Manual Chapter :
Device Discovery and Basic Device Management
Applies To:
Show VersionsBIG-IQ Centralized Management
- 6.0.0
Device Discovery and Basic Device Management
How do I start managing BIG-IP devices from BIG-IQ?
To start managing a BIG-IP® device, you must add it to the BIG-IP
Devices inventory list on the BIG-IQ® system.
Adding a device to the BIG-IP Devices inventory is a two-stage process.
Stage 1:
- You enter the IP address, port (if other than default), and credentials of the BIG-IP device you're adding, and associate it with a cluster (if applicable).
- BIG-IQ opens communication (establishes trust) with the BIG-IP device.
- BIG-IQ discovers the current configuration for any selected services you specified are licensed on the BIG-IP system, like LTM® (optional).
Stage 2:
- BIG-IQ imports the licensed services configuration you selected in stage 1 (optional).
If you only want to do basic management tasks (like software upgrades, license management,
and UCS backups) for a BIG-IP device, you do not have to discover and import service
configurations.
Add BIG-IP devices to the BIG-IQ inventory
Before you can add BIG-IP devices to the
BIG-IQ inventory:
- The BIG-IP device must be located in your network and running a compatible software version. Refer to K14592 for more information.
- The management address of the BIG-IP device must be open (typically this is port 22 and 443), or any alternative IP address used to add the BIG-IP device to the BIG-IQ inventory. Ports 22 and 443 and the management IP address are open by default on BIG-IQ.
If you are running BIG-IP versions earlier than version 11.6.0,
you might need root user credentials to discover and add the device to the BIG-IP
devices inventory. You don't need root user credentials for BIG-IP devices running
versions 11.6.0 - 12.x.
A BIG-IP device running
versions 10.2.0 - 11.5.0 is considered a
legacy
device
, and cannot be discovered from BIG-IQ version 5.2. If you were
managing a legacy device in a previous version of BIG-IQ and upgraded to version
5.2, the legacy device displays as impaired with a yellow triangle next to it in the
BIG-IP Devices inventory. To manage it, you must upgrade it to version 11.5.0 or
later. For instructions, refer to the section titled, Upgrading a Legacy Device
.You add BIG-IP devices to the BIG-IQ system
inventory as the first step to managing them.
The ADC component is automatically included (first) any time you discover or import
services for a device.
- At the top of the screen, clickDevices.
- On the left, clickBIG-IP DEVICES.
- Click theAdd Devicesbutton.
- In theIP Addressfield, type the IPv4 or IPv6 address of the device.
- In thePortfield, type the management port for this BIG-IP device.The port number must be between 4 and 65535. In many cases, it's the default port 443.Chrome and Safari browsers don't allow access to web applications running on port 65535. So if you use port 65535 as the management port, you won't be able to access the BIG-IP device's interface from BIG-IQ when using Chrome or Safari. You can still discover and manage BIG-IP devices that are using port 65535.
- For the Shared Object Conflict Resolution Policy, select Use BIG-IQ to override the configuration settings stored on BIG-IQ with the settings from the BIG-IP device.Important: When you're importing more than one device at the same time keep in mind that they're re-imported in the order listed, from top to bottom. You can use the arrow keys to change the processing order. When you select Use BIG-IP to resolve conflicts, the BIG-IP device used to resolve those conflicts should appear last in the re-import list. If two or more BIG-IP devices contain the same object with different values, only the value in the last imported BIG-IP is used to resolve the conflict for all the BIG-IP devices.
- If this device is part of a DSC pair, for theCluster Display Namesetting, specify how to handle it:
- For an existing DSC pair, selectUse Existingfrom the list, and then select the name of your DSC group from the next list.
- To create a new DSC pair, selectCreate Newfrom the list, and type a name in the field.
For BIG-IQ to properly associate the two devices in the same DSC group, theCluster Display Namemust be the same for both members in a group.There can be only two members in a DSC group. - If this device is configured in a DSC pair, for theDeployment Settings, specify how to handle it:
- Initiate BIG-IP DSC sync when deploying configuration changes (Recommended): Select this option if this device is part of a DSC pair and you want this device to automatically synchronize configuration changes with the other member in the DSC group.
- Ignore BIG-IP DSC sync when deploying configuration changes: Select this option if you want to manually synchronize configurations changes between the two members in the DSC group.
- Click theAddbutton at the bottom of the screen.The BIG-IQ system opens communication to the BIG-IP device, and checks the BIG-IP device framework.The BIG-IQ system can properly manage a BIG-IP device only if the BIG-IP device is running a compatible version of the REST framework.
- If a framework upgrade is required, in the popup window, in theRoot User NameandRoot Passwordfields, type the root user name and password for the BIG-IP device, and clickContinue.
- If, in addition to basic management tasks (like software upgrades, license management, and UCS backups), you also want to centrally manage this device's configurations for licensed services, select the check box next to each service you want to discover, and then clickContinue.You can also select these service configurations after you add the BIG-IP device to the inventory.
- Click theAddbutton at the bottom of the screen.
BIG-IQ displays a discovering
message in the Services column of the inventory list.
If you discovered service configurations to
manage, you must import them.
Managing a device from the device properties screen
You can use a device's Properties screen to manage that device. You can log directly
in to the device, remotely reboot it, and create an instant backup of its
configuration. You can also view details about the managed device, such as:
- Host name
- Self IP Address
- Build Number
- Software Version
- Status
- Last Contact
- Boot Location
- Cluster Properties
- Create an instant backup of the device's configuration.
- Change the boot location of the device.
- Edit cluster properties.
- Log directly into the device from BIG-IQ.
- Reboot the device from BIG-IQ.
- Access details about the health of the device.
- Access statistics for the device (if applicable).
- Access services licensed for the device.
- At the top of the screen, clickDevices.
- Click the name of the device you want to view.The device Properties screen opens.
How can I organize the way devices display in BIG-IQ so they're easier to find and
manage?
To more easily manage a large number of BIG-IP® devices, you can organize
them into groups. The types of groups you can use are:
- Static groups
- Dynamic groups
A
static group
contains specific devices that you add to it, and those devices
stay in that group until you remove them. For example you might want to create a static group
named, Seattle
, and add all of the devices located in Seattle to it. In contrast, a
dynamic group
is basically a saved query on a group. For example,
if you created a static group that contained all of your managed devices located in Seattle and
you wanted to view only those devices running a specific application, you could create a dynamic
group with that filter. If one of the devices stops running the specified application, the device
no longer appears in that dynamic group.If you delete a managed BIG-IP device from the parent group, you see that change when you view
the dynamic group.
Creating a static group of managed devices
You must license and discover BIG-IP devices before you can place them into a group.
To more easily manage a large number of devices, you can organize them into groups.
For example, you could add devices to groups according to the running applications,
geographical location, or department.
- At the top of the screen, clickDevices.
- On the left, clickDEVICE GROUPS.
- Near the top of the screen, click theCreatebutton.
- In theNamefield, type the name you want to use to identify this group.You can change this name at any time, after you save this group.
- In theDescriptionfield, type a description for this group.For example,BIG-IP devices located in Seattle.You can change this description at any time, after you save this group.
- For theGroup Typesetting, selectStatic.
- From theParent Grouplist, select the source for the group you are creating.
- For theAvailable in Servicessetting, select the services licensed for this device.If this BIG-IP device is licensed for services you are not managing, you can reduce the number of devices displayed in the BIG-IP inventory by selecting the check box next to only the services you manage. If you are managing all aspects of BIG-IQ, select the check box next to each service running on this BIG-IP device.
- From theHostnamelist, select the device you want included in this group.To add additional devices, click the+sign and select a device from the new list that is displayed.
- Click theSave & Closebutton.
If you want to further filter
specific devices from within this group, you can create a dynamic group.
Creating a dynamic group of managed devices
You must create a static group before you can create a dynamic group.
To filter a static group on certain parameters, you can create a dynamic group. For example, if
you have a static group for all devices located in a particular city, and you want
to view only those running a specific version of software, you could create a
dynamic group to filter on that version number.
- At the top of the screen, clickDevices.
- On the left, clickDEVICE GROUPS.
- Click theAdd Groupbutton.
- In theNamefield, type the name you want to use to identify this group.You can change this name at any time, after you save this group.
- In theDescriptionfield, type a description for this group.For example,BIG-IP Devices running version 13.0You can change this description any time, after you save this group.
- For theGroup Typesetting, selectDynamic Group.
- From theParent Grouplist, select the source for the group you are creating.
- In theSearch Filterfield, type a term on which you want to filter the group.
- For theAvailable in Servicessetting, select the services licensed for this device.If this BIG-IP device is licensed for services you are not managing, you can reduce the number of devices displayed in the BIG-IP inventory by selecting the check box next to only the services you manage. If you are managing all aspects of BIG-IQ, select the check box next to each service running on this BIG-IP device.
- Click theSave & Closebutton.
This dynamic group reflects any changes made to the static group. For example, if a
device is removed from its parent group, it no longer appears in the associated static
group. Also, if
a device no longer contains the object you filtered on, the device no
longer displays in the dynamic group.
Filtering the BIG-IP device inventory list
for specific BIG-IP components
From each BIG-IQ screen that contains a list of objects, you can easily find specific
objects. For example, after you discover several devices, you might want to find a
specific device by its name or IP address. To do this, you start by filtering on certain
configuration objects. Filtering on specific criteria saves you time because you can
view only those objects associated with the criteria you specify.
- At the top of the screen, clickDevices.
- To search for a specific object, in theFilterfield at the top right of the screen, type all or part of an object's name and click the filter icon.BIG-IQ refreshes the screen to show only those devices that contain the object you filtered on.
- To remove the filter, click theXicon next to it.
Exporting device inventory details to a comma separated values (CSV) file
To export the BIG-IP Device inventory to a CSV file, your browser must be configured
to allow popup screens.
Using BIG-IQ, you can quickly access and view the properties
for all the devices you manage in your network. These properties include details
about the device's IP addresses, platform type, license details, software version,
and so forth. You (or another department in your company) can create custom reports
containing this information to help manage these assets. To do this, you can export
device properties to a CSV file and edit the data as required.
- At the top of the screen, clickDevices.
- On the left, clickBIG-IP DEVICES.
- Click theExport Inventorybutton.
BIG-IQ creates a CSV file and downloads it locally.
Change several BIG-IP passwords
simultaneously
When you manage BIG-IP device from
BIG-IQ Centralized Management, it is good practice to change the default admin and root
passwords on a regular basis. From BIG-IQ, you can change the passwords for several
BIG-IP devices at one time.
You can
change the passwords for several BIG-IP devices simultaneously only if they have the
same password.
- At the top of the screen, clickDevices.
- On the left, click.
- Near the top of the screen, click theCreatebutton.
- In theNameandDescriptionsfields, type a name and optional description to help you identify this task.
- From theAvailablelist, select devices and move them to theSelectedlist.The passwords for the BIG-IP devices you select must all be identical.
- Select an option for theChange Passwordsetting.
- Provide the old and new passwords, as required.
- Click theRunbutton at the bottom of the screen.BIG-IQ will apply the new password to all of the selected BIG-IP devices. You can view the status of this task from the Change Device Passwords screen.
Re-discover BIG-IP devices and re-import
services
If you make a change directly on a
managed BIG-IP device, you can re-discover and re-import services
for that device so BIG-IQ Centralized Management has the most
current configuration for that device.
- At the top of the screen, clickDevices.
- Select the check box next to the device you want to rediscover and reimport services for.
- Click theMorebutton and selectRe-discover and Re-import.
- In theNameandDescriptionfields, type a name and an optional description to identify this task.
- For theConflict Resolution Policysetting, selectUse BIG-IP to override the configuration settings stored on BIG-IQ with the settings from the BIG-IP device.When you're importing more than one device at the same time keep in mind that they're re-imported in the order listed, from top to bottom. You can use the arrow keys to change the processing order. When you selectUse BIG-IP to resolve conflicts, the BIG-IP device used to resolve those conflicts should appear last in the re-import list. If two or more BIG-IP devices contain the same object with different values, only the value in the last imported BIG-IP is used to resolve the conflict for all the BIG-IP devices.
- If you want to save a snapshot of the BIG-IP device's configuration before importing their services, select theCreate a snapshot of the current configuration before importingcheck box.
- Click theCreatebutton at the bottom of the screen.
What is a BIG-IP Device Service Clustering (DSC) group and how do I start managing it from
BIG-IQ?
Device Service Clustering
, or DSC®, is a BIG-IP®TMOS® feature that lets you organize BIG-IP devices in groups to share
configurations. These groups are called device service clusters
(also DSC). With
BIG-IQ®, you can easily manage devices configured in a DSC from one
centralized location. Before you can manage BIG-IP systems configured in a DSC, you must:
- Add the DSC device members to the BIG-IP Devices inventory.
- Add the DSC group to the BIG-IP Clusters inventory.
When a device service cluster is in the BIG-IP Cluster inventory, you can view its properties
and the devices within those groups, and synchronize their configurations, all without having
to log in to each device individually.
For specific information about BIG-IP DSC groups, refer to the
BIG-IP® Device Service Clustering: Administration
guide.Discover BIG-IP Device Service Cluster
groups
You must add the BIG-IP devices configured in a DSC to the BIG-IQ system's BIG-IP Device
inventory before you can discover DSC groups.
All BIG-IP devices in a cluster must be running the same software version and the
same settings for:
- Pools
- Traffic-groups
- VLANs
- Tunnels
- Route domains
The BIG-IQ DSC Groups inventory screen shows you a centralized view specific to DSC
clusters.
The
Cluster Display
Name
displays on this screen only for managed BIG-IP devices in
a DSC. BIG-IQ
supports only two BIG-IP system in a DSC.
- At the top of the screen, clickDevices.
- On the left, click.
- Click theDiscoverbutton.
- Select the devices in theAvailablelist, and then click the right arrow to add them to theSelectedlist.This list is populated from the BIG-IP Device inventory list. If you can't see all of the available devices listed, left-click the right bottom corner of the list and use your cursor to expand the dialog box.
- Click theDiscoverbutton.
The DSC Groups list refreshes to display the discovered DSC group.
Viewing the BIG-IP Clusters inventory and the properties of a DSC cluster
You must add a BIG-IP device configured in a DSC to the BIG-IP Devices
inventory list, and discover the cluster from the DSC Clusters inventory list before you
can see the cluster listed on this screen.
From the DSC Groups inventory screen, you can see the following details about each
existing DSC cluster, including:
- synchronization status
- name
- cluster type
- last refresh dates
- devices in the DSC group
- At the top of the screen, clickDevices.
- On the left, click.The screen displays the list of DSC groups defined on this device.
To view the properties of a cluster, including the trust domain certificate
associated with this DSC group, click the cluster's name.
Synchronizing configurations between BIG-IP devices in a DSC cluster
You must add a BIG-IP device configured in a DSC to the BIG-IP Devices
inventory list and discover the DSC from the DSC Groups inventory list before you can
synchronize BIG-IP devices configured in a DSC.
Synchronizing configuration between BIG-IP devices in a DSC cluster saves you time
because you don't have to log on to each BIG-IP device in the cluster
individually.
Unmanaged BIG-IP devices in a DSC do not display the
Sync
button.- At the top of the screen, clickDevices.
- On the left, click.The screen displays the list of DSC groups defined on this device.
- Click the name of the cluster you want to synchronize.
- Click theRefresh Statusbutton to get the most current sync status for the devices in the DSC group.
- For theSync Optionsetting, select one of the options:
- Device to Group- Select this option to prompt the BIG-IP device to synchronize its configuration with other device(s) in the DSC group.
- Group to Device- Select this option to prompt the DSC group to load its configuration onto the BIG-IP device.
- Click theSyncbutton.
- To close the screen, click theClosebutton.