Applies To:
Show Versions
BIG-IQ ADC
- 4.5.0
BIG-IQ Cloud
- 4.5.0
BIG-IQ Device
- 4.5.0
BIG-IQ Security
- 4.5.0
Overview: BIG-IQ system
The BIG-IQ system is a tool that streamlines the management of F5 devices in your network. Because it is based on the same platform as BIG-IP devices, it includes full product support, security patches, and internal and external security audits (AuthN and AuthZchecks). The specific functionality offered is dependent on your software license.
Cloud administrators use BIG-IQ Cloud to provide cloud tenants self-service access to shared computing resources such as networks, servers, storage, applications, and services. Cloud resources can be private or public, depending on the customer's requirements. Each tenant has restricted and dedicated access to cloud resources based on a specific user account or tenant role, ensuring that tenants have access only to their own resources. Cloud resources are easily expanded and reallocated as needed, providing flexible resource balancing.
Firewall managers use BIG-IQ Security to manage security firewalls for multiple devices from a central location. Firewall management includes discovering, editing, and deploying firewall configurations, as well as consolidating shared firewall objects. Once a firewall device is designated for central management, it is no longer managed locally unless there is an exceptional need.
Web-Application Security managers also use BIG-IQ Security to centrally manage policy files and attack-signature files. Multiple BIG-IP devices can share the same policy and attack-signature files for filtering HTTP, HTTPS, and other web traffic for known attack patterns.
Network administrators use BIG-IQ Device to interact with all of the managed F5 devices in their network. This centralized management includes the ability upgrade F5 devices, update configurations, and reallocate licenses as needed.
BIG-IQ Application Delivery Controller (ADC) offers you the flexibility to deploy software images, and configurations, and monitor and distribute licenses and license pools for managed BIG-IP devices.
Additional resources and documentation for BIG-IQ systems
You can access all of the following BIG-IQ system documentation from the AskF5 Knowledge Base located at http://support.f5.com/.
| Document | Description |
|---|---|
| BIG-IQ Systems Virtual Editions Setup guides | BIG-IQ Virtual Edition (VE) runs as a guest in a virtual environment using supported hypervisors. Each of these guides is specific to one of the hypervisor environments supported for the BIG-IQ system. |
| BIG-IQ System: Licensing and Initial Setup | This guide provides the network administrators with basic BIG-IQ system concepts and describes the tasks required to license and set up the BIG-IQ system in their network, including how to add users and assign roles to those users. |
| BIG-IQ Device: Device Management | This guide provides details about how to deploy software images, licenses, and configurations to managed BIG-IP devices. |
| BIG-IQ Cloud: Cloud Administration | This guide contains information to help a cloud administrator manage cloud resources, devices, applications, and tenants (users). |
| BIG-IQ Cloud: Tenant User Guide | This guide contains information to help tenants manage applications. |
| BIG-IQ Application Delivery Controller: Administration | This guide provides details about how to centrally manage BIG-IP Local Traffic Manager applications. |
| BIG-IQ Security: Administration | This guide contains information used to centrally manage BIG-IP firewalls, policies, rule lists (as well as other shared objects), and users. |
| Platform Guide: BIG-IQ 7000 Series | This guide provides information about setting up and managing the BIG-IQ 7000 hardware platform. |
| Release notes | Release notes contain information about the current software release, including a list of associated documentation, a summary of new features, enhancements, fixes, known issues, and available workarounds. |
| Solutions and Tech Notes | Solutions are responses and resolutions to known issues. Tech Notes provide additional configuration instructions and how-to information. |
About incorporating BIG-IQ system securely into your network
To successfully manage devices in your network, including BIG-IQ peer systems, the BIG-IQ system requires communication over HTTPS port 443. The BIG-IQ administrator can provide fine-grained access to various roles, which are verified by authorization checks (AuthN and AuthZ). Authenticated users have access only to the resources explicitly granted by the BIG-IQ administrator. Additional security is provided through bidirectional trust and verification through key and certificate exchange and additional support for LDAP and RADIUS authentication.
Open ports required for device management
The BIG-IQ system requires bilateral communication with the devices in your network in order to successfully manage them. For this communication, the following ports are open by default to allow for the required two-way communication.
| Open Port | Purpose |
|---|---|
| TCP 443 (HTTPS) | Discovering, monitoring, and configuring managed devices |
| TCP 443 (HTTPS) and TCP 22 (SSH) | Upgrade BIG-IP devices running version 11.3-11.6 |
| TCP 443 (HTTPS) | Upgrade BIG-IP devices running version 12.0 |
| TCP 443 (HTTPS) | Replicating and synchronizing BIG-IQ systems |
