Applies To:

Show Versions Show Versions

Release Note: BIG-IQ Cloud, 4.3.0
Release Note

Original Publication Date: 03/04/2014


This release note documents version 4.3.0 of BIG-IQ Cloud.


Product description

Cloud administrators can use BIG-IQ Cloud to supply tenants with on-demand access to resources such as networks, servers, storage, applications, and services. These cloud resources can be located on BIG-IP devices in a private local network, a public third-party cloud service, or a combination of both.

Tenants have restricted and dedicated access to resources based on their unique tenant role and user account. Cloud space can be expanded, retracted, and reallocated to tenants as needed, providing flexible resource balancing.

Screen resolution requirement

To properly display, the BIG-IQ system requires that your screen resolution is set to 1280x1024 or higher.

Browser support

BIG-IQ Cloud supports the following browsers and versions:

  • Microsoft Internet Explorer version 9 and later
  • Mozilla Firefox version 18.x and later
  • Google Chrome version 18.x and later

User documentation for this release

For a comprehensive list of documentation that is relevant to this release, refer to the BIG-IQ 4.3.0 Documentation page.

Software installation

For procedures about specifying network options and performing initial configuration, refer to the BIG-IQ System: Licensing and Initial Configuration guide.

Upgrading BIG-IQ Cloud

Before you can upgrade the BIG-IQ system, you must perform the following tasks:

  • Download the .iso file for the upgrade from F5 Downloads to /shared/images on the BIG-IQ system. If you need to create this directory, use the exact name /shared/images.
  • Select a disk volume on which to install the upgrade. Do not select the volume on which you installed the previous version of BIG-IQ software.
  • Locate the user configuration set (UCS) in the /var/local/ucs directory on the source installation location, and copy the UCS file to another system for safe keeping.

Use this procedure to upgrade BIG-IQ systems.

Warning: These procedures require that the BIG-IQ system is temporarily unavailable and unable to manage BIG-IP devices until the upgrade is complete. BIG-IP devices can continue to manage traffic during this time.

If you have configured the BIG-IQ system in a high availability cluster, perform these steps on each BIG-IQ system in the cluster in immediate succession. It is important to get the cluster members on the same software version as quickly as possible to avoid potential user experience issues.

  1. Log in to BIG-IQ system with your administrator user name and password.
  2. At the top of the screen, click System > Overview .
  3. Select License and click the Re-Activate button. The screen refreshes to display the activation keys.
  4. Click the Activate button. The BIG-IQ system license reactivates and the screen refreshes to display the license details.
  5. Log in to the BIG-IQ system's command line with your root user name and password and type setdb liveinstall.saveConfig enable. This command prompts the BIG-IQ system to transfer your current configuration (including self IP addresses, host names, devices discovered, and so forth) to the new volume.
  6. Type the following command where <image name> is the name of the .iso file you downloaded, and <volume name> is the volume to which you want to install the file on BIG-IQ system. tmsh install sys software image <image name> volume <volume name> reboot The installation will take a few minutes and BIG-IQ reboots after completion.
  7. Log back in to the BIG-IQ system's command line with your root user name and password and type bigstart restart restjavad to restart the required Java workers.
  8. Log in to the BIG-IQ system with your administrator user name and password.
  9. On the Device panel, click the properties icon for each device.
  10. If a Discovery Failed message displays:
    1. Type the device's administrator user name and password.
    2. Click the Save button. This step is required only if you are upgrading from a version prior to BIG-IQ version 4.2.
    The BIG-IQ system rediscovers managed devices in your network.
If configured in high availability cluster, repeat these steps on each additional BIG-IQ system to complete the upgrade process.

New features

High availability cluster

You can configure BIG-IQ Cloud in a high availability cluster to support multiple layers of redundancy, and partitioning of application traffic.

Self-service access to SSL certificates

BIG-IQ Cloud now provides tenants with self-service access to SSL certificates. These certificates can be deployed on demand to managed BIG-IP devices as required by applications.


Issue Description
ID 427485 Customized templates now properly display in the Catalog panel.
ID 439026 The BIG-IQ system can now search for IPv6 addresses within a subnet.
ID 439676 Imported OpenStack images now properly display in the Server panel, even if you imported the image after you created the associated connector.
ID 440644 If an error occurs when adding a BIG-IQ system to a high availability configuration, the BIG-IQ system now displays an error message.
ID 440821 The benign message, "The name of the threshold is null" no longer displays in the Activities panel when an elasticity threshold is met for either expansion or contraction of resources.
ID 440945 In the Server panel, when you hover over the name of a server that is in an error state, the reason for the error now properly displays.
ID 441053 When BIG-IQ Cloud is configured with server elasticity enabled, the deployed application now populates with the proper number of servers for the tenant in the Servers panel when expansion is required.
ID 441064 Previously-discovered BIG-IP devices now properly display after you upgrade BIG-IQ Cloud.
ID 448605 You can now create qkview reports with more than 3GB of files in the BIG-IQ system's /var/config/rest/storage directory.

Known issues

Issue Description Workaround (if available)
417874 If a tenant does not remove all applications from a device before an administrator deletes the device, those applications remain associated with it. If the device is re-discovered, the applications persist and display for the tenant, but are not available for deployment. You cannot remove these applications through the user interface. To avoid this situation, administrators must first ask tenants to remove applications before the administrator tries to delete a device on which those applications exist. Then, to remove orphaned applications, log in to the managed device with the administrator user name and password, and delete them.
417871 When a user is logged in as administrator, newly-deployed VMware vShield applications do not display in the BIG-IQ Cloud Application panel, and the associated servers do not appear in the Servers panel.  To work around this issue, refresh the BIG-IQ Cloud browser twice; the first refresh updates the Application panel, the second refresh updates the Servers panel.
417179 If an application shares a server, and you select an application from the Application panel, the associated servers do not display properly in the Server panel. To avoid this issue, do not share servers between multiple applications.
417165 If the health of a cloud connector changes, BIG-IQ Cloud does not immediately display the change in the Connector panel. To view the current health of a cloud connector, refresh your browser.
440333 If you delete a BIG-IQ system from a high availability active-active pair, then add the same BIG-IQ system back to the same, or to another high availability pair, data between the devices no longer synchronizes. After you delete a BIG-IQ system from a high availability active-active pair, create a backup to the BIG-IQ system. Then reset the system to factory settings by typing the following command on that device: bigstart stop restjavad && rm -rf /var/config/rest && bigstart start restjavad. Then, you can add it as a new backup in a high availability pair, and they will properly synchronize.
435629 When two BIG-IQ 7000 Platform devices are configured in a high availability pair, communication may only work in one direction between the two devices. This is exhibited by the following behavior: -- Device A is marked as standby, and reports its peer as active. -- Device B is marked as active, and reports its peer as down. If this occurs, high availability functionality does not work correctly. Device B will always assume Device A is down, so it will always remain active. To work around this issue, you must re-initialize the certificates. If resetting the configuration to factory settings is an option, type the following commands on each device: bigstart stop restjavad; rm -rf /shared/em/ssl.crt/*.*; rm -rf /shared/em/ssl.key/*.*; rm -rf /var/config/rest/storage; rm -rf /var/config/rest/index/; bigstart start restjavad . If you cannot clear the configuration, perform the following steps on each device: 1) On the High Availability panel, delete the HA peer, and associated devices. 2) From the command line, type the following command to delete the local device: curl -X DELETE http://localhost:8100/shared/resolver/device-groups/cm-shared-all-big-iqs/devices 3) To remove the existing certificates and restart the service, type the following commands on each device: bigstart stop restjavad; rm -rf /shared/em/ssl.crt/*.*; rm -rf /shared/em/ssl.key/*.*;bigstart start restjavad
426708 When a BIG-IQ system in a high availability active-standby configuration fails over to the peer system, the formerly active BIG-IQ system incorrectly displays in the devices panel as a managed device. To work around this issue, from the active BIG-IQ system delete the BIG-IQ system from the managed devices list. You may receive a benign error.
426320 Discovering a device, such as declaring management authority or setting a peer device, fails with the following error: Unable to discover the device to be managed, reason: You cannot discover device [IP ADDRESS] through group [YOUR GROUP] because that group does not contain local host. Refer to SOL14593: "Device discovery may fail due to local host discovery failure" for information about how to work around this issue.  
437741 If you do not discover devices using a self IP address on VLAN named "internal" on the BIG-IQ system and the managed BIG-IP device, you receive this message while logged to the BIG-IP restjavad.0.log. every minute for each system and device. "[8100/shared/identified-devices IdentifiedDevicesWorker][failed] Status code:401" To work around this issue, you must configure an internal VLAN and self IP address for the BIG-IQ system and all managed devices.
431398 When you are booting the BIG-IQ system, it may display the following warning in the console or logs: "SKIPPING unix_config_httpd: /defaults/config/templates/xui.tmpl doesn't exist!!!" This message is benign and has no impact on the BIG-IQ system's functionality. You can ignore this benign message.
416114 When deploying an application from VMware vShield, the name in the tenant ID field must match the (case sensitive) tenant name that was specified on BIG-IQ Cloud. If the same (case sensitive) name is not used, the application fails to deploy. To work around this issue, use the exact same (case sensitive) name for the VMware vShield tenant ID and the tenant on BIG-IQ Cloud.
416870 If a vShield Manager or vCloud Director user explicitly removes the BIG-IQ Cloud registration, the VMware cloud connector for that VMware product continues to display in the Connector panel, but as unhealthy. To work around this issue, log in to BIG-IQ Cloud as administrator, navigate to the properties screen for the VMware connector, and click the Delete button.
449642 After rebuilding or upgrading a BIG-IQ system, REST Java workers may become unresponsive. When this occurs, the following error displays in the /var/log/restjavad.0.log file: [WARNING][50438][20 Feb 2014 17:34:58 UTC][8100/shared/authz/tokens AuthTokenWorker][dispatchOrQueueSynchronized] Queue limit exceeded for worker To resolve this issue, log in to the BIG-IQ system's command line with your root user name and password and type bigstart restart restjavad to restart the required Java workers.

After upgrading or restarting a BIG-IQ system, the login screen displays, but when you attempt to log in, an invalid user credentials error displays.

To work around this issue, clear the browser cache and refresh. (You may have to refresh several times.) When the login screen properly displays the hostname of the BIG-IQ server, log back in.
449969 When you attempt to discover a device that has the "Update Automatically" check box selected for the Auto Update Framework setting, the discovery process may result in an HTTP error. To work around this issue, log out and log back in to the BIG-IQ system or, manually update the REST framework. For instructions, refer to the “Installing required BIG-IQ components onto BIG-IP devices ” chapter of the "BIG-IQ Device: Device Management" guide.
4499991 For the BIG-IQ 7000 platform, when the source port and destination port are the same, traffic (such as NTP) initiated from the (NTP) host may direct the response incorrectly. This results in a dropped response. The only way to work around this issue is to specify a different port number for the source and destination port.
450378 You cannot install the required BIG-IQ system components on BIG-IP devices running version 11.5 from the user interface, because of a BIG-IP version 11.5 compatibility issue with the BIG-IQ system. Furthermore, if you attempt to discover a BIG-IP version 11.5 device before you manually install the required BIG-IQ components onto the device, discovery fails, without an error, even if you selected the Auto Update Framework. To properly discover and manage a BIG-IP device running version 11.5, you must manually update the required framework. For instructions, refer to the “Installing required BIG-IQ components onto BIG-IP devices ” chapter of the "BIG-IQ Cloud: Cloud Management" guide.

Removing BIG-IQ system services from a BIG-IP device

To manage a BIG-IP device using the BIG-IQ system, you must install specific BIG-IQ system components onto that device using the procedure outlined in the Device Resource Management chapter of the BIG-IQ Cloud: Cloud Management guide. In the event that you have to remove these services for any reason, use this procedure.
  1. Log in to the command line of the BIG-IP device.
  2. Stop any running BIG-IQ system services.
    Note: The msgbusd service might not be installed. You can use the bigstart status command to see if it is running.

    $ bigstart stop restjavad

    $ bigstart stop msgbusd

  3. Remove the RPM packages related to the BIG-IQ system:

    mount -o remount,rw /usr

    rpm -qa | grep f5-rest-java | xargs rpm -e --nodeps

    rpm -qa | grep msgbusd | xargs rpm -e  --nodeps

    mount -o remount,ro /usr

    This removes the BIG-IQ system components from the BIG-IP device, including the F5-contributed cloud connector iApp template (cloud_connector.tmpl).

  4. Optional: Reinstall the F5-contributed cloud connector iApp template:
    1. Download the cloud_connector.tmpl iApp template from F5 DevCentral,
      Note: You need an account to access the DevCentral site.
    2. Unzip the file, and on the BIG-IP system, upload the file to the /var/local/app_template directory.
    3. Install the template with this command: tmsh load / sys application template cloud_connector.tmpl

Contacting F5 Networks

Phone: (206) 272-6888
Fax: (206) 272-6802

For additional information, please visit

Additional resources

You can find additional support resources and technical documentation through a variety of sources.

F5 Networks Technical Support

Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.


AskF5 is your storehouse for thousands of solutions to help you manage your F5 products more effectively. Whether you want to search the knowledge base periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.

F5 DevCentral

The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.

AskF5 TechNews

Weekly HTML TechNews
The weekly TechNews HTML email includes timely information about known issues, product releases, hotfix releases, updated and new solutions, and new feature notices. To subscribe, click TechNews Subscription, complete the required fields, and click the Subscribe button. You will receive a confirmation. Unsubscribe at any time by clicking the Unsubscribe link at the bottom of the TechNews email.
Periodic plain text TechNews
F5 Networks sends a timely TechNews email any time a product or hotfix is released. (This information is always included in the next weekly HTML TechNews email.) To subscribe, send a blank email to from the email address you are using to subscribe. Unsubscribe by sending a blank email to

Legal notices

Was this resource helpful in solving your issue?

NOTE: Please do not provide personal information.

Additional Comments (optional)