Applies To:

Show Versions Show Versions

Release Note: Enterprise Manager version 2.0.0
Release Note

Updated Date: 08/30/2013


This release note documents the version 2.0 feature release of the Enterprise Manager®. To review the features introduced in this release, see New features and fixes in this release. For existing customers, you can apply the software upgrade to version 1.7 and later. For information about installing the software, please refer to Installing the software.


- User documentation for this release
- Supported browsers
- Supported platforms
- Installing the software
     - Setting up a new system
     - Upgrading an existing system
- New features and fixes in this release
     - New features in this release
     - Fixes in this release
- Features and fixes introduced in prior releases
- Required configuration changes
- Known issues
- Workarounds for known issues
- Contacting F5 Networks

User documentation for this release

In addition to these release notes, the following user documentation is relevant to this release.

You can find the user guides and the solutions database in the AskF5SM Knowledge Base,

Supported browsers

The supported browsers for the Enterprise Manager web interface are:

  • Microsoft® Internet Explorer®, version 6.0x, and version 7.0x
  • Mozilla® Firefox® version 3.0x

Note that we recommend that you leave the browser cache options at the default settings, and disable popup blockers and other browser add-ons or plug-ins.

[ Top ]

Supported platforms

The version 2.0 release applies only to the supported platforms listed below; each one provides all minimum system requirements. This release supports the following platforms:

  • Enterprise Manager 500 - with 1 GB RAM
  • Enterprise Manager 3000
  • Enterprise Manager 4000
[ Top ]

Installing the software

If you are using a new Enterprise Manager system, the current software is loaded and configured. See Setting up a new system to get started using Enterprise Manager. If you are upgrading an existing Enterprise Manager system, see Upgrading an existing system for instructions on how to download and install Enterprise Manager version 2.0.

Important: We recommend that you download and verify the MD5 checksum on any ISO image or IM upgrade file you download to ensure the integrity of the installation file.

Setting up a new system

The Enterprise Manager version 2.0 was shipped to you installed on the Enterprise Manager platform you selected. You only need to set up the system in your network, license the system, and connect it to one or more devices that you want to manage.

For an explanation of networking options and setup instructions, see chapter 2, Installation and Setup, and chapter 3, Licensing and Configuring the System in the Enterprise Manager™ Administrator Guide available at

Important: After you complete the licensing process, you must reboot the Enterprise Manager system in order for the user interface to function properly.

Upgrading an existing system

If you have an existing Enterprise Manager system, you can use the F5 Electronic Software Distribution site to download a new software image. Then, you can use the Enterprise Manager software upgrade wizard to upgrade your Enterprise Manager system. You can upgrade to Enterprise Manager to version 2.0 from version 1.7 or version 1.8. If you upgrade from version 1.7, you must use the command line installation. To avoid a potential error with the upgrade wizard, we recommend using the command line option for upgrading from version 1.8.

Important: If during the upgrade you choose to convert to the LVM disk management scheme, the system erases the software repository, archives, and other data stored in the Enterprise Manager database. You must re-import software and hotfix images on the upgraded system. However, you can back up and restore device data, archives, and statistics data. To retain these items, use the following procedure to back up important Enterprise Manager data.

To back up Enterprise Manager data prior to upgrade

To perform these actions, you must log on to the Enterprise Manager command line as the root user.

  1. To back up the Enterprise Manager database and stored device archives, type the following command where <archive_name> is the patch and file name for the archive file:
    em-backup <archive_name>.ucs
  2. When the process finishes, move the file to a remote location using scp, ftp, or some other method of file transfer.
  3. To back up the Enterprise Manager statistics database, type the following command where <user> is the user name on the remote system, <address> is the IP address of the remote system, and <remote_path> is the path on the remote system:
    em-backup-extern -u <user> -r <address> -l <remote_path>
    This stores the statistics database in the f5em_extern-<YYYYMMDDHHMMSS> directory (where <YYYYMMDDHHMMSS> represents the time stamp of the database backup) on the remote system at the path you specified.

To restore Enterprise Manager data after upgrade

To perform these actions, you must log on to the Enterprise Manager command line as the root user.

  1. Copy the <archive_name>.ucs file to the upgraded Enterprise Manager system.
  2. At the command prompt, type the following command, where <archive_name> is the path and file name for the archive file:
    em-restore <archive_name>.ucs
  3. When the process finishes, delete the <archive_name>.ucs file and reboot the device.
  4. To restore the Enterprise Manager statistics database, type the following command where <user> is the user name on the remote system, <address> is the IP address of the remote system, <remote_path> is the path on the remote system, and <YYYYMMDDHHMMSS> is the timestamp of the file you previously created:
    em-restore-extern <user>@<address>://<remote_path>/f5em_extern-<YYYYMMDDHHMMSS>
  5. Reboot the system.

To download the upgrade

To download the software upgrade, you must create an account at This site uses an F5 single sign-on account for technical support and downloads. After you create an account, you can log on and download the Enterprise Manager 2.0 software.

  1. Using a web browser connected to the internet, visit
    The F5 Sign-on screen opens.
  2. In the User Email box, type the email address associated with your F5 technical support account.
  3. In the Password box, type the password.
  4. Click the Login button.
    The Overview screen opens and provides notes about using the Downloads site.
  5. Click the Find a Download button.
    The Product Lines screen opens listing all F5 product families.
  6. Locate the Enterprise Manager product family and click the adjacent Enterprise Manager v2.x link.
    The Product Version screen opens, listing the available download containers for the current product version.
  7. Click the release link for version 2.0.
    The End User License Agreement screen opens.
  8. Read the license agreement, and click I Accept to agree to the terms of the agreement.
    The Select a Download screen opens.
  9. Click the EM- link to begin downloading the md5 checksum to your local system.
    The Select Download Method screen opens.
  10. Click an option depending on the method you want to use to download the file.
  11. Click the back button on the browser to return to the Select a Download screen.
  12. Click the EM- link to begin downloading the software image to your local system.
    The Select Download Method screen opens.
  13. Click an option depending on the method you want to use to download the file.

To import and install the upgrade using the software upgrade wizard

Important: If you upgrade to version 2.0 and you choose to convert Enterprise Manager to Logical Volume Management, you cannot downgrade to a previous version. To maintain the ability to downgrade, you must maintain the partitioned disk scheme when you upgrade Enterprise Manager to version 2.0.

  1. Using a web browser connected to the same network as the Enterprise Manager system, visit https://<em_address>, where <em_address> is the IP address that you use to log onto the Enterprise Manager web interface.
  2. Sign on to Enterprise Manager as an administrator-level user.
  3. On the navigation pane, expand Enterprise Manager and click Software Images.
    The Software Images screen opens.
  4. Click the Import button.
    The New Image screen opens.
  5. For the File Name setting, click Browse.
    A dialog box opens.
  6. Using the dialog box, browse to the location where you downloaded the EM- file in step 12 of the previous section.
  7. Using the dialog box, click the EM- file name to select it, then click Open.
    The dialog box closes, and a path name appears in the File Name box.
  8. Click Import.
    The Import Progress box indicates the progress toward completing the software import.
  9. When the software import task finishes, click Finished.
    The Software Images screen opens.
  10. In the software image list, click EM v2.0
    The general properties screen opens, displaying details about the software image.
  11. Click Install to start the Software Upgrade wizard.

For further instructions on using the Software Upgrade wizard, see the Managing Software Images chapter in the Enterprise Manager Administrator Guide available at

To install the upgrade using the command line

When you upgrade from version 1.8 to version 2.0, you may want to use the command line installation to avoid any potential errors when upgrading to a Logical Volume Management disk scheme. Also, if you are upgrading from version 1.7 to version 2.0, you must use the command line installation method, as the Software Upgrade Wizard does not support that specific upgrade path.

This section lists only the very basic steps for installing the software. The BIG-IP® Systems: Getting Started Guide contains details and step-by-step instructions for completing an installation. F5 recommends that you consult the getting started guide for all installation operations.

Before you begin, ensure that all applicable tasks are complete:

  • Reformat for the new Logical Volume Management partition size.
  • Reactivate the license and update the service contract.
  • Download the .iso file from F5 Downloads to /shared/images on the source for the operation.
    (If you need to create this directory, use this exact name /shared/images.)
  • Check that the drives have at least minimal formatting.
  • Configure a management port.
  • Log on using the management port of the system you want to upgrade.
  • Log on to an installation location other than the target for the installation.
  • Log on using an account with administrative rights.
  • Save the user configuration set (UCS) in the /var/local/ucs directory on the source installation location.
  • Log on to the standby unit, and upgrade the active unit after the standby upgrade is satisfactory.
  • Turn off mirroring.
  • Back up the statistics database. You can use the em-backup-extern and em-restore-extern commands from the command line to back up and restore the statistics database. See To back up Enterprise Manager data, preceding, for more information.

Installation consists of the following steps.

  1. Copy the upgrade utility using the im command (for first-time administrative partitions scheme to Logical Volume Management scheme installation).
  2. To copy the image2disk utility from the .iso file, run the command im <filename>.iso (for version 1.7 or version 1.8 systems).
  3. Install the software and roll forward the configuration on the active installation location, using one of the following methods:
  • To format for volumes (to use Logical Volume Management exclusively), run the command:
    image2disk --instslot=HD<n.n> --format=volumes <downloaded_filename.iso>
  • To use the current partitioned disk scheme, run the command:
    image2disk --instslot=HD<n.n> <downloaded_filename.iso>
  • To install from the command line without formatting (not for first-time installation), run the command:
    bigpipe software desired HD<n.n>version 2.x.x build <nnnn.n> product EM

After the installation finishes, you must complete the following steps before the system can manage devices.

  1. Ensure the system rebooted to the new installation location.
  2. Log on to the browser-based Configuration utility.
  3. Run the Setup utility.

Each of these steps is covered in detail in the BIG-IP® Systems: Getting Started Guide, and we strongly recommend that you reference the guide to ensure successful completion of the installation process. Although Enterprise Manager uses the same TMOS® environment as other BIG-IP systems, not all of the traffic-specific instructions apply to Enterprise Manager.

The upgrade process installs the software on the inactive installation location that you specify. This process usually takes between three minutes and seven minutes. During the upgrade process, you see messages posted on the screen. For example, you might see a prompt asking whether to upgrade the End User Diagnostics (EUD), depending on the version you have installed. To upgrade the EUD, type yes, otherwise, type no.

To watch an in-progress installation operation, run the command watch b software status, which runs the b software status command every two seconds. Pressing Ctrl+C stops the watch feature.

If installation fails, you can view the log file. For image2disk installations, the system logs messages to the file you specify using the --t option. For other installations, the system stores the installation log file as /var/log/liveinstall.log.

[ Top ]

New features and fixes in this release

This release includes the following new features and fixes.

New features in this release

Enabling and disabling pool members and nodes
You can use Enterprise Manager to enable or disable pool members and nodes on managed devices in the network.

Enterprise Manager 4000 platform support
Enterprise Manager now supports the new Enterprise Manager 4000 platform.

TMOS environment
Enterprise Manager features the new TMOS® architecture, with the look and feel of the latest version of TMOS introduced with BIG-IP version 10.0.0.

Application Editor role introduced for Enterprise Manager (CR127057)
Enterprise Manager now uses the Application Editor user role found in other BIG-IP systems instead of the Advanced Operator role.

Fixes in this release

Tomcat vulnerabilities fixed (CR85197, CR104935, CR126259)
We included a new tomcat package to address the vulnerabilities described in CVE-2007-3382, CVE-3385, CVE-5333, CVE-2008-2370, CVE-2008-5515, and CVE-2009-0783.

Cross-site scripting vulnerabilities fixed (CR89622, CR96144, CR96889)
We changed certain screens to prevent local cross-site scripting vulnerabilities.

libbind vulnerability fixed (CR92592)
We included an updated libbind package to address the vulnerabilities described in CVE-2008-0122 and CVE-2007-6251.

Local vulnerability in HTTP GET parameters (CR94040)
Previously, if a user had accessed the Configuration utility of an Enterprise Manager system, and then browsed to an untrusted site and clicked on a malicious link, the system may have been vulnerable to cross-site scripting attacks. We corrected this issue in the new version of Enterprise Manager.

Forms-based authentication (CR99322)
With the introduction of forms-based authentication, users will now be able to log out of an Enterprise Manager session without needing to close the browser window.

Command line utilities added (CR107898, CR107904)
With the new version of Enterprise Manager, the system now supports the following command line tools commonly available in BIG-IP systems: b daemon <daemon> audit, b cli audit, and b remote users.

TACACS+ now supported (CR107905)
This version of Enterprise Manager now supports TACACS+ user authentication.

Tcpdump vulnerabilities fixed (CR108858)
We updated the tcpdump package included with Enterprise Manager to address the local vulnerabilities described in CVE-2004-0055.

Bind DSA key vulnerability (CR115215)
The included version of bind included with Enterprise Manager fixes the DSA key vulnerabilities described in CVE-2009-0025.

NTP vulnerabilities fixed (CR115608)
This version of Enterprise Manager includes an updated ntp package to address the vulnerabilities described in CVE-2009-0021.

Secure FTP option available (CR120785)
In the Support Data Collection wizard, you can now select an SFTP option for a secure connection when sending information to the F5 support site.

http-security webapp appears in list (CR121030)
Previously, in the Deploy Security Policy wizard, you could select the http-security web application although it should not have appeared in this list. The system now correctly excludes it from the list.

Failover states for 10.x devices not supported (CR121730)
Enterprise Manager did not previously display offline and forced offline states for managed devices running BIG-IP version 10.0.x. The system can now display all possible states of a managed device.

Apache vulnerabilities fixed (CR123537)
We included an updated httpd package to address the vulnerabilities described in CVE-2008-1678, and CVE-2009-1195.

OpenSSL vulnerabilities fixed (CR123875)
Enterprise Manager contains an updated OpenSSL package to address the vulnerabilities described in CVE-2009-1387.

Warning messages for qkview (CR125417, CR125418, CR130403)
Previously, if you ran the qkview command from the command line, you may have received a warning message indicating that qkview was out of date. As we have updated the qkview package to include Enterprise Manager-specific data, these warnings no longer appear.

Kernel vulnerabilities fixed (CR121197, CR126252)
The updated kernel included in Enterprise Manager fixes vulnerabilities described in CVE-2008-4307, CVE-2009-0787, CVE-2009-1336, CVE-2009-1337, CVE-2007-5966, CVE-2009-1385, CVE-2009-1389, CVE-2009-1895, CVE-2009-2407, and CVE-2009-1388.

Apr-util local vulnerabilities fixed (CR125223)
We included an updated apr-util packages to address local vulnerabilities described in CVE-2009-0023, CVE-2009-1955, and CVE-2009-1956.

Bind DoS vulnerability fixed (CR125853)
The updated bind package included with Enterprise Manager fixes the vulnerability described in CVE-2009-0696.

MySQL vulnerability fixed (CR125982)
The updated MySQL package included with Enterprise Manager fixes the vulnerability described in CVE-2009-2446.

NSS/NSPR vulnerabilities fixed (CR126055)
Enterprise Manager includes updated NSS/NSPR libraries to address the vulnerabilities described in CVE-2009-2404, CVE-2009-2408, and CVE-2009-2409.

Java local vulnerabilities fixed (CR126476)
The updated Java Runtime Environment included with Enterprise Manager addresses the local vulnerabilities described in CVE-2009-0217, CVE-2009-2745, CVE-2009-2746, CVE-2009-2625, CVE-2009-2670 though 2675, and CVE-2009-2690.

Libmxl2 vulnerabilities fixed (CR126813)
We included an updated libxml2 library to address vulnerabilities described in CVE-2009-2414, CVE-2009-2416.

Curl vulnerabilities fixed (CR126907)
The updated curl package included with Enterprise Manager addresses the vulnerabilities described in CVE-2009-2417.

Cyrus-sasl vulnerabilities fixed (CR127190)
We included updated cyrus-sasl libraries to address the vulnerabilities described in CVE-2009-0688.

Version information updated correctly (CR127363)
Previously, when you used the software upgrade wizard to update a system using Software Volume Management, the version did not properly update on the device list. Now, the correct version appears on the device list after an upgrade.

Launch link authentication for Operator and Application Editor users (CR127470)
Previously, the system did not always properly authenticate Enterprise Manager users with Operator or Advanced Operator (now Application Editor) roles when you clicked a Launch link from a device properties screen. We corrected this issue so users with these user roles are authenticated.

Auto refresh updated (CR128695)
We enhanced the auto refresh control on the task properties screen.

Power failure corrupts statistics database (CR129712)
If the system encounters a power failure, the statistics monitoring database can become corrupted. You can follow the instructions in SOL10736 in the Solutions database in the AskF5 Knowledge Base to use the proper parameters with this script to repair the database.

Failover and peer management address issues (CR129733)
When you configure Enterprise Manager version 2.0 as a high availability system, initially, both peers are set to an offline state. Additionally, when you upgrade a managed pair of Enterprise Manager systems, upon upgrade, both systems are set to offline. For failover to work properly, you must specify a peer management address.

OpenSSH vulnerabilities fixed (CR129920)
We included updated OpenSSH packages with the new version of Enterprise Manager to address vulnerabilities described in CVE-2009-2904.

Discovery tasks do not time out (CR130883)
If a discovery task encounters an error, the status page may continually refresh instead of timing out.

TCP metrics inaccurate (CR130308)
We corrected an issue were certain device-level TCP metrics were inaccurate. TCP metrics reported in statistical data are now correct.

File names not preserved for support upload (CR131446)
If you configure a Gather Support Information task and attach a file, the file names may not be preserved when you send the information to the F5 support site. 

Software images not included in advanced archives (CR131764)
Previously, when you created an advanced archive of an Enterprise Manager configuration, this included images stored the software repository. This often resulted in very large backup files. To provide more useful backup files, the advanced archive script no longer includes images stored in the Enterprise Manager software repository. If you need to recover these images, you can download the images from the F5 downloads site,

[ Top ]

Features and fixes introduced in prior releases

The current release includes the fixes and enhancements that were distributed in prior releases. Please see the Enterprise Manager version 1.8 release notes to view fixes and enhancements introduced in version 1.x releases.

[ Top ]

Required configuration changes

If you upgraded the Enterprise Manager to version 2.0 from a version earlier than version 1.7, you must re-license the system before you can use the performance monitoring feature.

Note: The performance monitoring features originally introduced in version 1.7 are only available on the Enterprise Manager 3000 and Enterprise Manager 4000 platforms due to the greater CPU, memory, and hard drive requirements for this feature.

[ Top ]

Known issues

The following items are known issues in the current release. Known issues are cumulative, and include all known issues for a release. Please see the Enterprise Manager version 1.8 release notes to view known issues documented in version 1.x releases.

Installation warning (CR105166)
When you install Enterprise Manager version 2.0, and view installation messages the console, you may see an error indicating a missing /usr/bin/rpmgraph directory. The system upgrade installs successfully, and you can ignore this message.

Statistics screen does not time out (CR105234)
If you are viewing a statistics screen, the user session logged in to the system does not time out as it does when viewing other screens. If you need to maintain the regular timeout interval for logged in users, then navigate away from a statistics screen.

OpenSSH vulnerability in old SSH clients (CR112411)
This release contains the new OpenSSH client and server, which addresses the vulnerability Plaintext Recovery Attack Against SSH, reported as CPNI-957037. When an older client connects to the new server, however, a vulnerability exists. If you are still using old SSH clients, you should manually set those client's cipher list to only include CTR ciphers. To use only CTR ciphers for the OpenSSH client, the command line must include the following option: -c aes128-ctr,aes192-ctr,aes256-ctr.

New volumes do not appear (CR123430)
If you are managing a system that uses Logical Volume Management, and you add a new volume to the managed device, the Enterprise Manager system may not detect the new volume immediately.

Inaccurate list of boot locations on EM 4000 platform (CR126805)
On the Device Platform screen, if you view the platform information for an EM 4000, inaccurate details about the boot location appear. The details indicate available Compact Flash boot locations where there are none.

NTP vulnerability (CR131466)
Although the ntp package included with Enterprise Manager is affected by the vulnerabilities described in CVE-2009-3563, the system incorporates a read-only configuration so that the system is not vulnerable in this instance.

Samba vulnerabilities (CR131547)
The samba packages included with Enterprise Manager are affected by the vulnerabilities described in CVE-2009-1888, CVE-2009-2813, CVE-2009-2906, and CVE-2009-2948.

Upgrading to version 2.0 and possible errors (CR131966)
If you use the software upgrade wizard to perform a self-installation upgrade from Enterprise Manager 1.8 to version 2.0, it is possible that you may encounter errors during the upgrade process. In certain instances, the system may mark the task Cancelled, but the task will continue to run in the background to upgrade the system. If this occurs, you can check the image_install.log file to confirm that the installation completed, then manually reboot the system. As an alternative to the software upgrade wizard, you can perform an installation from the command line of the Enterprise Manager system. See the Upgrading an existing system section of the release note for instructions.

Issues when logging into devices with Launch link (CR132455, CR132933)
If you user the Launch link on the device properties screen to open a new window to log into a managed device, you may not be able to perform management tasks on the managed device. Additionally, you cannot use the Logout link on the managed device's Configuration utility to log off of the system. To work around this scenario, you must clear cookies associated with the managed device and avoid using the Launch link.

Copied Guest user role has no access (CR132696)
If you use Enterprise Manager to copy a Guest user account from a version 9.x managed device to a version 10.x managed device, the Guest user's access level is changed to No Access. You must manually change the user role permissions on the managed device in this scenario.

emsnmpd service errors (CR133464)
You may encounter errors in the emsnmpd service when using the snmpwalk command at the command line. These errors could result cause the emsnmpd service to restart.

Upgrades may fail for CF devices (CR133590)
If you use Enterprise Manager to upgrade devices that user a Compact Flash drive, the upgrade may not complete.

Show All link issues (CR133680)
On the Device Statistics configuration screen, if you click the Show All link to display more than two pages of objects, the link does not appear to work. Click Show All again to view all objects.

Incorrect alert name in log (CR133808)
If you configure multiple alert instances and these alerts are triggered, the system may not log these alerts properly in the alert log. Although the message associated with these alerts occur when the alert is triggered, the system may log only one alert name in the history log.

Administrator permissions errors (CR133835)
When you configure a user on the Enterprise Manager system with an administrator user role, this user may not be able to perform certain tasks that the Administrator user can perform.

Delete button error on Archive Properties screen (CR133954)
If you disable role permissions by changing the Archive Device Configuration setting for Operator or Application Editor user roles, then a user with one of these roles attempts to delete a configuration archive from the Archive Properties screen, this causes an error. The Delete button on this screen should not be available after disabling permissions.

Statistics database corruption and repair (CR133956)
In rare cases, the statistics database could become corrupted after a power failure and you can use an included script from the command line to repair it. However, if you use the em-repair-extern command from the command line, you may encounter a disk full error. To avoid this error, you must perform some manual adjustments to the script. See SOL10736 on the AskF5 Knowledge Base for instructions.

Statistics collection errors (CR133964)
While collecting statistical data with Enterprise Manager, if you disable collection of certain metrics individually so that the system collects no statistical data, the system may still continue to collect data for the last metric you disable. To avoid this scenario, if you plan to disable statistics collection entirely, set the Collect Statistics Data setting to Disabled on the Statistics: Options screen.

Platform issues with EM4000 (CR134203, CR135616)
You may encounter minor issues when using the EM4000 platform. These issues do not affect the performance of the system or the Enterprise Manager software, and include the following: Interactive startup option does not work, so avoid pressing the I key to start interactive startup when prompted during initial boot; End User Diagnostics does not log any results in any file on the active partition until you define a boot partition; Ltm log file displays "The requested BIGdb variable (platform.diskmonitor.growthalert.shared) was not found"; because the system does not run the BIG-IP Local Traffic Manager software, you can ignore this message; when you use the b platform command, the device incorrectly displays the platform as Enterprise Manager 3900.

Enterprise Manager 3000 platform does not support LACP (CR137579)
Because the Enterprise Manager 3000 platform is not switch-based like the 500 or 4000 platforms, it does not support Link Aggregation Control Protocol (LACP).

SFTP Proxy not supported (ID 336886)
Enterprise Manager does not support SFTP through a proxy server for a Support Data Collection Task. Although the Enterprise Manager Administrator Guide indicates that this is possible, it is incorrect.

[ Top ]

Workarounds for known issues

Please see the Enterprise Manager version 1.8 release notes to view workarounds described for known issues docu mented in version 1.x releases.

[ Top ]

Contacting F5 Networks

  Phone: (206) 272-6888
Fax: (206) 272-6802

For additional information, please visit

Was this resource helpful in solving your issue?

NOTE: Please do not provide personal information.

Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)