F5 Logo MyF5
Search
  1. MyF5 Home
  2. Knowledge Centers
  3. Enterprise Manager
  4. Enterprise Manager: Getting Started Guide
  5. Initial Setup and Configuration
Manual Chapter : Initial Setup and Configuration

Applies To:

Show Versions Show Versions

Enterprise Manager

  • 3.1.1
Manual Chapter
Table of Contents | << Previous Chapter | Next Chapter >>

Overview: Initial setup tasks and device discovery

After you configure one or more F5 devices in your network and determine how you want to incorporate Enterprise Manager, you can perform specific tasks to complete the initial setup of the Enterprise Manager and discover devices in your network.

Task summary

Activating the Enterprise Manager license

To activate the system's license, you must have access to the command line and the base registration key. The base registration key is a character string that the license server uses to verify the type and number of F5 Networks products that you are entitled to license. If you do not have a base registration key, contact the F5 Networks sales group (http://www.f5.com).
You license the system from the License screen of the Setup Utility.
  1. From a workstation attached to the network on which you configured the management interface, type the following URL syntax where <management_IP_address> is the address you configured for device management: https://<management_IP_address>.
  2. At the login prompt, type the default user name admin, and password admin, and click Log in. The Setup utility screen opens.
  3. Click Activate. The License screen opens.
  4. In the Base Registration Key field, paste the registration key.
  5. Click Next. The End User License Agreement (EULA) displays.
  6. Review the EULA. When you click Accept, the Platform screen opens.

Specifying initial configuration settings

You specify the initial configuration settings from the Setup Utility Platform screen.

  1. For the Management Port Configuration setting, select Manual.
  2. For the Management Port setting, type the IP address, network mask, and the management route.
  3. In the Host Name field, type a fully-qualified domain name (FQDN) for the system. The FQDN can consist of letters, numbers, and/or the characters underscore ( _ ), dash ( - ), or period ( . ).
  4. For the Host IP Address setting, retain the default value of Use Management Port IP Address.
  5. For the High Availability setting, select an option. Keep in mind that this high availability functionality is different than this device service clustering configuration of a BIG-IP system. Here, the high availability feature provides access to a current backup of the system's configuration. Review the considerations before selecting this option.
  6. From the Time Zone list, select the time zone for this system.
  7. For the Root Account setting, type and confirm a password for the root account. The root account provides console access only.
  8. For the Admin Account setting, type and confirm a password.
  9. For the SSH Access setting, select or clear the check box.
  10. For the SSH IP Allow setting, specify a range of addresses.
  11. Click Next. The system terminates your login session.
  12. Log in to the system again using the new password that you specified. The Network screen opens.
Tip: If you need to reconfigure any of the basic configuration settings, you can click the Run the Setup Utility link from the Configuration utility's Welcome screen. To access the Welcome screen, click the About tab.

Configuring a standard network

After you specify the initial configuration settings and when you click Next from the Network screen, the Basic Network Configuration wizard screen opens.
You perform these steps to continue through the configurations screens, and specify the settings for the internal and external VLANs. For additional information about the settings on these screens, click the Help tab.
  1. Select an option for high availability:
    Option Description
    To use Enterprise Manager in a high availability configuration Select the Config Sync and High Availability check boxes, and select an option for the Failover Method setting
    If you are not using Enterprise Manager in a high availability configuration Clear the Config Sync and High Availability check boxes
    If you choose to use Enterprise Manager in a high availability configuration, you must review the considerations and prepare your network for a high availability configuration.
  2. Click Next. This displays the screen for configuring the default VLAN internal.
  3. For the Self IP setting, in the Address and Netmask fields, type the IP addresses specific to the Enterprise Manager system.
  4. For the Port Lockdown setting, retain the default Allow Default to ensure that the required ports are open for communication between the Enterprise Manager and the managed devices.
  5. For the VLAN Interfaces settings, you can specify the interfaces you want this VLAN to use for traffic management.
  6. Click Next. The external VLAN screen opens.
  7. For the Self IP setting, in the Address and Netmask fields, type the IP addresses specific to the Enterprise Manager system.
  8. For the Port Lockdown setting, retain the default Allow Default to ensure that the required ports are open for communication between the Enterprise Manager and the managed devices.
  9. For the VLAN Tag ID option, retain the default auto to allow Enterprise Manager to select one for you, or type a value in the field between 1 and 4094.
  10. In the Default Gateway field, type the IP address or route of the default gateway.
  11. For the VLAN Interfaces settings, you can specify the interfaces you want this VLAN to use for traffic management.
  12. If you are configuring a high availability system, click Next. Otherwise, click Finished to save this configuration.

About using Enterprise Manager in a high availability configuration

Using Enterprise Manager in a high availability configuration (optional) is different than a BIG-IPdevice service clustering configuration. The main function of Enterprise Manager in a high availability configuration is to provide a warm backup of an active system. A warm backup is a standby peer system on which you duplicate the configuration information of the active Enterprise Manager, and can perform all of the functions of its peer, but requires manual intervention to maintain the integrity of the backup configuration information.

When Enterprise Manager is configured for high availability, you back up the Enterprise Manager configuration (including device, alert, archive, certificate, and software repository information) to a standby system. In the event that the active system becomes unavailable, you can fail over to that system.

Important: You must perform regular backups of the active system to the standby system to maintain the integrity of its configuration.

Considerations for Enterprise Manager in a high availability configuration

The high availability features for Enterprise Manager are not the same as the device service clustering feature associated with a BIG-IP system. Before using Enterprise Manager in a high availability configuration, it is important to review these considerations and details.

Consideration Details
You must use Enterprise Manager only in active-standby mode for high availability. When you specify the high availability settings during the initial configuration, use the active-standby configuration and not the active-active configuration.
The high availability system for Enterprise Manager works differently than the device service clustering feature for the BIG-IP system. Enterprise Manager does not automatically synchronize, in real time, user-configured or scheduled tasks (such as a software installation or archiving tasks). After a failover, the newly active system maintains the last known configuration before any user-initiated or scheduled task if the systems were properly synchronized. For a successful failover, you must run a ConfigSync operation after each major configuration change.
Enterprise Manager contains all of the configuration details for managed devices in your networks, so there is more information to synchronize with its peer. Therefore, the ConfigSync process for an Enterprise Manager high availability configuration is considerably longer than a similar synchronization process on a BIG-IP device. The ConfigSync task might display as complete before the process has finished. To verify synchronization after you start a ConfigSync task, check the status of the target device to which you are copying the configuration. If a maintenance task appears in the task list, the ConfigSync task is not complete.
If a task is running during a failover, the task does not continue when the standby peer becomes the active peer. If you discover a task was running at the time you ran the ConfigSync task, you must re-start that task on the peer when it becomes active.
You cannot make configuration changes to Enterprise Manager when it is in standby mode, such as adding devices, importing software, or configuring alerts on the standby device. If you attempt to make a configuration change to Enterprise Manager when it is in standby mode, you will receive an error. To ensure that you do not initiate tasks on a standby system, check for an Active or Standby status message in the upper left corner of the screen.

Preparing your network for a high availability Enterprise Manager system configuration

For two peer systems to properly communicate information about managed devices, you must complete these preparation steps before you start configuring initial settings for the high availability system.
  1. Configure at least one static self IP address (instead of using the MGMT interface) to connect to devices. This is required because a TMM port can support both static and floating self IP addresses. A floating self IP address is necessary to ensure that the managed devices can communicate with the active device of the Enterprise Manager high availability system configuration.
  2. Create at least one floating (shared) self IP address on the same network.
  3. Configure a default gateway (or route) on the same network as each of the two self IP addresses that you configured.
Your network is now prepared for you to configure Enterprise Manager in a high availability configuration.

Specifying high availability configuration options

Before configuring Enterprise Manager as a high availability system, you must license the system and then, on the same network, configure self IP addresses and a gateway or route. You must also be aware of the differences between a high availability configuration for Enterprise Manager and the device service clustering configuration for BIG-IP.

Use the following steps to specify the options for the each system in a high availability pair.
  1. From the High Availability Wizard Options screen, for the High Availability setting, select an option. The high availability options and screens apply only if you selected to use Enterprise Manager in a high availability network configuration on the first screen of the Setup Utility, and after you have specified the settings for your VLAN configurations. If you have already run the Setup utility previously, you can re-access the High Availability Wizard screen from the About tab, by clicking Run the Setup Utility and select the Standard Configuration option.
  2. Click Next.
  3. For the Self IP setting, in the Address and Netmask fields, type the internal IP addresses specific to the Enterprise Manager system.
  4. For the VLAN Tag ID setting, retain the default auto to allow Enterprise Manager to select one for you, or type a value in the field between 1 and 4094.
  5. For the VLAN Interfaces setting, specify the interfaces you want this VLAN to use for configuration synchronization.
  6. Click the Next button.
  7. For the Self IP setting, in the Address and Netmask fields, type the external IP addresses specific to the Enterprise Manager system.
  8. For the VLAN Tag ID setting, retain the default auto to allow Enterprise Manager to select one for you, or type a value in the field between 1 and 4094.
  9. For the VLAN Interfaces setting, specify the interfaces you want this VLAN to use for management.
  10. Click the Next button.
  11. For the Self IP setting, in the Address and Netmask fields, type the IP addresses specific for the high availability VLAN.
  12. For the VLAN Tag ID setting, retain the default auto to allow Enterprise Manager to select one for you, or type a value in the field between 1 and 4094.
  13. For the VLAN Interfaces setting, specify the interfaces you want this VLAN to use for high availability.
  14. From the Local Address list, select the local IP address that you want the system to use for ConfigSync operations.
  15. Click the Next button.
  16. Select the check box for the system that you want to use for ConfigSync or failover.
  17. To send multicast messages associated with configuration synchronization:
    1. Select the Use Failover Multicast Address check box.
    2. Review the multicast address settings and click the Next button. The Mirroring configuration screen opens.
  18. Review the settings and click the Next button.
  19. Click the Next button, then log in to the peer Enterprise Manager system and run the Setup Utility to specify the configuration options for the peer system.
After you run the Setup Utility for the second system in the high availability pair, click the Finished button. When you perform the discovery task, the peer systems in the high availability pair will become associated with each other.

Automatically synchronizing configurations for a high availability pair

When you have Enterprise Manager configured in a high availability pair, it is important to perform regular synchronization. An effective way to do this is to schedule a configuration synchronization to occur on a regular basis, at a time that will not impact device management activities.
  1. On the Main tab, click Device Groups > . The Device Groups screen opens.
  2. Click the name of the device group.
  3. To include the local statistics database in the configuration synchronization, select the Enabled check box. If you have a remote database configured, you cannot synchronize the database with the peer Enterprise Manager.
  4. From the Scheduled ConfigSync list, select an option to specify the interval at which you want to synchronize the configuration with the peer Enterprise Manager.
  5. For the Start Time options, select the time you want the configuration synchronization to occur.
  6. Depending on whether you selected an option to synchronize the configurations as weekly or monthly, select an option from the Day of the Week or the Day of the Month list.
  7. Click the Update button.
Enterprise Manager will synchronize with the peer in the high availability configuration at the specified interval.

About device discovery and communication

Before you can use Enterprise Manager to manage devices in your network, you must add the devices to the device list. For BIG-IP devices in your network, you can use the discovery process to search specific IP addresses or IP subnets in your network, and add those devices to Enterprise Manager. Discovery is the process by which Enterprise Manager successfully logs on to available devices with an administrator user name and password that you supply. If Enterprise Manager succeeds in logging on to devices that it discovers, it adds those devices to the list on the Device List screen.

You can discover devices either by scanning your network for specific IP addresses, or importing a file that contains a list of all of the IP addresses, user names, and passwords for the devices you want to discover.

Important: To perform discovery, you must have administrator privileges with root access for the Configuration utility. To successfully discover devices and receive the user name and password combination, the device must have an active SSL server listening for traffic on port 443.

Discovering devices by scanning your network

After you license and perform initial configuration for the system, you can scan your network to discover F5 devices.

When you discover devices, you establish a secure communication between the system and managed devices by exchanging public keys.

Important: To have full access to the functionality of the analytics and iControl proxy features, you must use the device´s self IP address for device discovery.
  1. On the Main tab, click Enterprise Management > Devices > Device List.
  2. Click the Discover button.
  3. For the Scan Type setting, select one of the following options:
    Option Description
    Address List Select this option if you know the IP addresses specific of the devices that you want to discover.
    Subnet Select this option if you want to use the IP address and netmask of the subnet to scan your network for devices to discover.
    The screen refreshes to display settings specific to the selected option.
  4. If you selected the Address List option, perform the following steps:
    1. In the User Name and Password fields, type a user name and password to use to log on to the discovered device.
    2. Click Add.
  5. If you selected the Subnet, option perform the following steps:
    1. In the IP Address field, type the device IP address.
    2. In the Network Mask field, type the netmask that you want to use when searching the network. You can search by class B or C network.
    3. In the User Name and Password fields, type a user name and password to use to log on to each device discovered in the subnet.
  6. Click the Discover button. The Task Properties screen opens and discovered devices appear below the Properties area. The list refreshes until all specified devices are discovered, or until you click Cancel Pending Items.

Discovering devices through importation

After you license and perform initial configuration for Enterprise Manager, you can discover F5 devices.

If you have a large number of devices, instead of typing the information required to scan your network, you can import a file in comma-separated values format (CSV) from your local system that contains the IP addresses, user names, and passwords of the devices that you want to discover.

Important: To have full access to the functionality of the analytics and iControl proxy features, you must use the device´s self IP address for device discovery.
  1. Create a CSV file that contains, for each device that you want to discover, the following information: <device IP address>,<username><password> Use one line per device entry. For example: 10.10.10.1,admin,pass001 10.10.10.2,admin,pass002 10.10.10.3,admin,pass003 10.10.10.4,admin,pass004 10.10.10.5,admin,pass005
  2. Save the file you created with a .csv extension.
  3. On the Main tab, click Enterprise Management > Devices > Device List. The Device List screen opens.
  4. Click the Discover button.
  5. Click the Import from File button.
  6. Click the Browse button and locate the .csv file that you created and saved.
  7. Click the Open button.
  8. Click the Import button. Enterprise Manager begins importing the specified devices.
The Task Properties screen opens and discovered devices appear below the Properties area. The list refreshes until all specified devices are discovered, or until you click Cancel Pending Items.

Troubleshooting communication from Enterprise Manager to a device

If a managed device cannot communicate with Enterprise Manager, the Device List page displays the message, Device cannot contact EM, in the Details column next to a device name. If this occurs, you can troubleshoot potential issues from the command line of the managed device.

  1. Log on to the managed device command line as the root user.
  2. Type the following command where <EM_address> is the IP address of the Enterprise Manager system: telnet <EM_address> 443. This command tests the ability of the managed device to communicate with Enterprise Manager on port 443.
Review the message returned, and take corrective measures to establish communication.

Changing the Enterprise Manager IP address on a device

For proper device management communication, the IP address for the Enterprise Manager must be correct on the managed device.
If you have determined that the IP address is not properly configured on a managed device, you can correct it and establish communication.
  1. On the Main tab, click Enterprise Management > Devices > Device List.
  2. In the Device list, click the device name of the device for which you want to verify communication. The Device Properties screen opens.
  3. From the Device Properties list, select Advanced. The screen refreshes to display additional device properties.
  4. In the EM Address field, type the correct IP address of the Enterprise Manager system.
  5. Click the Save Changes button.

Remotely linking to a managed device's interface

From Enterprise Manager, you can remotely link directly to a managed device's user interface. This saves you time, because you do not have to physically go to the managed device to change its configuration.
  1. On the Main tab, click Enterprise Management > Devices > Device List.
  2. Click the name of device that you want to access remotely. The device properties screen opens.
  3. On the menu bar, click Launch Pad.
  4. Click the Launch link adjacent to the access control type that you want to access.
You now have direct access to the managed device's interface.
Table of Contents | << Previous Chapter | Next Chapter >>
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5 Networks, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information