Applies To:

Show Versions Show Versions

Manual Chapter: Licensing and Basic Configuration
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

After you review Chapter 2, Planning Your Implementation, and have configured one or more BIG-IP® systems in your network, you license the Enterprise Management system.
To activate the Enterprise Manager license, you must have the base registration key. The base registration key is a character string that lets the license server know which F5 products you are entitled to license. If you have other BIG-IP modules, you may also be required to enter keys. If you do not already have a base registration key, contact the Sales group (http://www.f5.com).
Note: For specific information about installing and configuring network settings on the MGMT interface, see the Connecting a Management Workstation or Network chapter in the BIG-IP® Systems: Getting Started Guide.
1.
Open a web browser on a workstation attached to the network on which you configured the management port.
2.
Type the following URL in the browser, where <IP address> is the address you configured for the management port (MGMT):
3.
At the password prompt, type the user name admin and the password admin, and click OK.
The Licensing screen of the Configuration utility opens (Figure 3.1). The Setup utility appears the first time you run the Configuration utility.
4.
Click the Activate button.
Follow the on-screen prompts to license the system. For additional information, click the Help tab.
After you activate the system license, the setup utility prompts you to provide the basic configuration information from the Platform screen, as shown in Figure 3.2. For specific information about each setting, click the Help tab in the navigation pane.
Tip: If you need to reconfigure any system settings in the future, you can run the setup utility again by clicking the Run the Setup utility link from the Configuration utility Welcome screen.
Important: Enterprise Manager high availability systems do not have all the high availability features of a BIG-IP system. The main function of Enterprise Manager high availability is to provide an updated backup of the configuration of the active Enterprise Manager system. For more information, see Configuring Enterprise Manager as a high availability system.
Once you have licensed the system and configured the basic management system settings, the network configuration options screen opens in the Configuration utility. The two options for creating the enterprise management network configuration are:
Basic Network Configuration
To select this option, click the Next button. The Basic Network Configuration wizard guides you through a basic network configuration that includes an internal and external VLAN and interface.
Advanced Network Configuration
To create a network with a custom VLAN configuration, click the Finished button.
When you click the Next button to configure a basic network configuration, the Basic Network Configuration wizard screen displays as show in Figure 3.3.
You can use the Basic Network Configuration wizard to configure two default VLANs for the system, internal and external. For information about specific settings, click the Help tab.
If you clicked the Finished button to create an advanced network configuration, the Configuration utility displays the Welcome screen. On the Main tab, click Network, and then VLANs to configure your network.
For information about configuring VLANs, see the TMOS® Management Guide for BIG-IP® Systems. For information about specific settings, click the Help tab.
Tip: You can update your network configuration at any time using the screens available, by clicking Network or System on the Main tab.
When you start Enterprise Manager for the first time, the Welcome screen displays by default. You may find another screen more useful to display upon start up, so you can customize Enterprise Manager to open that screen instead.
Table 3.1, describes the screen options that you can configure Enterprise Manager to display upon startup.
The Welcome screen contains links to setup, support, plug-ins, and additional downloads.
The system performance screen displays statistics related to the Enterprise Manager system performance.
To open the device list screen, on the Main tab, expand Enterprise Management and click Devices.
To open the task list screen, on the Main tab, expand Enterprise Management and click Tasks.
To open the device statistics screen, on the Main tab, expand Enterprise Management, click Devices, then on the menu bar, click Statistics.
1.
On the Main tab, expand System and click Preferences.
2.
From the Start Screen list, select a screen.
3.
Click Update to save your changes.
Enterprise Manager can send email alerts, log events in a remote syslog file, or SNMP traps. Enterprise Manager can log each alert event in the alert history. Depending on how many alerts you need to track over time, you can also specify the maximum size for the alert log. We recommend that you configure the alert defaults before enabling alert instances that use any of these options.
Note: For information about configuring alerting process works in Enterprise Manager and how to configure alerts for managed devices in the network, see Chapter 13, Monitoring and Alerts.
1.
On the Main tab, expand Enterprise Management and click Alerts.
The Device Alerts screen opens.
2.
On the menu bar, click Options.
The Alert Options screen opens.
3.
In the Email Recipient box, type the email address of the user or alias that you want to set as the default mail recipient for an alert.
4.
In the Syslog Server Address box, type the IP address of the remote server that you want to set as the default if you opt to log an event in a servers syslog file.
5.
In the Alert History table, in the Maximum History Entries box, type the maximum number of alerts that you want logged in the Alert History.
If the alert history reaches the limit you set, the system deletes the oldest entries to create room for newer entries.
6.
Click Save Changes.
Tip: If you do not want to use the email or syslog defaults for a particular alert, you can specify a unique email address or syslog server address when you create a new alert.
You can configure the system to send email messages to a specified user when that alert is triggered. To enable this feature, you must configure the Enterprise Manager system to deliver locally generated email messages by completing the following procedures.
Ensure that the postfix service is running
Note: To configure internal email, you must have root access to the command console and Administrator privileges for the Configuration utility.
By default, the postfix mail server service is enabled when you install the Enterprise Manager software, but you may need to confirm this by performing the following steps.
1.
On the Main tab, expand System and click Services.
The Services screen opens displaying the available system services and how long each service has been running.
3.
If postfix is down, check the box next to postfix, and click the Start or Restart button below the list.
2.
Click Configuration.
The Device: General screen opens.
3.
From the Device menu, choose DNS.
The Device: DNS screen opens.
4.
In the DNS Lookup Server List section, in the Address box, type the IP address of your DNS server(s).
5.
Click Add.
The address moves to the box below the Add button.
6.
Click the Update button.
1.
Log in as root at the command line.
2.
Verify the DNS resolution for the domain to which you will be sending email, by typing the following command:
For example, to query type MX and siterequest.com, which is where email is delivered, you would type the following command:
You should receive a response similar to that shown in Figure 3.4, indicating that Enterprise Manager is able to resolve the mail exchanger.
By default, the postfix mail server is started when you start Enterprise Manager. If you need to modify postfix files, perform the following steps from the command line of the Enterprise Manager system, then restart the postfix service.
1.
Using a text editor, such as vi or pico, edit the /etc/postfix/main.cf file.
2.
Find the mydomain variable and change it to specify your site's domain. For example, if your domain is siterequest.com, change the variable to:
3.
Set the relayhost variable as in the following example:
4.
If you want email sent only from localhost, set the inet_interfaces variable by typing the following:
6.
Edit the /etc/hosts file to create a record for the fully qualified domain name of your mailserver, by typing the following command:
echo "<your_mailserver_IP_address> <your_mailserver_fqdn>" >> /etc/hosts
11.
In the /etc/postfix/aliases file, locate the following entry:
12.
Change the root alias mapping to the email account to which you want mail to be sent.
When configured, the alerting features of Enterprise Manager can send SNMP traps to a remote SNMP server. Simple Network Management Protocol (SNMP) is an industry-standard protocol that gives a standard SNMP management system the ability to remotely manage a device on the network. The SNMP versions that the Enterprise Manager system supports are: SNMP v1, SNMP v2c, and SNMP v3.
If you elect to send SNMP traps when configuring alerts, you must configure the SNMP agent and SNMP client access to the Enterprise Management system. Because the Enterprise Manager system shares the same operating system as a BIG-IP system, you can configure SNMP on the Enterprise Manager system in the same way that you do on a BIG-IP system. See the Configuring SNMP chapter in the TMOS® Management Guide for BIG-IP® Systems for detailed information on how to configure SNMP traps.
The main function of the Enterprise Manager high availability configuration is to provide a warm backup of an active system. A warm backup is a system that duplicates the configuration information of its peer device, and can perform all of the functions of its peer, but requires manual intervention to maintain the integrity of the backup configuration information.
The primary benefit of an Enterprise Manager high availability system is to have an active/standby configuration where you back up the Enterprise Manager configuration (including device, alert, archive, certificate, and software repository information). This ensures that you can maintain a backup of all the network management information stored in the Enterprise Manager database, as long as you run regular ConfigSync tasks whenever you change the Enterprise Manager configuration.
The high availability features for Enterprise Manager are not the same as the redundant system features associated with a BIG-IP system. It is important to keep the following facts in mind when using a high availability Enterprise Manager system.
Enterprise Manager can use only an active/standby configuration for high availability.
When you define the high availability settings on the Platform Setup screen during the initial system configuration, you must use the active/standby configuration and not the active-active configuration.
The failover function on Enterprise Manager is different than on a BIG-IP system.
Enterprise Manager system cannot synchronize, in real time, user-configured or scheduled tasks, such as a software installation or archiving task. To successfully failover, you must run a ConfigSync operation after each major configuration change.
After a failover, the newly active system maintains the last known configuration before any user-initiated or scheduled task if the systems were properly synchronized. If a failover occurs during a running task, you must reconfigure and re-start the task.
The ConfigSync process requires much more time on an Enterprise Manager system, than on a BIG-IP system.
Enterprise Managers database contains considerably more configuration data than a typical BIG-IP system because it stores data for a large number of devices. Therefore, a ConfigSync procedure takes more time than a similar process on a typical BIG-IP system. Also, when you start a ConfigSync task for Enterprise Manager, the system may report that the task is complete, although it is still running.
To ensure that the configurations are synchronized after you start a ConfigSync task, check the status of devices on the target device where you are copying the configuration. If a Maintenance Task appears in the task list, then the ConfigSync task is not complete.
Additionally, if a task is running during a failover, the task does not continue when a standby peer becomes the active peer. If this occurs, re-configure the task and restart it.
You cannot make configuration changes on an Enterprise Manager system that is in standby mode.
When an Enterprise Manager system is in standby mode, you cannot make configuration changes such as adding devices, importing software, or configuring alerts on the standby device. If you attempt to make changes on a system in standby mode, you may incur an error.
To ensure that you do not initiate tasks on a standby system, check for an Active or Standby status message in the upper left corner of the screen.
Tip: To maintain the best possible backup capabilities of an Enterprise Manager pair, you must start a ConfigSync task after any major configuration change.
An Enterprise Manager system manages information about other systems, so it requires some changes to the network topology to work successfully with certain tasks such as software upgrades. For two peer systems to properly communicate information about managed devices, perform the following procedures before you start configuring initial settings for the high availability system.
1.
Configure at least one static self IP address (instead of using the MGMT interface to connect the devices), because a TMM port can support both static and floating self IP addresses. Use of a floating self IP address is necessary to ensure that the managed devices can communicate with the active device of an Enterprise Manager redundant system configuration.
3.
Configure a default gateway or route on the same network as each of the two self IP addresses that you configured.
To configure two Enterprise Manager systems in a high availability configuration, you must run an initial configuration synchronization for the systems to work properly. Additionally, you must specify the same password for the admin user on each device in the redundant system configuration.
This procedure describes the basic steps necessary to set up an Enterprise Manager high availability system. To configure these settings, you must have already completed the basic configuration on two Enterprise Manager systems, and set each device as a Redundant Pair on the Platform Setup screen in the Setup utility.
1.
On the Main tab, expand System, click High Availability, and select Network Failover.
The System High Availability screen opens.
2.
Check the Network Failover box.
3.
In the Peer Management Address box, type the floating management IP address of the peer.
Configuration Identifier
Type the name of the peer member of the redundant system. The name must be different than the multicast name.
Local Address
Type a static self IP address associated with the VLAN dedicated to handling failover communication for this member of the high availability system.
Remote Address
Type a static self IP address associated with the VLAN dedicated to handling failover communication for the peer member of the redundant system.
Port
Type the port number of the service that processes the Unicast failover communication traffic between the members of the redundant system. The default is 1026.
5.
Click the Add button.
The settings display in the Unicast box.
6.
Click Update to save your changes.
7.
On the menu bar, click Network Mirroring.
The Network Mirroring general properties screen opens.
8.
In the Mirroring Address section, in the Self box, type the IP address to use for mirroring connections. This is the static self IP address of the VLAN specifically dedicated to mirroring connections.
9.
In the Mirroring address section, in the Peer box, type the IP address to use for mirroring connections on the same network. This is the static self IP address of the VLAN specifically dedicated to mirroring connections on the peer.
10.
Click Update to save your changes.
To keep your Enterprise Manager high availability system synchronized, you can set up an automatic synchronization schedule at a regular interval.
1.
On the Main tab, expand System and click High Availability.
The System Redundancy Properties screen opens.
2.
On the menu bar, click ConfigSync.
The System ConfigSync screen opens.
3.
In the Scheduled Configuration Sync table, for Schedule, select how often you want the system to automatically synchronize its configuration with its peer.
4.
Depending on the frequency you selected, you can specify a day of the week, month, and time of day that you want Enterprise Manager to start the ConfigSync.
5.
Click Update to save your changes.
You can manage the ConfigSync task on the Enterprise Manager device in the same way that you manage high availability managed devices. See Using high availability systems, for more information.
Additionally, you can monitor the synchronization status of the Enterprise Manager pair from the devices general properties screen, or by looking at the status displayed in the upper left corner of the screen above the navigation pane.
When you initially set up Enterprise Manager, you configure a default administrator-level user account that permits you to configure and start working with the system through the web interface.
To use Enterprise Manager to discover and manage devices in your network, you must also configure an administrator user account (Administrator or Operator) that matches the administrator-level user name on the devices that you want to manage.
The User list displays all users who have administrator access to managed devices in your network. Each managed device authenticates the stored user names in order to authorize Enterprise Manager to perform device management tasks.
Warning: When you add users, you must use the same administrator-level user name that you currently use for managing BIG-IP systems in your network. This ensures that you can successfully manage devices as soon as Enterprise Manager discovers them and adds them to the device list. When defining new management users for Enterprise Manager, select from the Role list, Administrator, Operator, or Application Editor. If you select another user role, managed devices cannot authorize the user to perform management tasks, and the user cannot initiate tasks using the Enterprise Manager system.
1.
On the Main tab, expand System and click Users.
The Users list screen opens.
2.
Click the Create button.
The New User screen opens.
3.
In the User Name box, type the administrative-level user name that you are currently using to manage BIG-IP systems in your network.
4.
For Password, in the New and Confirm boxes, type the password for the user you just entered and confirm the password.
5.
From the Role list, select Administrator, Operator, or Application Editor.
6.
From the Partition Access list, select an option to determine which administrative partitions the new user can access.
The default is All partitions.
7.
To allow the user to access the Enterprise Manager from the command line, from the Terminal Access list, select Enabled.
8.
To add a new user, click Repeat, and repeat steps 3 through 7.
The system adds the user settings you just configured, then clears the User Name and Password boxes.
9.
Click the finished Finished to return to the user list, or click Repeat to add another use.
1.
On the Main tab, expand System and click Users.
The Users list screen opens.
2.
a)
To change the user password:
For Password, in the New and Confirm boxes, type the new password for the user.
b)
To change the user role:
From the Role list, select Administrator or Operator.
c)
To change the users partition access setting:
From the Partition Access list, select an option to determine which administrative partitions the new user can access.
The Partition box indicates the current setting for this users partition access.
d)
To allow the user access to the command console:
From the Terminal Access list, select Enabled to permit the user to access the Enterprise Manager device from the command line.
4.
Click Update to save the changes to the user account properties.
By default, Enterprise Manager uses a local database to authenticate users. Enterprise Manager maintains a local authentication list of users, but you can choose to use a remote LDAP, Active Directory, RADIUS, or TACACS+ authentication source.
1.
On the Main tab, expand System and click Users.
The Users list screen opens.
2.
On the menu bar, click Authentication.
The Authentication Source screen opens.
3.
Below the Authentication table, click the Change button.
The User Directory box changes to a list.
4.
From the User Directory list, select the type of remote source to use to authenticate users:
5.
In the Authentication table, specify the configuration settings for the remote authentication server.
See the online help for detailed information about the Authentication table.
6.
Click the Finished button to save your changes.
Enterprise Manager classifies user role permissions as two types, restricted and non-restricted. These user roles are defined as follows.
Administrator (non-restricted)
Administrator-level user can perform all management functions available in Enterprise Manager, including managing other user accounts and roles.
Operator and Application Editor (restricted)
The Operator and Application Editor roles can, by default, perform fewer management tasks on the system than the Administrator. You can customize each role by specifying the tasks the role is allowed to perform.
You cannot assign user-management or administrator-level permissions to restricted user roles. You can, however, define other types of device management actions to restricted users. The individuals to whom you assign restricted user roles inherit the permissions that you specified.
By specifying user role permissions, you define which users can perform certain device management tasks. Because each user is assigned a different role, you can manage user permissions by changing the permissions for the role.
For example, if you want UserOne and UserTwo to manage device configurations differently, you complete the following tasks:
Assign UserOne to the Application Editor role.
Assign UserTwo to the Operator role.
You can specify up to eight different types of permissions for each restricted user role. Table 3.2, outlines all of the user role permissions that you can assign to the restricted user roles, Operator and Application Editor.
Archive Device Configurations
Browse Device Configurations
Users can view device configuration settings using the Enterprise Manager configuration browser.
Compare Device Configuration Archives
Deploy Staged Changesets
Users can deploy a staged changeset, whether it was created by that user or another user.
Synchronize Device Configuration with Peer
Users can start a fail over process from one managed device to the devices failover peer. Additionally, users can initiate a fail back process for an active-active configuration.
1.
On the Main tab, click Permissions.
The Permissions screen opens.
3.
Click Apply to save the changes to the user role permissions.
Important: By default, only certain staged changeset permissions are enabled for Operators. To fully implement user role access control, you must enable roles on the Permissions screen prior to assigning users device configuration management tasks.
When you initially configure the Enterprise Manager system, certain preferences are set to defaults. You can change these defaults and customize how the system handles certain scenarios, such as:
When Enterprise Manager creates a configuration archive, by default the system stores private keys in the archive. You can change this default behavior so that private keys are not stored in an archive, but if you restore this archive, you may have to manually restore the keys if they have changed.
1.
On the Main tab, expand Enterprise Management and click Tasks.
The Task list screen opens.
2.
On the menu bar, click Options.
The Task Options screen opens.
3.
In the Archive Defaults table, from the Private Keys in Archives list select one of the following options:
Include: When the system creates a configuration archive, it stores private key data in the archive stored on the Enterprise Manager system.
Exclude: When the system creates a configuration archive, it does not store any private key data associated with the archive on the Enterprise Manager system.
4.
Click Save Changes.
Although Enterprise Manager communicates with managed devices and F5 servers though a secure HTTPS connection, you may want to use your own proxy server for certain communications.
Enterprise Manager can use an SSL HTTP proxy for downloading licensing information or Application Security Manager attack signature files from F5 servers. Additionally, you can use an FTP or SFTP (secure file transfer protocol) proxy to send support data in a Support Data Collection task.
For more information about licensing management tasks, see Managing licenses. To learn about Application Security Manager attack signature management, see Managing attack signatures for Application Security Manager. For more information about gathering support data, see Collecting information for F5 support.
Note: When you specify a proxy server, it applies only to tasks configured through Enterprise Manager task wizards, such as the Licensing wizard. For example, if you update the licensing information on a device using the License option from the System menu on the navigation pane, Enterprise Manager does not send licensing information through the proxy.
1.
On the Main tab, expand Enterprise Management and click Tasks.
The Task list screen opens.
2.
On the menu bar, click Options.
The Task Options screen opens.
3.
In the Internet Proxy table, check the Use Proxy select box.
Additional screen elements appear so you can specify IP addresses for proxy servers.
4.
For SSL Proxy Address, type the IP address and port of the proxy server that you want to use for SSL communications.
5.
If you want to specify a separate FTP proxy server for support information, clear the Always use this proxy address for the FTP protocol check box.
The FTP Proxy Address box becomes available.
6.
For FTP Proxy Address, type the IP address and port number of the FTP proxy server.
7.
Click Save Changes.
When you perform an archive comparison task, Enterprise Manager compares certain configuration files by default. You can manage which configuration files to compare on the Task Options screen. For more information about an archive comparison task, see Comparing multiple versions of archives.
1.
On the Main tab, expand Enterprise Management and click Tasks.
The Task list screen opens.
2.
On the menu bar, click Options.
The Task Options screen opens. The Archive Comparison table lists the configuration files compared in an archive comparison task.
3.
Depending on whether you want to add to, remove from, or reset the Files to Compare list, perform the appropriate task:
To add a configuration file to compare, in the File Name box, type the path and file name of the configuration file, and click Add.
The file name appears in the list below the Add button.
4.
Click Save Changes to save your changes to the configuration files to compare in a archive comparison task.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)