Manual Chapter : Managing Device Resources

Applies To:

Show Versions Show Versions

BIG-IQ ADC

  • 4.5.0
Manual Chapter

Managing Device Resources

About device resource management

You can use BIG-IQ® ADC to centrally manage resources located on BIG-IP® devices in your local network, in a public cloud like Amazon EC2, or in combination.

The first step to managing device resources is the discovery process. After discovery, you can make revisions, and then deploy the configuration changes to the managed devices for easy asset management. You can make these device configuration modifications without having to log in to each device individually.

Selecting specific devices to manage

You must have Read permissions to view the configuration objects imported from managed devices, and both Read and Write permissions to manage those objects.
When devices are discovered in other modules (such as BIG-IQ® Cloud or BIG-IQ® Device), they become visible in the BIG-IQ® ADC module's list of managed devices. You can specify whether devices discovered from other modules also use the ADC module's local traffic configuration management capabilities. Opting out of local traffic management for a device allows you to continue Cloud and Device management functions such as license management or backup and restore, without incurring the processing overhead incumbent to local traffic object management.
  1. Log in to BIG-IQ ADC with the administrator user name and password.
  2. At the top of the screen, click Configuration, and then, next to the Filter field, click Monitoring View.
    The screen displays the list of devices that the BIG-IQ device is currently managing, along with the configuration objects on those devices. This view shows the objects and settings most recently imported from the managed BIG-IP device. The list shows only configuration objects for which you have Read or Read/Write permissions.
  3. In the Devices panel, expand the group, if necessary, and hover over the device for which you wish to specify management; click the gear icon (gear), and then select Properties.
    The properties screen for the selected device opens.
  4. If you want to change whether the device is being managed, use the Configuration setting and select the check box. (There is only one check box, and the text for it reflects whether the device is currently managed.)
    • If the device is currently unmanaged, the check box reads Manage ADC Configuration; click it to begin managing the device.
    • If the device is currently managed, the check box reads Unmanage ADC Configuration; click it to stop managing the device.
  5. Click Save.
    The system makes the changes to management status that you requested.

Viewing properties for managed configuration objects

You must have Read permissions to view the configuration settings imported from managed devices.

Before you can monitor or manage settings for configuration objects on a device, you must be managing that device.

Using BIG-IQ® ADC, you can view configuration objects settings for virtual servers, pools, nodes, and iRules® that reside on managed BIG-IP® devices.
  1. Log in to BIG-IQ ADC with the administrator user name and password.
  2. At the top of the screen, click Configuration, and then, next to the Filter field, click Monitoring View.
    The screen displays the list of devices that the BIG-IQ device is currently managing, along with the configuration objects on those devices. This view shows the objects and settings most recently imported from the managed BIG-IP device. The list shows only configuration objects for which you have Read or Read/Write permissions.
  3. On the panel that corresponds to the type of object you want to view, hover over the object you want to view, click the gear icon, and then select Properties to access the configuration settings that have been imported for this object.
    The screen displays properties for the selected object.
  4. Use the scroll bar to view the entire set of settings defined for the selected configuration.
    Important: If you are viewing settings for a virtual server, do not overlook the two areas at the bottom of the screen (Configuration and Resources) that expand to display additional settings.

Overwriting undeployed changes

You must have Read permissions to view the configuration settings imported from managed devices.

The default behavior for the BIG-IQ® device in its role as manager is to exercise authority over the devices it manages. The settings of the managing BIG-IQ device prevail. That is, if there are differences between the current objects and settings on the managed BIG-IP® device, and the objects and settings that the managing BIG-IQ device has for that BIG-IP device, the BIG-IQ device uses the settings it already has.

In situations in which you do not want this to occur, you can overwrite the objects and settings that the BIG-IQ device recognizes for the managed device with the current objects and settings on the managed device. When you do this, settings on the BIG-IQ device (including undeployed configuration revisions) are replaced with the settings from the managed device.

Note: Overwriting undeployed changes removes all configuration revisions you have made for the selected device. If you have made a significant number of changes on the BIG-IQ device and only want to discard a few of them, it might be better to revert them individually.
  1. Log in to BIG-IQ ADC with the administrator user name and password.
  2. At the top of the screen, click Configuration, and then click Editing View.
    The screen displays the list of devices that the BIG-IQ device is currently managing, along with the configuration objects on those devices. This view displays the objects and settings currently configured on the managing BIG-IQ device. Only configuration objects for which you have Read or Read/Write permissions are displayed.
  3. In the Devices panel, expand the device group in which your device resides, hover over the device for which you wish to discard changes, click the gear icon (gear), and then select Properties.
    The properties screen for the selected device opens.
  4. At the bottom of the Properties screen, click Overwrite Working Changes to replace all changes currently pending on the BIG-IQ device for this managed BIG-IP device with the objects and settings as they currently exist on that managed BIG-IP device.
    A confirmation popup screen opens.
  5. On the confirmation screen, click Revert Working Changes to confirm the overwrite of your changes.
The objects and settings for the configuration objects that currently exist on the BIG-IP device overwrite the settings for those objects on the managing BIG-IQ device.

Refreshing managed object view

You must have Read permissions to view the configuration settings imported from managed devices.
Configuration object settings for virtual servers, pools, nodes, and iRules® that reside on managed devices are imported during device discovery. However, if the device administrator makes changes to these settings after device discovery, the settings seen on the BIG-IQ® device may not be completely current. You can refresh the managed object view to make sure that you have the most up to date values for the imported configuration object properties.
  1. Log in to BIG-IQ ADC with the administrator user name and password.
  2. At the top of the screen, click Configuration, and then, next to the Filter field, click Monitoring View.
    The screen displays the list of devices that the BIG-IQ device is currently managing, along with the configuration objects on those devices. This view shows the objects and settings most recently imported from the managed BIG-IP device. The list shows only configuration objects for which you have Read or Read/Write permissions.
  3. In the Devices panel, expand the group, if necessary, and hover over the device you want to view, click the gear icon (gear), and then select Properties.
    The properties screen for the selected device opens.
  4. At the bottom of the screen, click the Remote > Local button.
    Note: The refresh performed when you click this button does nothing to any configuration changes that you might have made to the managed device, but not yet deployed. To discard those changes, you need to overwrite the undeployed changes.
    The BIG-IQ device refreshes its view of the properties that currently exist on the managed device. The properties of the configuration objects on the managed device are imported again, so that any changes that might have been made on the managed device since the last refresh are recognized by the BIG-IQ device.
The current state of the configuration objects on the managed device is updated. Properties such as statistics, device state, and status are all updated in BIG-IP® view.
Note: Statistics for managed BIG-IP devices are refreshed every 60 seconds. Consequently, there can be a delay of up to 60 seconds before statistics are available for newly updated devices. There can be a similar delay before the status icons for managed objects are up to date. For example, you might refresh the view for a device that has a healthy virtual server, but the status icon for that server could display as unhealthy until the next refresh.

Changing device local traffic objects

Before you make changes to a local traffic object on a managed device, there are two tasks to perform to ensure that you get the expected result.

  • Make sure that no undeployed changes exist for the local traffic object on the managing BIG-IQ® device. Overwrite undeployed changes before proceeding.
  • Make sure you have the most up to date information about the object on the managed BIG-IP® device. Refresh the managed object view to update the BIG-IQ device.
You can make revisions to the configuration of local traffic objects (virtual servers, pools, and nodes) on managed devices.
Important: When revising configurations on devices that belong to a high availability cluster, it is important to let the changes synchronize to the cluster members instead of trying to make the same changes to multiple devices. If you try to replicate changes you made on one device in the cluster, the next config sync attempt could fail.
  1. Log in to BIG-IQ ADC with the administrator user name and password.
  2. At the top of the screen, click Configuration, and then click Editing View.
    The screen displays the list of devices that the BIG-IQ device is currently managing, along with the configuration objects on those devices. This view displays the objects and settings currently configured on the managing BIG-IQ device. Only configuration objects for which you have Read or Read/Write permissions are displayed.
  3. On the panel that corresponds to the type of object you want to change, hover over the object you want to view, click the gear icon, and then select Properties to access the configuration settings that have been imported for this object.
    The properties screen for the selected object opens.
  4. On the Properties screen, make changes to the configuration object you want to modify.
    1. To enable an iRule on a virtual server, expand Resources, then select the iRule from the Available list, and use the Move button to move the iRule to the Enabled list.
    2. When you are satisfied with the changes you have made, click Save.
    The revisions you saved are made, and the Properties screen for the selected object closes.
Changes that you make are made only to the pending version. The pending version serves as a repository for changes you stage before deploying them to the managed device. Object settings for the pending version are not the same as the object settings on the actual BIG-IP device until they are deployed or discarded.
Important: There is an exception to this pattern. When you view properties for a pool and click Enable, Disable, or Force Offline, you can choose whether you want the change to occur immediately (Change Now), later (Change Later), or not at all (Cancel). Changes you decide to make later become part of the pending changes for the managed object.
To apply the pending version settings to the BIG-IP device, you need to deploy the revisions.

Creating a new virtual server

You can use the BIG-IQ® ADC interface to add a virtual server to a managed device.
Important: When revising configurations on devices that belong to a high availability cluster, it is important to let the changes synchronize to the cluster members instead of trying to make the same changes to multiple devices. If you try to replicate changes you made on one device in the cluster, the next sync attempt could fail.
  1. Log in to BIG-IQ ADC with the administrator user name and password.
  2. At the top of the screen, click Configuration, and then click Editing View.
    The screen displays the list of devices that the BIG-IQ device is currently managing, along with the configuration objects on those devices. This view displays the objects and settings currently configured on the managing BIG-IQ device. Only configuration objects for which you have Read or Read/Write permissions are displayed.
  3. Hover over the Virtual Servers panel and click the gear icon.
    The New Virtual Server screen opens.
  4. From the Device list, select the device on which to create the virtual server.
  5. In the Name field, type in a name for the virtual server you are creating.
  6. In the Description field, type in a brief description for the pool you are creating.
  7. For the Source Address, type an IP address or network from which the virtual server will accept traffic.
    For this setting to work, you must specify a value other than 0.0.0.0/0 or ::/0 (that is, any/0, any6/0). In order to maximize the utility of this setting, specify the most specific address prefixes that include your customer addresses, but exclude addresses outside of their range.
  8. For the Destination Address, type the IP address of the destination you want to add to the Destination list.

    The format for an IPv4 address is I<a>.I<b>.I<c>.I<d>:I<port>. For example, 172.16.254.1:443.

    The format for an IPv6 address is I<a>:I<b>:I<c>:I<d>:I<e>:I<f>:I<g>:I<h>.I<port>.

    For example, 2001:db8:85a3:8d3:1319:8a2e:370:7348.443. If the port is well-known to be associated with a specific port number, you can specify it by name. Using the previous example, 2001:db8:85a3:8d3:1319:8a2e:370:7348.443 becomes 2001:db8:85a3:8d3:1319:8a2e:370:7348.https.
  9. In the Service Port field, type a service port number, or select a type from the list.
    When you select a type from the list, the value in the Service Port field changes to reflect the associated default, which you can change.
  10. To configure the virtual server so that its status contributes to the associated virtual address status, select Notify Status to Virtual Address.
    When this setting is disabled, the status of the virtual server does not contribute to the associated virtual address status. This status, in turn, affects the behavior of the system when you enable route advertisement of virtual addresses.
  11. If you want the pool member and its resources to be available for load balancing, select State.
  12. To specify configuration parameters for this virtual server, expand Configuration and continue with the next thirteen steps. Otherwise, skip to step 25 in this procedure.
  13. From the Source Address Translation list, select the type of address translation pool used for implementing selective and intelligent source address translation.
    • None: The system does not use a source address translation pool for this virtual server.
    • SNAT: The system uses source network address translation (NAT), as defined in the specified SNAT pool, for address translation.
    • Auto Map: The system uses all of the self IP addresses as the translation addresses for the pool.
  14. In the Connection Limit field, type the maximum number of concurrent connections allowed for the virtual server.
  15. In the Connection Rate Limit field, type the maximum number of connections-per-second allowed for a pool member.
    When the number of number of connections-per-second reaches the limit for a given pool member, the system redirects additional connection requests. This helps detect Denial of Service attacks, where connection requests flood a pool member. Setting the limit to 0 turns off connection limits.
  16. From the Connection Rate Limit Mode list, select the scope of the rate limit defined for the virtual server.
    • Per Virtual Server: Applies rate limiting to this virtual server.
    • Per Virtual Server and Source Address: Applies Connection Rate Limit Source Mask to the source IP address of incoming connections to this virtual server, and applies the rate limit to connections sharing the same subnet. The Connection Rate Limit Source Mask specifies the number of bits in the IP address to use as a limit key.
    • Per Virtual Server and Destination Address: Applies Connection Rate Limit Destination Mask to the destination IP address of outgoing connections from this virtual server, and applies the rate limit to connections sharing the same subnet. The Connection Rate Limit Destination Mask specifies the number of bits in the IP address to use as a limit key.
    • Per Virtual Server, Destination, and Source Address: Applies Connection Rate Limit Source Mask and Connection Rate Limit Destination Mask to the source and destination IP address of incoming connections to this virtual server, and applies the rate limit to connections sharing the same subnet. The Connection Rate Limit Source Mask and Connection Rate Limit Destination Mask specify the number of bits in the IP addresses to use as a limit key.
    • Per Source Address (All Rate Limiting Virtual Servers): Applies rate limiting based on the specified source address for all virtual servers that have rate limits specified.
    • Per Destination Address (All Rate Limiting Virtual Servers): Applies rate limiting based on the specified destination address for all virtual servers that have rate limits specified.
    • Per Source and Destination Address (All Rate Limiting Virtual Servers): Applies rate limiting based on the specified source and destination addresses for all virtual servers that have rate limits specified.
  17. If you want the system to translate the virtual server address, select Address Translation.
    This option is useful when the system is load balancing devices that have the same IP address.
  18. If you want the system to translate the virtual server port, select Port Translation.
    This option is useful when you want the virtual server to load balance connections to any service. The default is enabled.
  19. From the Source Port list, select how you want the system to preserve the connection's source port.
    • Preserve: Specifies that the system preserves the value configured for the source port, unless the source port from a particular SNAT is already in use, in which case the system uses a different port.
    • Preserve Strict: Specifies that the system preserves the value configured for the source port. If the port is in use, the system does not process the connection. Restrict the use of this setting to cases that meet at least one of the following conditions:
      • The port is configured for UDP traffic.
      • The system is configured for nPath routing or is running in transparent mode (that is, there is no translation of any other Layer 3 or Layer 4 field).
      • There is a one-to-one relationship between virtual IP addresses and node addresses, or clustered multi-processing (CMP) is disabled.
    • Change: Specifies that the system changes the source port. This setting is useful for obfuscating internal network addresses.
  20. To replicate client-side traffic (that is, prior to address translation) to a member of a specified pool, select that pool from the Clone Pool (Client) list.
  21. To replicate server-side traffic (that is, prior to address translation) to a member of a specified pool, select that pool from the Clone Pool (Server) list, select the device on which to create the virtual server.
  22. Use the Auto Last Hop list to specify whether you want the system to send return traffic to the MAC address that transmitted the request, even if the routing table points to a different network or interface.
  23. From the Last Hop Pool list, select the pool the system uses to direct reply traffic to the last hop router.
  24. If you want the system to allow IPv6 hosts to communicate with IPv4 servers, select NAT64.
  25. To specify the virtual server score in percent, type that value in the VS Score field.
    Global Traffic Manager™ (GTM™) uses this value to load balance traffic in a proportional manner.
  26. To specify additional resource details for this virtual server, expand Resources and continue with the next two steps. Otherwise, skip to the last step in this procedure.
  27. To specify which iRules® are enabled for this virtual server, use the arrow buttons to move iRules between the Available and Enabled lists.
    iRules are applied in the order in which they are listed.
  28. Use the Default Pool list to select the pool name that you want the virtual server to use as the default pool.
    A load balancing virtual server sends traffic to this pool automatically, unless an iRule directs the server to send the traffic to another pool.
  29. Click Save.
    The system creates the new virtual server with the settings you specified.
Note: Statistics for managed BIG-IP devices are refreshed every 60 seconds. Consequently, there can be a delay of up to 60 seconds before statistics are available for newly deployed servers. There can be a similar delay before the server status icon display is up to date. For example, you might create a new server, but the status icon could display as undefined until the next refresh.

Creating a new pool

You can use the BIG-IQ® ADC interface to add a pool to a managed device.
Important: When revising configurations on devices that belong to a high availability cluster, it is important to let the changes synchronize to the cluster members instead of trying to make the same changes to multiple devices. If you try to replicate changes you made on one device in the cluster, the next config sync attempt could fail.
  1. Log in to BIG-IQ ADC with the administrator user name and password.
  2. At the top of the screen, click Configuration, and then click Editing View.
    The screen displays the list of devices that the BIG-IQ device is currently managing, along with the configuration objects on those devices. This view displays the objects and settings currently configured on the managing BIG-IQ device. Only configuration objects for which you have Read or Read/Write permissions are displayed.
  3. Hover over the Pools panel and click the add icon.
    The New Pool screen opens.
  4. In the Name field, type in a name for the pool you are creating.
  5. From the Device list, select the device on which to create the pool.
  6. In the Description field, type in a brief description for the pool you are creating.
  7. In the Load Balancing Method field, specify the type of load balancing you want the pool to use. The default is Round Robin.
  8. In the Priority Group Activation setting, specify how the system load balances traffic. The default is Disabled.
    1. To have the system load balance traffic according to the priority number assigned to the pool member, select Less than.
    2. If you use a priority number, from the Available Member(s) list, select the minimum number of members that must be available in one priority group before the system directs traffic to members in a lower priority group.
      When a sufficient number of members become available in the higher priority group, the system again directs traffic to the higher priority group.
  9. To specify advanced properties, expand Advanced Properties and continue with the next twelve steps. Otherwise, skip to the last step in this procedure.
  10. To automatically enable or disable NATs for connections that use this pool, for the NAT setting, select Allow.
  11. To automatically enable or disable SNATs for connections that use this pool, for the SNAT setting, select Allow.
  12. To specify how the system should respond when the target pool member becomes unavailable, select a value from the Action On Service Down list.
    • None: Specifies that the system takes no action to manage existing connections when a pool member becomes unavailable. The system maintains existing connections, but does not send new traffic to the member.
    • Reject: Specifies that, if there are no pool members available, the system resets and clears the active connections from the connection table and sends a reset (RST) or Internet Control Message Protocol (ICMP) message. If there are pool members available, the system resets and clears the active connections, but sends newly arriving connections to the available pool member and does not send RST or ICMP messages.
    • Drop: Specifies that the system simply cleans up the connection.
    • Reselect: Specifies that the system manages established client connections by moving them to an alternative pool member when monitors mark the original pool member down.
  13. To specify the duration during which the system sends less traffic to a newly-enabled pool member, select a value from the Slow Ramp Time field.
    The amount of traffic is based on the ratio of how long the pool member has been available compared to the slow ramp time, in seconds. Once the pool member has been online for a time greater than the slow ramp time, the pool member receives a full proportion of the incoming traffic. Slow ramp time is particularly useful for the least connections load balancing mode.
    Important: Setting this to a non-zero value can cause unexpected Priority Group behavior, such as load balancing to a low-priority member even with enough high-priority servers.
  14. To specify whether the system sets a Type of Service (ToS) level within a packet sent to the client, based on the targeted pool, select a value from the IP ToS to Client list.
    Setting a ToS level affects the packet delivery reliability.
    • Pass Through: The system does not change the ToS level within a packet.
    • Specify: Provides a field in which you can specify a ToS level to apply. Valid values are from 0 to 255.
    • Mimic: Specifies that the system sets the ToS level of outgoing packets to the same ToS level of the most-recently received incoming packet. For example, if the most-recently received packet had a ToS level of 3, the system sets the ToS level of the next outgoing packet to 3.
  15. To specify whether the system sets a Type of Service (ToS) level within a packet sent to the server, based on the targeted pool, select a value from the IP ToS to Server list.
    Setting a ToS level affects the packet delivery reliability.
    • Pass Through: The system does not change the ToS level within a packet.
    • Specify: Provides a field in which you can specify a ToS level to apply. Valid values are from 0 to 255.
    • Mimic: Specifies that the system sets the ToS level of outgoing packets to the same ToS level of the most-recently received incoming packet. For example, if the most-recently received packet had a ToS level of 3, the system sets the ToS level of the next outgoing packet to 3.
  16. To specify whether the system sets a the system sets a Quality of Service (QoS) level within a packet sent to the client, based on the targeted pool, select a value from the Link QoS to Client list.
    Setting a QoS level affects the packet delivery priority.
    • Pass Through: The system does not change the QoS level within a packet.
    • Specify: Provides a field in which you can specify a QoS level to apply. Valid values are from 0 to 7.
  17. To specify whether the system sets a the system sets a Quality of Service (QoS) level within a packet sent to the server, based on the targeted pool, select a value from the Link QoS to Server list.
    Setting a QoS level affects the packet delivery priority.
    • Pass Through: The system does not change the QoS level within a packet.
    • Specify: Provides a field in which you can specify a QoS level to apply. Valid values are from 0 to 7.
  18. To specify the number of times the system tries to contact a new pool member after a passive failure, select a value from the Reselect Tries field.
    A passive failure consists of a server-connect failure or a failure to receive a data response within a user-specified interval. The default is 0, which indicates no reselects.
  19. To enable TCP request queueing, select Request Queueing.
  20. To specify the maximum number of connection requests allowed in the queue, type an entry in the Request Queue Depth field.
    The default value of 0 permits unlimited connection requests, constrained only by available memory.
  21. To specify the maximum number of milliseconds that a connection request can be queued until capacity becomes available, whereupon the connection request is removed from the queue and reset, type an entry in the Request Queue Timeout field.
    The default value of 0 permits unlimited time in the queue.
  22. Click Save.
    The system creates the new pool with the settings you specified.

Creating a new node

You can use the BIG-IQ® ADC interface to add a node to a managed device.

Nodes are the basis for creating a load balancing pool. For any server that you want to be part of a load balancing pool, you must first create a node, that is, designate that server as a node. After designating the server as node, you can add the node to a pool as a pool member. You can also associate a health monitor with the node, to report the status of that server.

Important: When revising configurations on devices that belong to a high availability cluster, it is important to let the changes synchronize to the cluster members instead of trying to make the same changes to multiple devices. If you try to replicate changes you made on one device in the cluster, the next config sync attempt could fail.
  1. Log in to BIG-IQ ADC with the administrator user name and password.
  2. At the top of the screen, click Configuration, and then click Editing View.
    The screen displays the list of devices that the BIG-IQ device is currently managing, along with the configuration objects on those devices. This view displays the objects and settings currently configured on the managing BIG-IQ device. Only configuration objects for which you have Read or Read/Write permissions are displayed.
  3. Hover over the Nodes panel and click the add icon.
    The New Node screen opens.
  4. From the Device list, select the device on which to create the node.
  5. In the Name field, type in a name for the node you are creating.
  6. For the Address field, select either Address, or FQDN, to specify how to identify the node you are creating.
    • If you select Address, type in the IP address that identifies the new node.
    • If you select FQDN, type in the fully qualified domain name that identifies the new node.
    If you select FQDN, the screen displays several additional settings.
  7. If you chose the FQDN method for identifying this node, specify the Address Type for this node by selecting either IPv4 or IPv6.
  8. If you chose the FQDN method for identifying this node, specify the Auto Populate setting.
    When the domain name you specify resolves to multiple IP addresses, you can enable this setting if you want read-only ephemeral nodes to be created for these addresses.
  9. If you chose the FQDN method for identifying this node, specify the Interval for this node.
    This setting specifies the number of seconds that you want the system to spend attempting to resolve a domain name.
  10. If you chose the FQDN method for identifying this node, specify the Down Interval for this node.
    This setting specifies the number of attempts you want the system to make to resolve a domain name.
  11. To specify configuration parameters for this node, expand Configuration and continue with the next three steps. Otherwise, skip to step fifteen in this procedure.
  12. For the Ratio, type the ratio weight you want to assign to the new node.
    When you are using the Ratio load balancing method, you can assign a ratio weight to each node in a pool. LTM uses this ratio weight to determine the correct node for load balancing. Note that at least one node in the pool must have a ratio value greater than 1. Otherwise, the effect equals that of the Round Robin load balancing method.
  13. For the Connection Limit, type the maximum number of concurrent connections allowed for this node.
  14. For the Connection Rate Limit, type the maximum rate of new connections per second allowed for this node.
    When you specify this limit, the system controls the number of allowed new connections per second, thus providing a manageable increase in connections without compromising availability. The default value of 0 specifies that there is no limit on the number of connections allowed per second.
  15. Click Save.
    The system creates the new node with the settings you specified.

About deploying configuration changes

Using BIG-IQ® ADC to manage the devices in your network means that you can deploy configuration changes without having to log in to each individual BIG-IP® device. You can review deployment changes before you make them, and then either make the changes, or revert them.

When you deploy changes to a managed device, before the BIG-IQ device applies the configuration changes, it first does a fresh import from the managed device to ensure there are no conflicts. If there are conflicts, the default behavior is to discard any changes made on the managed device before deploying the configuration changes. You can work around this by overwriting undeployed changes. Overwriting undeployed changes performs a fresh import from the managed BIG-IP device and uses those objects and settings to overwrite any revisions performed on the managing BIG-IQ device.

Reviewing and deploying configuration settings

Before you deploy configuration changes, be aware of the following prerequisites:
  • You must have a role of Administrator to deploy configuration changes.
  • Before you deploy changes to a managed device, make sure that changes have not been made to that device while you were assembling your configuration changes. Deploying changes to a managed device overwrites the objects and settings on the managed device with the settings specified on the BIG-IQ® device. To make sure you are not overwriting settings that you didn't know about, refresh the managed object view before deploying configuration changes.

You must create a deployment job and submit that job before changes to configuration objects you have made are applied to the managed device.

  1. Log in to BIG-IQ ADC with the administrator user name and password.
  2. At the top of the screen, click Deployment.
    The list of active deployment jobs is displayed. Jobs are categorized as Pending, Error, or Completed. These are deployments that are already in process. To get your configuration changes applied to the appropriate device, you need to create a new job.
  3. In the Deployments panel, click the ( + ) icon, and then select Deploy Configuration Changes.
    The New Deployment screen opens.
  4. In the Name field, type in a name for the deployment task you are creating.
  5. In the Description field, type in a brief description for the deployment task you are creating.
  6. From the list of configuration changes pending deployment, select the device for which you wish to deploy changes.
  7. To review the changes before deploying them, select Review Pending Changes (to deploy without reviewing, skip this step).
    1. In the Modified area of the Show Differences popup screen, select each configuration object and scroll through the revisions.
      Important: As a prerequisite to this task, make sure that you know the most current configuration settings on the managed device. If you did not perform that refresh, the configuration settings you are comparing your revisions with will be out of sync with any changes made to the BIG-IP device since the last refresh.
      Note: If the refresh and review reveals minor changes that have been made on the managed device, and you do not want to lose those changes, consider adding those configuration changes to the property settings on the BIG-IQ device before you deploy the changes.
    2. When you finish reviewing the pending changes, click Cancel on the popup screen.
  8. To start the task of deploying changes to the managed device, click Deploy. The BIG-IQ device starts processing the deployment job. When the job completes successfully, configuration settings on the managed device are overwritten with the settings from the managing BIG-IQ device.
    Note: To discard the just reviewed changes, overwrite the undeployed changes. The configuration settings currently on the managed device are freshly imported and overwrite the settings on the managing BIG-IQ device. For details, refer to Overwriting undeployed changes.

When you deploy a configuration job, details display in the Deployment panel's Pending list while the deployment is being processed. These details display until the job either fails or succeeds.

  • If the deployment fails, details display in the Deployment panel's Error list.
  • If the deployment is successful, details display in the Deployment panel's Completed list.
Important: The Completed deployments and Error lists maintain a 7-day history of deployment changes. After a week, these deployment change records are deleted.