F5 Logo MyF5
Search
  1. MyF5 Home
  2. Knowledge Centers
  3. BIG-IQ Cloud
  4. BIG-IQ Systems and Amazon EC2: Setup and Getting Started
  5. Installation and Initial Configuration
Manual Chapter : Installation and Initial Configuration

Applies To:

Show Versions Show Versions

BIG-IQ Cloud

  • 4.1.0

BIG-IQ Security

  • 4.1.0
Manual Chapter
Table of Contents | << Previous Chapter

About licensing and initial configuration

BIG-IQ system runs as a virtual machine in specifically-supported hypervisors. After you set up your virtual environment, or your platform, you can license the BIG-IQ system. You initiate the license activation process with the base registration key.

The base registration key is a character string that the license server uses to verify the functionality that you are entitled to license. If the system has access to the internet, you select an option to automatically contact the F5 license server and activate the license. If the system is not connected to the internet, you can manually retrieve the activation key from a system that is connected to the internet, and transfer it to the BIG-IQ system.

Note: If you do not have a base registration key, contact the F5 Networks sales group (http://www.f5.com).

Automatic license activation and initial configuration

Before you can activate your F5 product license, you must configure your virtual environment or your platform, define a management IP address, and obtain the base registration key.
If the BIG-IQ system is connected to the public internet, use this procedure to activate its license.
  1. Using a browser on which you have configured the management interface, type the following URL syntax where <management_IP_address> is the address you specified for device management: https://<management_IP_address>
  2. Log in to the BIG-IQ system with the default user name admin and password admin.
  3. At the top of the screen, click System Overview.
  4. In the Setup panel, click the IP address of the BIG-IQ system. The panel expands to display additional properties.
  5. In the Base Registration Key field, type or paste the BIG-IQ registration key.
  6. In the Add-on Key field, paste any additional license key you have. The options are:Cloud or Security.
  7. For the Activation method setting, select Automatic and click the Activate button. The BIG-IQ system contacts the F5 Networks licensing server and displays The End User License Agreement (EULA) displays.
  8. To accept the EULA, click the Accept button. The screen refreshes and display the license details.
  9. Click the Properties tab.
  10. In the Host Name field, type a fully-qualified domain name (FQDN) for the system. The FQDN can consist of letters, numbers, and/or the characters underscore ( _ ), dash ( - ), or period ( . ).
  11. In the Self IP Address field, type the self IP address of your internal VLAN. The self IP address must be in Classless InterDomain Routing (CIDR) format. For example: 10.10.10.10/24.
  12. To add an additional self IP address, click the + sign and in the new Self IP Address field that the system creates, edit the duplicated self IP address to reflect the additional self IP address that you want to add. Once you save this self IP address, you cannot change it.
  13. Click the Services tab.
  14. In the DNS Lookup Servers field, type the IP address of your DNS Lookup Server. The DNS Lookup Server allows you to use IP addresses, host names, or fully-qualified domain names (FQDNs) to access other network objects.
  15. In the DNS Search Domain field, type the name of your search domain. The DNS search domain list allows the BIG-IQ system to search for local domain lookups to resolve local host names.
  16. In the Time Servers fields, type the IP addresses of your Network Time Protocol (NTP) servers.
  17. Click the Save button to save your configuration.

Manual license activation and initial configuration

Before you can activate your F5 product license, you must configure your virtual environment or your platform, define a management IP address, and obtain the base registration key.
If the BIG-IQ system is not connected to the public internet, use this procedure to activate its license.
  1. Using a browser on which you have configured the management interface, type the following URL syntax where <management_IP_address> is the address you specified for device management: https://<management_IP_address>
  2. Log in to the BIG-IQ system with the default user name admin and password admin.
  3. At the top of the screen, click System Overview.
  4. In the Setup panel, click the IP address of the BIG-IQ system. The panel expands to display additional properties.
  5. In the Base Registration Key field, type or paste the BIG-IQ registration key.
  6. In the Add-on Key field, paste any additional license key you have. The options are:Cloud or Security.
  7. For the Activation method setting, select Manual and click the Activate button. The BIG-IQ system refreshes and displays the dossier in the Dossier field.
  8. Copy the displayed dossier and transfer it to a system connected to the internet and navigate to the F5 Licensing Server at https://activate.f5.com/license/ .
  9. Paste the dossier in the Enter your dossier text box, or click the Browse button to locate it on the system, and click the Next button.
  10. Copy or save the activation key and transfer it to the BIG-IQ system.
  11. Paste the activation key in the License field and click the Activate button.
  12. The End User License Agreement (EULA) displays. When you click Accept, the screen refreshes to display the license details.
  13. Click the Properties tab.
  14. In the Host Name field, type a fully-qualified domain name (FQDN) for the system. The FQDN can consist of letters, numbers, and/or the characters underscore ( _ ), dash ( - ), or period ( . ).
  15. In the Self IP Address field, type the self IP address of your internal VLAN. The self IP address must be in Classless InterDomain Routing (CIDR) format. For example: 10.10.10.10/24.
  16. To add an additional self IP address, click the + sign and in the new Self IP Address field that the system creates, edit the duplicated self IP address to reflect the additional self IP address that you want to add. Once you save this self IP address, you cannot change it.
  17. Click the Services tab.
  18. In the DNS Lookup Servers field, type the IP address of your DNS Lookup Server. The DNS Lookup Server allows you to use IP addresses, host names, or fully-qualified domain names (FQDNs) to access other network objects.
  19. In the DNS Search Domain field, type the name of your search domain. The DNS search domain list allows the BIG-IQ system to search for local domain lookups to resolve local host names.
  20. In the Time Servers fields, type the IP addresses of your Network Time Protocol (NTP) servers.
  21. Click the Save button to save your configuration.

About installing required BIG-IQ system components on managed BIG-IP systems

You must install specific components required by the BIG-IQ system on each BIG-IP device you want to manage. To install these components, you run a series commands from the command line.

Installing required BIG-IQ components on BIG-IP systems

You can perform this task only after you have licensed and installed the BIG-IQ system and at least one BIG-IP device running version 11.3 or later.
This task installs, onto your managed BIG-IP devices, a REST framework that supports the required Java-based management services. You must perform this installation task each time you discover a new device.
Important: When you run this installation script, the traffic management interface (TMM) on each BIG-IP device restarts. It is important that, before you run this script, you verify that no critical network traffic is targeted to the BIG-IP devices.
  1. Log in to the BIG-IQ system terminal as the root user.
  2. Establish SSH trust between the BIG-IQ system and the managed BIG-IP device. ssh-copy-id root@<BIG-IP Management IP Address> This step is optional. If you do not establish trust, you will be required to provide the BIG-IP system's root password multiple times.
  3. Navigate to the folder in which the files reside. cd /usr/lib/dco/packages/upd-adc
  4. Run the installation script.
    • For devices installed in an Amazon EC2 environment: ./update_bigip.sh -a admin -p <password> -i /<path_to_PEM_file> <BIG-IP Management IP Address>
    • For devices installed in any other environment: ./update_bigip.sh –a admin –p <password> <BIG-IP Management IP Address>
    Where <password> is the administrator password for the BIG-IP device.
  5. Revoke SSH trust between the BIG-IQ system and the managed BIG-IP device. ssh-keygen –R <BIG-IP Management IP address> This step is not required if you did not establish trust in step 2.

About a high availability configuration

You can ensure that you always have access to your managed BIG-IP devices by installing two BIG-IQ systems in an active/standby high availability (HA) configuration. If the active BIG-IQ system in the HA configuration fails, the standby peer becomes active allowing you to continue to manage devices.

Configuring a high availability pair

After you install and license two BIG-IQ systems, you can configure them in an active/standby pair.

Having a high availability pair of BIG-IQ systems configured makes it possible for you to always have access to BIG-IP devices in your network. The BIG-IQ systems in a high availability pair synchronize their configurations every 30 minutes. Configuring a high availability pair is optional.

Important: For a pair of BIG-IQ systems in a high availability configuration to synchronize properly, they must each be running the same version of BIG-IQ. Perform these steps on the active BIG-IQ system.
  1. Log in to the BIG-IQ system with the administrator user name and password.
  2. At the top of the screen, click System Overview.
  3. Click the High Availability tab.
  4. In the Peer IP Address field, type the self IP address (on the internal VLAN) of the peer BIG-IQ system. Do not use the management IP address of the peer.
  5. In the User Name and Password fields, type the administrative user name and password for the BIG-IQ system you want to add as a peer.
  6. Click the Save button to save your configuration.

If discovery fails, a delete button displays. Verify the correct self IP address and credentials. Then click the delete button to remove the incorrect information, and re-enter the self IP address, user name, and password.

Replacing a peer in a high availability configuration

To change the peer BIG-IQ system that you specified in a high availability pair, you must delete the current peer system, and specify a new peer.
  1. Log in to the BIG-IQ system with the administrator user name and password.
  2. At the top of the screen, click System Overview.
  3. Click the High Availability tab.
  4. Click the Delete button.
  5. Repeat steps 1-4 on the peer system.
  6. Log back in to the first BIG-IQ system.
  7. At the top of the screen, click System Overview.
  8. Click the High Availability tab.
  9. In the Peer IP Address field, type the self IP address (on the internal VLAN) of the peer BIG-IQ system. Do not use the management IP address of the peer.
  10. In the User Name and Password fields, type the administrative user name and password for the BIG-IQ system you want to add as a peer.
  11. Click the Save button to save your configuration.
The active BIG-IQ system discovers its peer and displays its status.

If discovery fails, a delete button displays. Verify the correct self IP address and credentials. Then click the delete button to remove the incorrect information, and re-enter the self IP address, user name, and password.

Forcing an active peer BIG-IQ system to standby mode

In the event that both BIG-IQ systems in a high availability pair become active, the system displays a warning message at the top of every screen. If this occurs, you can use this procedure to put the standby system back into standby mode.

  1. Log in to the BIG-IQ system with the administrator user name and password.
  2. At the top of the screen, click System Overview.
  3. Click the High Availability tab.
  4. Click the Force Standby button. The BIG-IQ system is forced into standby mode.

About default passwords for pre-defined users

When you initially license the BIG-IQ system, it creates the following administrative roles with a default password.

  • administrator
  • root

Changing the default password for the administrator user

You must specify the management IP address settings for the BIG-IQ system to prompt the system automatically create the administrator user.
After you initially install and configure the BIG-IQ system, it is important to change the password for the administrator password user from the default password, admin.
  1. Log in to the BIG-IQ system with the administrator user name and password.
  2. At the top of the screen, click Users.
  3. On the Users panel, click Admin User
  4. Click the properties gear. The screen refreshes to display the properties for this user.
  5. In the Password and Confirm Password fields, type a new password.
  6. Click the Save button.

Changing the default password for the root user

You must specify the management IP address settings for the BIG-IQ system to prompt the system automatically create the root user.
After you initially install and configure the BIG-IQ system, it is important to change the password for the root user from the default password, default.
  1. Log in to the BIG-IQ system with the administrator user name and password.
  2. At the top of the screen, click Users.
  3. On the Users panel, click root user.
  4. Click the properties gear. The screen refreshes to display the properties for this user.
  5. In the Password and Confirm Password fields, type a new password.
  6. Click the Save button.
Table of Contents | << Previous Chapter
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5 Networks, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information