Enterprise Manager fits into your existing network configuration in a similar manner to your other F5 Networks devices. The Enterprise Manager Quick Start Instructions included with the device introduce the basic steps required to set up and start working with the Enterprise Manager system.
This chapter details the process of licensing and configuring the system, including setting up management network defaults, default self IPs and VLANs, and setting general preferences for working with Enterprise Manager.
This chapter assumes that you have previously set up, licensed, and configured one or more BIG-IP systems in your network, and that you have connected the Enterprise Manager system to a management workstation or network.
The initial licensing, platform setup, and network configuration procedures in the following sections are based on the procedures described in the Installation, Licensing, and Upgrades for BIG-IP Systems guide. Consult that guide if you require additional information not described in this chapter.
To activate the license for the system, you must have a base registration key. The base registration key is a 33-character string that lets the license server know which F5 products you are entitled to license. If you do not already have a base registration key, you can obtain one from the sales group (http://www.f5.com).
If the system is not yet licensed, the Configuration utility prompts you to enter the base registration key. Certain systems may require you to enter keys for additional modules in the Add-On Registration Key List box.
After you configure an IP address, net mask, and gateway on the management port, you can access the Configuration utility (graphical user interface) through the management port.
For more information on how to work with a console connection, and how to configure network settings on the MGMT interface, see the Connecting a Management Workstation or Network chapter in the Installation, Licensing, and Upgrades for BIG-IP Systems guide.
The Licensing screen of the Configuration utility opens (Figure 3.1 ). The Setup utility appears the first time you run the Configuration utility.
Note that you can update the license at any time by using the Licensing option that is available in the System area on the Main tab.
After you have activated the license on the system, the Configuration utility prompts you for the basic configuration information for managing the system (Figure 3.2 ). This required information includes the following settings.
Each heading in this section provides a basic description to assist you in choosing settings on the Platform Setup screen.
You can specify an IP address for the management (administrative) port. If you set the management interface IP address using the LCD screen that is available on some platforms, you do not need to configure this setting. You can also specify a network mask for the administrative port's IP address and the IP address of the default route for the management port.
You must enter a fully qualified domain name (FQDN) for the system. Only letters, numbers, and the characters dash ( - ) and period
( . ) are allowed.
The host IP address is the IP address that you want to associate with the host name:
A high availability system consists of two units that share configuration information:
Select 1 or 2 to identify the system's unit ID number in the redundant system. The default unit ID number is 1. If this is the first unit in the redundant system, use the default. When you configure the second unit in the system, type 2.
Select the time zone that most closely represents the location of the system. This ensures that the clock for the Enterprise Manager system is set correctly, and that dates and times recorded in log files correspond to the time zone of the system administrator. Scroll through the list to find the time zone at your location.
The root account provides access to this system from the console.
The admin account provides access to the system through a browser.
This setting enables the built-in account, support, for access to the system's command line interface and browser interface. If you activate the account, you must also supply a password and password confirmation. The technical support staff uses the support account to analyze the system if you need assistance with troubleshooting issues.
Check the Enabled box if you want to activate SSH access to the Enterprise Manager system.
If you have enabled SSH access, you can specify the IP address or address range for other systems that can use SSH to communicate with the system. To grant unrestricted SSH access to all IP addresses select *All Addresses. To specify a range, select Specify Range, and then type an address or address range in the box, to restrict SSH access to a block of IP addresses. For example, to restrict access to only systems on the 192.168.0.0 network, type 192.168.*.*.
Once you have configured the system, if you need to reconfigure any system settings, you can run the Setup portion of the Configuration utility again by clicking the Run the Setup utility link on the Welcome screen. As you proceed through the Setup utility, click the Help tab for information about the settings on each screen.
Once you have licensed the system, and configured the basic management system settings, the Options screen opens in the Configuration utility. The Options screen contains two options for creating the enterprise management configuration.
You can use the Basic Configuration wizard to configure two default VLANs for the system, internal and external. Note that you can update the network configuration at any time by using the options that are available under the Network or System sections on the Main tab.
Consult the online help if you need detailed information about specific settings when configuring the default VLANs and self IPs.
To successfully manage devices, you must set up Enterprise Manager preferences. These preferences determine how Enterprise Manager handles such features as high availability, software management, device configuration archiving, certificate management, alerting, logging, and user management.
You can configure Enterprise Manager as a part of a high availability system, but the high availability features are not the same as a BIG-IP system high availability that you may be familiar with. Enterprise Manager high availability mainly provides a warm backup of an active system. A warm backup is a system that duplicates the configuration information of it's peer device, and can perform all of the functions of its peer, but requires manual intervention to maintain the integrity of the backup configuration information.
The primary advantage of an Enterprise Manager high availability system is that you can maintain an active-standby configuration where you back up the Enterprise Manager configuration, including device, alert, archive, certificate, and software repository information. This ensures that once you manage multiple devices with Enterprise Manager, you can maintain a back up of all the network management information stored in the Enterprise Manager database as long as you run regular ConfigSync tasks whenever you change the Enterprise Manager configuration.
You can manage the ConfigSync task on the Enterprise Manager device in the same way that you manage high availability managed devices. See Working with high availability systems, on page 4-6 for more information.
Additionally, you can monitor the sync status of the Enterprise Manager pair from the device's general properties screen, or by looking at the status displayed in the upper left corner of the screen above the navigation pane.
There are four main differences between high availability on an Enterprise Manager system and a BIG-IP system. The first is that Enterprise Manager can only use an active-standby configuration for high availability. The second is that the failover function on Enterprise Manager does not work in the same way that it does on a BIG-IP system. The third is that the ConfigSync process requires much more time on an Enterprise Manager system. Finally, you cannot make configuration changes on an Enterprise Manager system in standby mode.
When you configure the settings on the Platform Setup screen during the initial system setup, you can specify the type of high availability system, if appropriate. If you use Enterprise Manager in a high availability configuration, you can only use the active-standby configuration, and not the active-active configuration.
In an Enterprise Manager high availability system, if the active device fails over, the standby device becomes active. However, if any processes are running, such as a software installation or device archiving task, this process is not continued by the new active device.
Because the Enterprise Manager system is designed to manage enterprise devices instead of traffic, it cannot synchronize user-configured or scheduled tasks in real time. Instead, for a failover to be successful, Enterprise Manager requires a ConfigSync operation after each major configuration change.
After a failover, the newly active system maintains the last known configuration before any user-initiated or scheduled task if the systems were properly synchronized. If a failover occurs during a running task, you must reconfigure and re-start the task.
The Enterprise Manager database contains considerably more configuration data than a typical BIG-IP system because it stores configuration data for a large number of devices. The main effect of this is that a ConfigSync process requires much more time than a similar process on a typical BIG-IP system. Also, when you start a ConfigSync task for Enterprise Manager, the system may report that the task is complete, although it is still running.
To ensure that the configurations are synchronized after you start a ConfigSync task, you should check the status of devices on the target device where you are copying the configuration. If a Maintenance Task appears in the task list, then the ConfigSync task is not complete.
Additionally in a failover scenario, if a task is running, the task does not continue when a standby peer becomes the active peer. If you encounter this situation, you should re-configure the task and restart it.
When an Enterprise Manager system is in standby mode, you cannot make configuration changes such as adding devices, importing software, or configuring alerts on the standby device. If you attempt to make changes on a system in standby mode, you receive an error.
To ensure that you do not initiate tasks on a standby system, check for an Active or Standby status message in the upper left corner of the screen.
If you choose to configure two Enterprise Manager systems in a high availability configuration, you must run an initial configuration synchronization in order for the systems to work properly. Additionally, you must specify the same password for the admin user on each device in the redundant configuration.
This procedure describes the basic steps necessary to set up an Enterprise Manager high availability system. To configure these settings, you must have already configured two Enterprise Manager systems and set each device as a Redundant Pair on the Platform Setup screen in the Setup utility.
When you start up Enterprise Manager, one device option is already set by default: the rate at which Enterprise Manager requests updated metrics from each managed device. When you discover devices and add them to the device list, Enterprise Manager refreshes the device information at a default interval of once every 10 minutes. You can reduce the amount of management traffic by increasing the interval, or you can more closely monitor the state of devices by decreasing the interval. For more information about discovering and managing devices, see Chapter 4, Discovering and Managing Devices .
Enterprise Manager provides a secure location to store device configuration archives for all managed devices. You can set up a rotating schedule for archiving, and you can save multiple archives in the Enterprise Manager database.
When you first start Enterprise Manager, the number of rotating archives or pinned archives Enterprise Manager can store in its database is set by default. Enterprise Manager is initially set to store up to 10 rotating device archives and 10 saved, or pinned, archives per device in its database.
Enterprise Manager manages rotating archives in its database in a first in, first out manner. That is, once the database reaches the maximum number or archives, it deletes the oldest archive in the rotating archive list.
Conversely, pinned archives require manual intervention once Enterprise Manager reaches the maximum. When a user attempts to create a pinned archive that exceeds the limit, the system warns that it cannot create a new pinned archive until the users deletes at least one from the current list or increases the maximum limit.
If you want to maintain more device configuration for backup and restore flexibility, you can increase this value as needed, but the number of stored archives can affect the disk space on the Enterprise Manager device. For detailed information about how Enterprise Manager works with device archives, including setting up rotating archive schedules or saving multiple configuration archives, see Chapter 6, Managing Device Configuration Archives .
Because Enterprise Manager can send email alerts, log events in a remote syslog file, or send SNMP traps, you should configure these defaults before enabling alert instances that use any of these options. Additionally, Enterprise Manager can log each alert event in the alert history. Depending on how many alerts you need to track over time, you can control the maximum size of this alert log.
For information on how the alerting process works in Enterprise Manager and how to configure alerts for managed devices in the network, see Chapter 7, Monitoring and Alerting .
If you use the alerting features of Enterprise Manager, you can send SNMP traps to a remote SNMP server. Simple Network Management Protocol (SNMP) is an industry-standard protocol that gives a standard SNMP management system the ability to remotely manage a device on the network. The SNMP versions that the Enterprise Manager system supports are: SNMP v1, SNMP v2c, and SNMP v3.
Enterprise Manager works with SNMP is the same way that a BIG-IP system works with SNMP. If you elect to send SNMP traps when configuring alerts, you must configure the SNMP agent and SNMP client access to the Enterprise Management system.
Because the Enterprise Manager system shares the same operating system as a BIG-IP system, you can configure SNMP on the Enterprise Manager system in the same way that you do on a BIG-IP system. See the Configuring SNMP chapter in the BIG-IP Network and System Management Guide for detailed information on how to configure SNMP information.
When you configure alerts, you have the option for the system to send email messages to a user that you specify when the alert is triggered. In order to enable this feature, you must configure the Enterprise Manager system to deliver locally generated email messages.
To configure Enterprise Manager to deliver locally generated email messages complete the following steps:
To configure internal email requires root access to the command console and Administrator privileges for the Configuration utility.
By default, the postfix mail server service is enabled when you install the Enterprise Manager software, but you may need to confirm this.
For example, to query type MX and siterequest.com, which is where email is delivered, you would type the following command:dig siterequest.com mx
You should receive a response similar to the following figure, indicating that Enterprise Manager is able to resolve the mail exchanger.
; <<>> DiG 9.2.2 <<>> siterequest.com mx
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16174
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;siterequest.com. IN MX
;; ANSWER SECTION:
siterequest.com. 86400 IN MX 10 mail.siterequest.com.
;; Query time: 65 msec
;; SERVER: 172.16.100.1#53(172.16.100.1)
;; WHEN: Mon Nov 8 14:32:07 2002
;; MSG SIZE rcvd: 51
By default, the postfix mail server is started when you start Enterprise Manager. If you need to modify postfix files, perform the following steps from the command line of the Enterprise Manager system, then restart the postfix service.
For example:echo "10.10.65.1 mail.siterequest.com" >> /etc/hosts
# Person who should get root's mail. This alias
# must exist.
# CHANGE THIS LINE to an account of a HUMAN
For example:root: email@example.com
If configured properly, the email is delivered to the address that you specified in the /etc/postfix/aliases file.
For example:echo "this is a test" | mail root
When you initially set up Enterprise Manager, you configure a default administrator user account that permits you to set up and start working with the system through the web interface.
In order to discover and manage devices in the network, you must configure an administrator-level user account that matches an administrator-level user name on devices that you want to manage.
Enterprise Manager maintains a local authentication list of users, but you can choose to use a remote LDAP, Active Directory, or RADIUS authentication source.
The Enterprise Manager user list specifies all user accounts that have administrator access to managed devices in the network. Each managed device authenticates the user names stored in the Enterprise Manager User List in order to authorize Enterprise Manager to perform device management tasks.
When you add new users, ensure that you use the same administrator-level user name that you currently use for managing BIG-IP systems in your network.
After you select the type of remote authentication source, the Configuration table appears, where you can enter the remote server information.