Manual Chapter : Device Resource Management

Applies To:

Show Versions Show Versions

BIG-IQ Cloud

  • 4.2.0
Manual Chapter

About device discovery

You use the BIG-IQ Cloud to centrally manage cloud resources for tenants. Resources can be located on BIG-IQ devices in your local network, in a public cloud like Amazon EC2, or in a combination of both.

You start managing the resources that are located on devices in your local network by installing on those devices components that are specific to BIG-IQ Cloud, and then making BIG-IQ Cloud aware of them through the discovery process. You accomplish the component installation process from the command line. To discover a device, you provide BIG-IQ Cloud with its IP address, user name, and password.

Alternately, for those devices located in the Amazon EC2 and OpenStack public cloud space, BIG-IQ Cloud automatically detects them when it connects to the Amazon EC2 or OpenStack cloud.

Installing required BIG-IQ components on BIG-IP devices

You can perform this task only after you have licensed and installed the BIG-IQ system and at least one BIG-IP device running version 11.3 or later.

This task runs a script. For this script to run properly, you must first open specific ports on your EC2 AMI BIG-IQ instance and on any associated EC2 BIG-IP instances. To open these ports, you need additional security group rules in your allow-only-ssh-https-ping security group, and you need to associate these rules with the management interface.

You need to create three rules: two outbound rules for the BIG-IQ instance, and one inbound rule for the BIG-IP instance.

Group Name Group Description Rule Name Source Port
allow-only-ssh-https-ping Allow only SSH, HTTPS, or PING Outbound SSH 0.0.0.0/0 22 (SSH)
    Outbound HTTPS 443 0.0.0.0/0 443 (HTTPS)
    Inbound HTTPS 0.0.0.0/0 443 (HTTPS)
Installing requisite BIG-IQ components onto your managed BIG-IP devices results in a REST framework that supports the required Java-based management services. You must perform this installation task on each device before you can discover it.
Important: When you run this installation script, the traffic management interface (TMM) on each BIG-IP device restarts. Before you run this script, verify that no critical network traffic is targeted to the BIG-IP devices.
  1. Log in to the BIG-IQ system terminal as the root user.
  2. Establish SSH trust between the BIG-IQ system and the managed BIG-IP device. ssh-copy-id root@<BIG-IP Management IP Address> This step is optional. If you do not establish trust, you will be required to provide the BIG-IP system's root password multiple times.
  3. Navigate to the folder in which the files reside. cd /usr/lib/dco/packages/upd-adc
  4. Run the installation script.
    • For devices installed in an Amazon EC2 environment: ./update_bigip.sh -a admin -p <password> -i /<path_to_PEM_file> <BIG-IP Management IP Address>
    • For devices installed in any other environment: ./update_bigip.sh –a admin –p <password> <BIG-IP Management IP Address>
    Where <password> is the administrator password for the BIG-IP device.
  5. Revoke SSH trust between the BIG-IQ system and the managed BIG-IP device. ssh-keygen –R <BIG-IP Management IP address> This step is not required if you did not establish trust in step 2.
Important: Before you begin using this BIG-IQ Cloud in a production capacity, depending on your security policies, you will likely want to stop using the security group rules that you added as prerequisite to this task.

Discovering devices

After you license and perform the initial configuration for the BIG-IQ system, you can discover BIG-IP devices running version 11.3 or later. For proper communication, you must configure each F5 device you want to manage with a route to the BIG-IQ system. If you do not specify the required network communication route between the devices, device discovery will fail.

For devices located in a third-party cloud (such as EC2, OpenStack, and VMware), you must configure BIG-IQ Cloud with DNS so it can resolve the endpoint by name. You access this setting by clicking System > Overview > Services.

Important: Before you can discover a device, you must first install the required BIG-IQ components on that device.

You discover a device by providing BIG-IQ Cloud with the device's IP address, user name, and password.

  1. Hover on the Devices header, and click the + icon when it appears. The panel expands to display the New Device properties.
  2. For devices on the same subnet as the BIG-IQ system, in the IP Address field, specify the IP address of the device:
    • For devices in your local network, or located on an OpenStack or VMware cloud device, type the device's internal self IP address.
    • For devices located on Amazon EC2 cloud, type the device's external self IP address.
    You cannot discover a BIG-IP device using its management IP address.
  3. If the BIG-IQ system and the BIG-IP device are on different subnets, you must create a route:
    1. Use SSH to log in to the BIG-IQ system's management IP address as the root user.
    2. Type the following command: tmsh create net route <route name> {gw <x.x.x.x> network default}
    Where <route name>is a user-provided name to identify the new route and <x.x.x.x> is the IP address of the default gateway for the internal network.
  4. For devices on the same subnet as the BIG-IQ system, in the IP Address field, specify the IP address of the device:
    • For devices in your local network, or located on an OpenStack or VMware cloud device, type the device's internal self IP address.
    • For devices located on Amazon EC2 cloud, type the device's external self IP address.
    You cannot discover a BIG-IP device using its management IP address.
  5. If the BIG-IQ system and the BIG-IP device are on different subnets, you must create a route:
    1. Use SSH to log in to the BIG-IQ system's management IP address as the root user.
    2. Type the following command: tmsh create net route <route name> {gw <x.x.x.x> network default}
    Where <route name>is a user-provided name to identify the new route and <x.x.x.x> is the IP address of the default gateway for the internal network.
  6. In the User Name and Password fields, type the administrator user name and password for the managed device.
  7. Select the Auto Update Framework check box to direct the BIG-IQ system to perform any required REST framework updates on the BIG-IP device. For the BIG-IQ system to properly manage a BIG-IP device, the BIG-IP device must be running the most recent REST framework. If you do not select the Auto Update Framework check box before you click the Add button, a message displays prompting you do update the framework or cancel the task.
  8. Click the Add button.
BIG-IQ system populates the properties of the device that you added, and displays the device information in the Devices panel.

Adding devices located in a third-party cloud

After you license and perform the initial configuration for the BIG-IQ system, you can discover BIG-IP devices running version 11.3 or later. For proper communication, you must configure each F5 device you want to manage with a route to the BIG-IQ system. If you do not specify the required network communication route between the devices, device discovery will fail.

For devices located in a third-party cloud (such as EC2, OpenStack, and VMware), you must configure BIG-IQ Cloud with DNS so it can resolve the endpoint by name. You access this setting by clicking System > Overview > Services.

Important: Before you can discover a device, you must first install the required BIG-IQ components on that device.

You discover a device in a third-party cloud by specifying a connector, selecting a device's image, and providing a user name and password for that device.

  1. Hover on the Devices header, and click the + icon when it appears. The panel expands to display the New Device properties.
  2. Select the Create a device option.
  3. From the Cloud Connector list, select the connector associated with the device you are adding.
  4. From the Device Image list, select an image for the device you are creating.
  5. If the BIG-IQ system and the BIG-IP device are on different subnets, you must create a route:
    1. Use SSH to log in to the BIG-IQ system's management IP address as the root user.
    2. Type the following command: tmsh create net route <route name> {gw <x.x.x.x> network default}
    Where <route name>is a user-provided name to identify the new route and <x.x.x.x> is the IP address of the default gateway for the internal network.
  6. In the User Name and Password fields, type a user name and password for this device.
  7. Click the Add button.
BIG-IQ system populates the properties of the device that you added, and displays the device information in the Devices panel.

Viewing device inventory details

You can view detailed data about the managed devices in your network. Information includes associated IP addresses, platform type, license details, software version, and so forth. In addition to viewing this information, you can also export it to a CSV file and edit the data as required to create reports for asset management.

  1. To display the details for all managed devices, verify that the filter field at the top of the screen is clear, and then click the show details ( |> ) button in the Devices panel header. The panel expands to display the details for all of the managed devices.
  2. To view the details for a specific device, click the device listed in the Device panel, and then click the change view button in the panel header. The screen refreshes to display the details for the selected device.
  3. To export the data to a CSV file, click the Export button on the device details screen.
You can modify the report as required in Microsoft Excel.