Applies To:

Show Versions Show Versions

Manual Chapter: Planning Your Implementation
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

You incorporate Enterprise Manager into your network as you would any F5 Networks® device. Depending on your network topology, you may have to configure a SNAT, NAT, or multiple virtual servers external to the Enterprise Manager device to ensure proper communication between Enterprise Manager and the managed devices.
For detailed information about licensing, platform configuration, and basic default settings for Enterprise Manager, see Chapter 3, Licensing and Basic Configuration. For specific information about installing and licensing BIG-IP® systems, see the BIG-IP® Systems: Getting Started Guide.
Note: When planning your network with Enterprise Manager, note that the Enterprise Manager 3000 platform is not switch-based like the 500 or 4000 platforms, it does not support Link Aggregation Control Protocol (LACP).
Enterprise Manager is designed to work within virtually any network configuration, and can adapt to the management configuration you already use for F5 Networks devices in your network. You connect Enterprise Manager to devices in your network through the physical ports, called interfaces, available on both the Enterprise Manager device and other F5 Networks devices. Throughout this guide, the term interface refers to the physical ports on the Enterprise Manager or BIG-IP system.
Management interface
You can use a management network through the management interface (MGMT port) on both the Enterprise Manager device and each managed device.
TMM switch interface
You can use a self IP address through a TMM switch interface on both the Enterprise Manager device and each managed device.
For Enterprise Manager to properly communicate with devices and collect statistics, you must enable two-way communication between Enterprise Manager and the device by opening the ports defined in Table 2.1, following.
Table 2.1 Required ports
We recommend that, whenever possible, you create a management network that you administer through the management interface on each managed device and the Enterprise Manager system.
The management interface (MGMT) is a port on the BIG-IP system used specifically for managing administrative traffic, and it does not forward user application traffic, such as traffic slated for load balancing. Therefore, traffic management communication and enterprise management communication are kept separate, and you do not have to dedicate a TMM switch interface to device management traffic.
The management network option requires less additional configuration to discover and manage devices. Additionally, when you add new devices, you do not need to perform extensive configuration to manage the device with Enterprise Manager, as long as all devices in the network exist on the same subnet.
Although we recommend the management interface option for most management networks, there are two exceptions:
500 platform users
The hardware limitations of the Enterprise Manager 500 platform may adversely affect performance during device discovery or other management tasks. If you are using the 500 platform, use the TMM switch ports to connect to managed devices.
Redundant system configurations
A floating self IP address is required for managed devices to communicate with the active device of an Enterprise Manager redundant system configuration. Therefore, for Enterprise Manager redundant system configuration we recommend that you use the TMM interface on each Enterprise Manager peer device, because it can support both static and floating self IP addresses. See Configuring Enterprise Manager as a high availability system, for more information.
For specific information about how to configure and use the management interface, see the BIG-IP® Systems: Getting Started Guide.
Another way Enterprise Manager can communicate with managed devices is through one of the managed devices TMM switch interfaces. BIG-IP systems use TMM switch interfaces to send or receive application traffic that is slated for load balancing.
To connect to a managed device through a TMM switch interface, you must associate the interface on the device with a VLAN and a self IP address. Enterprise Manager can then recognize and connect to the device in the network through its own MGMT interface, or through a self IP address and VLAN that you configure on Enterprise Manager.
If you use a TMM switch interface on managed devices, Enterprise Manager sends software upgrades to the managed device through this interface; therefore, we recommend that you do not use the TMM switch interface for managing traffic. When you are deciding on which interface to use for the connection to Enterprise Manager, we recommend that you use the same interface that you currently use for device administration.
The method of network administration that you choose (through the MGMT interface or through a TMM switch interface) generally determines how you configure Enterprise Manager as your enterprise management system.
Enterprise Manager works well in any of the following common network topology scenarios, or any combination thereof.
Since you must ensure that device management traffic does not interfere with traffic management activity, you can use this opportunity to build distinct management networks that keep device administration separate from traffic management.
The following sections outline these common network topology scenarios. In many cases, you may have already completed some of the required tasks while configuring your network for traffic management.
In this configuration, a NAT translates the IP addresses of managed devices through the firewall into addresses that Enterprise Manager can use to communicate to a managed device.
If you use a firewall with a NAT to translate IP addresses, you must verify that the NAT is properly configured for Enterprise Manager to use for device management. If your NAT works well for your traffic management, you may not have to perform any additional configuration other than ensuring that Enterprise Manager recognizes devices in the network at the IP addresses you expect, and that each device can properly communicate with Enterprise Manager.
After you discover devices in a NAT configuration, you must configure the device general properties so that each managed device can initiate communications with Enterprise Manager.
Tip: If you use a NAT in your network, you may want to take notes of translated addresses for reference when discovering and managing devices with Enterprise Manager.
To open a two-way connection between each managed device and Enterprise Manager, you must perform the following tasks:
Configure a TMM switch interface or the MGMT interface on each managed device to accept and send communications on port 443 and port 4353.
Only if you use TMM switch interfaces, configure a self IP address on each managed device for device management activities such as receiving software or hotfix upgrades.
Note: You do not need to configure a self IP address on the managed device if you connect to it through the MGMT interface.
Configure the NAT so that the management IP address that Enterprise Manager uses to connect to each device maps to the MGMT interface on each managed device, or to the management self IP address you defined for a TMM switch interface.
Configure the general properties of newly discovered devices so that each managed device can initiate communications to the Enterprise Manager device. See Verifying and testing device communication, for instructions on how to set device communication properties.
Test the two way connection by opening a Telnet session on the managed device to test communication over port 443 to the Enterprise Manager system. See Verifying and testing device communication, for more information on working with the connection between Enterprise Manager and managed devices.
Another common network deployment involves placing multiple F5 Networks devices behind a BIG-IP system in order to load balance requests to multiple devices. For example, if you use ten BIG-IP systems to load balance requests to multiple servers, you may add another tier to the load balancing by using another BIG-IP system to load balance requests to the ten BIG-IP systems.
In this configuration, virtual servers provide a route through the multiple tiers for network requests. For Enterprise Manager to work properly in this configuration, you must set up multiple virtual servers on the top traffic management tier to properly send device management traffic through each tier. Additionally, you must configure one virtual server on each managed device exclusively for enterprise management traffic.
Like a NAT configuration in the previous example, you should use the BIG-IP system that balances requests to the other systems to translate enterprise management traffic through virtual server addresses. Alternately, you can configure a SNAT on the top tier BIG-IP system to send communications back to Enterprise Manager. See Using a tiered configuration with a SNAT, for more information on using a SNAT in a tiered configuration.
On the top tier device in your tiered configuration, you must configure two virtual servers, each using port 443. Enterprise Manager uses the first virtual server to communicate to the managed devices on the lower tier, and the managed devices use the second virtual server to initiate communication with Enterprise Manager.
When you discover devices, you should discover the virtual server addresses that you configured for device management. After you discover devices, you must configure the device general properties on the Enterprise Manager system so that managed devices can properly communicate with the Enterprise Manager system.
To open a two-way connection between each managed device and Enterprise Manager in a tiered network configuration, ensure that you perform the following tasks:
Configure a virtual server on the top tier BIG-IP system to accept communications such as software or hotfix upgrades from Enterprise Manager on port 443.
Configure a virtual server on the top tier BIG-IP system to send communications to Enterprise Manager on port 443.
If you use the TMM switch interfaces, configure a VLAN and self IP address on each lower tier managed device to receive communications (translated through the top tier system) from the Enterprise Manager device on port 443.
If you use the TMM switch interfaces, configure an additional VLAN and self IP address on each lower tier managed device to send communications (translated through the top tier system) to Enterprise Manager on port 443.
Discover the devices using the first set of virtual server IP addresses that you configured for managed devices to receive communications from Enterprise Manager. See Discovering devices, for detailed information on discovering devices.
Configure the general properties of newly discovered devices so that each managed device can initiate communications to the Enterprise Manager device. See Verifying and testing device communication, for instructions on how to set device communication properties.
Another network configuration involves using the tiered approach (described in the previous section) in addition to using a SNAT for secure address translation on the top tier BIG-IP system.
In this configuration, virtual servers provide a route through the top tier for Enterprise Manager to contact managed devices, while a SNAT allows the managed device to contact the Enterprise Manager system. For Enterprise Manager to work properly in this configuration, you must set up multiple virtual servers and configure a SNAT to properly translate the IP addresses of these virtual servers for outbound communications to the Enterprise Manager system.
To open a two-way connection between each managed device and Enterprise Manager in a tiered network configuration with a SNAT, ensure that you perform the following tasks:
Configure a virtual server on the top tier BIG-IP system to accept communications such as software or hotfix upgrades, from Enterprise Manager on port 443.
Configure a SNAT on the top tier BIG-IP system to translate the IP address from the virtual servers on the managed device to the Enterprise Manager system.
If you use the TMM switch interfaces, configure a VLAN and self IP address on each lower-tier managed device to receive communications (translated through the top tier system) from the Enterprise Manager device on port 443.
Discover the devices using the first set of virtual server IP addresses that you configured for managed devices to receive communications from Enterprise Manager. See Discovering devices, for detailed information on discovering devices.
Configure the general properties of newly discovered devices so that each managed device can initiate communications to the Enterprise Manager device. See Verifying and testing device communication, for instructions on how to set device communication properties.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)