5 Networks devices behind a BIG-IP system in order to load balance requests to multiple devices. For example, if you use ten BIG-IP systems to load balance requests to multiple servers, you may add another tier to the load balancing by using another BIG-IP system to load balance requests to the ten BIG-IP systems.

In this configuration, virtual servers provide a route through the multiple tiers for network requests. For Enterprise Manager to work properly in this configuration, you must set up multiple virtual servers on the top traffic management tier to properly send device management traffic through each tier. Additionally, you must configure one virtual server on each managed device exclusively for enterprise management traffic.

Like a NAT in the previous example, you should use the BIG-IP system that balances requests to the other systems to translate enterprise management traffic through virtual server addresses. Alternately, you can configure a SNAT on the top tier BIG-IP system to send communications back to Enterprise Manager. See Working with a tiered configuration using SNAT for more information on using a SNAT in a tiered configuration.

On the top tier device in your tiered configuration, you must configure two virtual servers, each using port 443. Enterprise Manager uses the first virtual server to communicate to the managed devices on the lower tier, and the managed devices use the second virtual server to initiate communication with Enterprise Manager.

When you discover devices, you should discover the virtual server addresses that you configured for device management. After you discover devices, you must configure the device general properties on the Enterprise Manager system so that managed devices can properly communicate with the Enterprise Manager system.

Configuring your devices to work in a tiered configuration

To open a two-way connection between each managed device and Enterprise Manager in a tiered network configuration, ensure that you perform the following tasks:

  • Configure a virtual server on the top tier BIG-IP system to accept communications such as software or hotfix upgrades from Enterprise Manager on port 443.
  • Configure a virtual server on the top tier BIG-IP system to send communications to Enterprise Manager on port 443.
  • If you use the TMM switch interfaces, configure a VLAN and self IP on each lower tier managed device to receive communications (translated through the top tier system) from the Enterprise Manager device on port 443.
  • If you use the TMM switch interfaces, configure an additional VLAN and self IP on each lower tier managed device to send communications (translated through the top tier system) to Enterprise Manager on port 443.
  • Discover the devices using the first set of virtual server IP addresses that you configured for managed devices to receive communications from Enterprise Manager. See Discovering devices, on page 4-2 for detailed information on discovering devices.
  • Configure the general properties of newly discovered devices so that each managed device can initiate communications to the Enterprise Manager device. See Setting device communication properties, on page 4-5 for instructions on how to set device communication properties.

Working with a tiered configuration using SNAT

Another network configuration involves using the tiered approach described in the previous section in addition to using a SNAT for secure address translation on the top tier BIG-IP system.

In this configuration, virtual servers provide a route through the top tier for Enterprise Manager to contact managed devices, while a SNAT allows the managed device to contact the Enterprise Manager system. For Enterprise Manager to work properly in this configuration, you must set up multiple virtual servers and configure a SNAT to properly translate the IP addresses of these virtual servers for outbound communications to the Enterprise Manager system.

Configuring your devices to work with a tiered network using SNAT address translation

To open a two-way connection between each managed device and Enterprise Manager in a tiered network configuration with a SNAT, ensure that you perform the following tasks:

  • Configure a virtual server on the top tier BIG-IP system to accept communications such as software or hotfix upgrades, from Enterprise Manager on port 443.
  • Configure a SNAT on the top tier BIG-IP system to translate the IP address from the virtual servers on the managed device to the Enterprise Manager system.
  • If you use the TMM switch ports, configure a VLAN and self IP on each lower-tier managed device to receive communications (translated through the top tier system) from the Enterprise Manager device on port 443.
  • Discover the devices using the first set of virtual server IP addresses that you configured for managed devices to receive communications from Enterprise Manager. See Discovering devices, on page 4-2 for detailed information on discovering devices.
  • Configure the general properties of newly discovered devices so that each managed device can initiate communications to the Enterprise Manager device. See Setting device communication properties, on page 4-5 for instructions on how to set device communication properties.



Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)