is an appliance that simplifies the administrative tasks associated with managing multiple F5 Networks devices. Enterprise Manager also collects and stores information about managed devices in a database, which you can access through a web-based interface. The product is scalable, so as you add F5 Networks devices to your network, you can manage them using Enterprise Manager.
Once the devices are a part of the Enterprise Manager device list, you can
perform a variety of tasks including software upgrades, managing configuration archives, and configuring alerts.
Although Enterprise Manager works with multiple versions of BIG-IP
software, we recommend that you upgrade your managed devices to the latest version to ensure the most optimal performance.
Enterprise Manager works in your network in a manner similar to your other
F5 devices. Rather than manage traffic, however, Enterprise Manager helps you manage network administration for F5 Networks devices. The management appliance is robust and flexible so that it can work in many types of network topologies, even if you use multi-tiered configurations, address translation, or multiple firewalls.
You can find details about incorporating Enterprise Manager into your
network in Chapter 2, Planning Your Implementation
, and information about how to license and complete basic configuration tasks for Enterprise Manager in Chapter 3, Licensing and Basic Configuration
After you set up Enterprise Manager in your network, you can use it to
discover devices in the network by individual address, or you can scan an entire subnet. Discovering devices is the first step toward central device management.
After you complete a device discovery task, you can manage software,
configurations, alerts, and user account information on all F5 Networks devices in your network through Enterprise Manager.
Chapter 4, Performing Basic Device Management
, describes which devices Enterprise Manager can manage, explains how to discover devices and add them to the device list, and introduces the concept of device grouping.
Once your devices are part of the managed device list, you can create device
groups to further customize device management. You can use device groups to quickly configure management tasks to several devices simultaneously, rather than having to complete tasks on individual devices.
For example, when a number of devices belong to a device group, you can
deploy software or assign alerts to the group, ensuring that all members of the group receive the same upgrade, or are assigned the same alert. Additionally, grouping devices may help organize the management of a wide range of devices.
After you discover devices and add them to your device list, you can search
for specific pool members and nodes in your network, and enable or disable them from a centralized location. To locate the objects, Enterprise Manager searches across multiple device groups, or within the same device group, for objects that meet the criteria that you specify.
Enterprise Manager serves as a central user configuration set (UCS)
repository, enabling you to save multiple UCS archives per device. This feature provides the additional security of stable configurations in the event of a required system restoration. Before you start using Enterprise Manager to manage your software or user accounts, we recommend that you first archive your device configurations and set up rotating archive schedules.
In addition to managing basic UCS archives, you can store and deploy
extended sets of device configuration data through the use of changesets. A changeset
can store all the configuration data on a BIG-IP®
Local Traffic Manager
system that is required to manage traffic, including information about system settings and network objects.
You can also use configuration templates
to easily replicate device configuration management options. This means that you can create specific configuration, change guidelines with variables in a configuration template, and then perform those configuration changes on multiple devices through staged changesets. Staged changesets
place a device configuration change in a staged state where a user can review and approve the changes prior to deployment.
These configuration management features can greatly reduce the time it
takes to install and configure multiple F5 Networks devices in your network. For example, you can configure one BIG-IP system with a prototypical configuration, save the systems configuration data to a configuration template, then deploy the configuration data to additional BIG-IP systems in the network.
Enterprise Manager provides wizards to create templates and changesets and
stage changesets. You can even use a wizard to take a current device configuration setting, edit it to suit your needs, and then immediately deploy it to another device.
Enterprise Manager simplifies security policy management for the BIG-IP®
Application Security Manager systems in your network by synchronizing security policies among
After you set up device configurations in your network, or deploy a device
configuration to other devices, you can start managing the software images. Enterprise Manager provides a software image repository that you can use to store software, hotfix, and Application Security Manager attack signature images. Once you add these images to the repository, you can deploy an upgrade to one device, or configure multiple device upgrades. If you choose to configure device groups, you can create an upgrade task that installs upgrades to all compatible members in a device group.
You can also check which upgrades are compatible on a per device basis
and install only the upgrades that suit your needs. For any software, hotfix, or attack signature definition upgrade, you can choose multiple upgrade options, including the installation location and reboot location on each device.
Enterprise Manager provides tools to let you centrally manage accounts
across multiple devices. Using an Enterprise Manager wizard, you can view user permissions on each device in your network, change the password for any user on any device, and even copy the user access configuration settings from one device to one or more other devices.
In addition to monitoring the health of individual devices in the network,
you can also monitor certain metrics for devices and network objects. Using Enterprise Manager, you can create statistics profiles for a variety of configurations in your network, and view network health indicators through graphs at both the device and object level. Additionally, you can use statistics data in conjunction with Enterprise Managers alerting feature to more closely track when device or object statistics have exceeded defined data thresholds.
The Device list screen provides you with an overview of the status of
managed devices in your network, including the failover state of high availability pairs.
You can also create alerts to notify specific team members about certain
tasks completing, certificates expiring, thresholds met, and so forth. Or you can send an SNMP trap to an existing network management server. These tools assist you in maintaining the health of BIG-IP systems in your network by providing you with an alert log that records all alert events.
Another important task of maintaining a robust network is ensuring that all
the device certificates are current. Enterprise Manager can monitor every certificate on each managed device in your network, providing you the opportunity to monitor certificate expiration dates and renew certificates before they expire.
You can also combine the certificate monitoring features with the alerting
features of Enterprise Manager to create warnings when certificates expire or near their expiration dates.
Enterprise Manager provides a comprehensive set of auditing features so
that you can track the types of enterprise management tasks initiated from a particular Enterprise Manager system. Depending on the options you choose, you can create and view logs of system, local traffic, and audit events on the Enterprise Manager system.
Enterprise Manager uses the TMOS®
platform, like other F5 Networks Application Delivery Networking products, and presents a web-based interface called the Configuration utility. From the Configuration utility, you access different screens using the navigation pane and menu bar. Click the Help tab on the navigation pane to access context-sensitive help, including a definition of the screen elements.
Object list screens display a list of all running or completed tasks, managed
devices, alerts, or software and hotfix images stored in the Enterprise Manager software repository. When you select a management area on the Main tab, the object list screen for that management area opens. For example, when you click Software
, the Software Image List screen displays, as shown in Figure 1.1.
If the object list contains more items than can appear on one page, a paging
control displays below the list table. You can use the arrow buttons to move to the next or previous screen, or you can select a specific screen from the drop-down list.
To help you easily find specific objects among a large list, you can sort table
columns on most screens by clicking the column heading. A sortable table is indicated by arrows next to the column heading. For example, in the Software Image column in Figure 1.1
, the list is sorted in descending order, with the latest version of the software at the top of the list. If you click the Software Image heading, the information in the table re-sorts to show the earliest version of the software images.
In some tables, you can filter objects by column heading. For these columns,
you click the Column Filter button to select a filtering option. For example, in Figure 1.1
, you can filter the Image Status column by clicking the associated Column Filter
button. From the list, you can select an option so that the screen displays only software images in a particular state such as imported, importing, or corrupt. Additionally, a Filter
box displays above the list table, where you can type a term to limit the list to only objects that contain the specified term.
When you click the name or IP address of a device, task, alert, or software
image on most object list screens, the objects general properties screen opens. This screen provides you with more detail about the object, and is usually the starting point for more specific management activity on a particular object.
On screens other than an object list screen, a menu bar displays above the
main configuration area. Each menu bar option opens a configuration screen related to the currently-selected object, from which you can manage object-specific details.
You can find the following documentation in the AskF5SM
Knowledge Base, by accessing https://support.f5.com.
| || |Enterprise Manager Administrator Guide
The Enterprise Manager Administrator Guide
(this document) introduces the concepts of managed devices, software image management, configuration management, and custom alerting.
| || |Platform Guide: Enterprise Manager 500, Platform Guide: Enterprise Manager 3000
, and Platform Guide: Enterprise Manager 4000
The Platform Guide: Enterprise Manager 500
, Platform Guide: Enterprise Manager 3000
, and Platform Guide: Enterprise Manager 4000
each includes information about the Enterprise Manager system hardware platform. They also contain important environmental warnings.
| || |BIG-IP® Systems: Getting Started Guide
The BIG-IP® Systems: Getting Started Guide
contains specific information about installing and licensing BIG-IP®
| || |TMOS® Management Guide for BIG-IP® Systems
The TMOS® Management Guide for BIG-IP® Systems
contains details about configuring VLANs, SNMP traps, redundant systems, managing user accounts, BIG-IP system logging features, and so forth.
| || |Release notes
Release notes for the Enterprise Manager are available in HTML format. The release note contains the latest information for the current version, including new features and enhancements, fixes, and known issues.
Important: Procedures and examples described in the Enterprise Manager Administrator Guide
and in the online help, are written for administrator-level users with full access privileges to Enterprise Manager. The Enterprise Manager system logs on to managed devices using an administrator-level account, so all users with administrator-level access to Enterprise Manager can perform the high-level management tasks described in this document on devices in the network through the Enterprise Manager interface.