Manual Chapter : Adding and Configuring BIG-IP VE Devices in a VMware Environment

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 7.0.0
Manual Chapter

Adding and Configuring BIG-IP VE Devices in a VMware Environment

Managing BIG-IP VE Devices Located in a Third-Party Cloud Environment

Supported VMware cloud environments

BIG-IQ supports these VMware cloud environments for auto-scaling:
  • VMware vCenter version 6.0 (ESXi version 5.5 and 6.0)
  • VMware vCenter version 6.5 (ESXi version 6.0 and 6.5)

Preparing a VMware environment for BIG-IP VE devices

You must prepare your VMware environment to create a BIG-IP VE in it by performing the following tasks:
  • Import the BIG-IP VE OVA for each BIG-IP version you want to use as a VMware template.
  • Set the CPU number and amount of memory based on the usage and provisioning you want (for example, you'll need at least 4 CPU and 16GM RAM to provision LTM, AFT, and APM).
  • Deploy the OVA/OVF to your vCenter server.
  • Install the VMware tools on the template/clone.
  • Verify the VMware environment is on a Datastore that is available to the ESXi host or cluster.

Install the vCenter's host root certificate onto BIG-IQ

For secure communication between BIG-IQ and the vCenter, you must install the vCenter's host root certificate on BIG-IQ.
  1. From the BIG-IQ command line, copy the root certificate from the vCenter host cert file
    /etc/vmware-sso/key/ssoserverRoot.crt
    to the BIG-IQ system's cert file
    /config/ssl/ssl
    .
  2. Type the following command to create a symbolic link to this certificate using the certificate's hash
    ln -s ssoserverRoot.crt `openssl x509 -hash -noout -in ssoserverRoot.crt`.0

How do I create and configure BIG-IP VE devices in a VMware environment?

BIG-IQ Centralized Management makes it easy for you to create, configure, and manage BIG-IP VE devices in a VMware environment.
To start managing a BIG-IP VE device in a VMware environment, you'll need to complete the following tasks.
Create an IP address pool on BIG-IQ
Create an IP address pool manage the IP addresses for the self IP or management addresses on the BIG-IP VE devices. This is mandatory for all VMware templates. This step is optional.
Specify your cloud provider details on BIG-IQ
Specify the cloud provider's credentials so you can access the cloud environment from BIG-IQ.
Configure your cloud environment on BIG-IQ
Configure your cloud environment on BIG-IQ by specifying the cloud-specific properties for that environment.
Create a BIG-IP VE device
Create a BIG-IP VE device from BIG-IQ in the cloud environment you configured.
Onboard your BIG-IP VE device and BIG-IP VE device cluster
Provide the configuration details for the BIG-IP VE device or BIG-IP VE device cluster, and provision the services you want BIG-IQ to import through the onboarding process. BIG-IQ applies the configuration to the BIG-IP VE devices through a declarative onboarding API call. For more information about declaration onboarding API specific to BIG-IP VE devices, see
https://github.com/F5Networks/f5-declarative-onboarding
After you save the configuration for the BIG-IP VE devices you created, BIG-IQ sends an API call to apply that configuration to the targeted BIG-IP VE devices. After BIG-IQ successfully applies the configuration, it then discovers and imports the services the device is licensed for. This means you don't have to discover and import services in a separate step. When the onboarding process is complete, you can start managing the BIG-IP VE devices from the
Devices
BIG-IP DEVICES
screen.

Create an IP address pool for new BIG-IP VE devices in VMware environment

For BIG-IQ to assign IP address from an IP address pool, you'll need to install the VMware tools for the VMware template. Refer to the following article for instructions. K44134742
You create an IP address pool so that you can control the IP addresses for the management addresses on the BIG-IP VE that BIG-IQ creates.
  1. At the top of the screen, click
    Devices
    then, on the left, click
    IP Pools
    .
    The screen displays the list of the IP pools defined on this device.
  2. Click
    Create
    .
    The Create New IP Pool screen opens.
  3. Fill in the details for this IP address pool and then click
    Save & Close
    .
    This creates a new IP pool that you can be use to assign IP addresses to BIG-IP VE created on VMware.

Specify VMware credentials required to connect to a vCenter server

Before you can create a cloud provider, you must know the vCenter host name.
You create a new VMware cloud provider so that you can specify the VMware credentials required to connect to the vCenter server. You can use this connector to communicate from BIG-IQ to the VMware cloud environments connected to that server.
  1. At the top of the screen, click
    Applications
    then, on the left, click
    ENVIRONMENTS
    Cloud Providers
    .
  2. Click
    Create
    .
    The New Cloud Provider screen opens.
  3. After you name this new cloud provider, from the
    Provider Type
    list, select
    VMware
    and supply the provider details.
Before you can use this provider to create BIG-IP VE devices in, you need to specify the cloud environment details.

Configure your VMware environment on BIG-IQ

You define a new cloud environment to specify the parameters that the BIG-IQ needs so it can communicate with vCenter to create and manage the BIG-IP VE devices created and managed in the VMware cloud environment.
  1. At the top of the screen, click
    Applications
    then, on the left, click
    ENVIRONMENTS
    Cloud Environments
    .
  2. Click
    Create
    .
  3. From the
    Cloud Provider
    list, select the name of the VMware provider you want to use for this environment.
    The screen shows the VMware Properties settings.
  4. Specify the VMware properties.
    1. For
      Deploy To
      , select an option to identify the VMware destination to which you want new BIG-IP VE devices to deploy:
      If you identify the destination using a cluster name, the VMware host must have DRS enabled before you try to deploy BIG-IP VE devices, or the deployment will fail. If you use the ESXi hostname, the DRS setting is optional.
      • Select
        Cluster
        , and type the name of the cluster.
      • Select
        ESXi Hostname
        , and type either the IP address or the FQDN of the ESXi host.
    2. If you want to include an
      Annotation
      that will appear in the notes section of the virtual machine summary for the BIG-IP VE devices, type one in.
    3. Type the name of the vSphere
      Datacenter
      that houses the VMware resources on which the BIG-IP VE devices will reside.
    4. If you want to specify a
      Resource Pool
      , type the name of the resource pool the ESXi host uses.
    5. If you want to specify a
      Folder
      , type the name of the shared folder the ESXi host uses.
    6. Type the
      User
      name and
      Password
      for the vCenter user that you configured for this VMware environment.
    7. Specify how you want VMware to create the virtual machines it uses when it creates a BIG-IP device.
      • To use a VMware template, in the
        VM Image
        field, type the name of the template.
      • To use a VM snapshot:
        1. For
          VM Image
          , type the name of the BIG-IP image used to create the snapshot.
        2. For
          Linked Clone
          , select
          Yes
          , and then type the name of the snapshot you created for this image in
          Snapshot name for Linked Clone
          .
      When you set up the VM image that you want to create your clone from, it must reside on storage that is accessible to all ESXi hosts for that cluster.
      Details about creating a virtual machine in your VMware environment are provided in the
      BIG-IP Virtual Edition 13.1.0 and VMware ESXi: Setup
      guide on
      support.f5.com
      The BIG-IP VE in vCenter must have VMware tools installed on it. After you deploy the BIG-IP VE to vCenter, use the procedure in the article:
      https://support.f5.com/csp/article/K44134742
      to install the VMware tools.
    8. In the
      Network Interface Mapping
      fields, specify the network interface mappings for the BIG-IP VE devices created.
      The mappings you specify must match the settings that were used when the virtual machine network interfaces were defined as part of the BIG-IP VE deployment to your VMware environment.
      For additional detail on NIC configuration, refer to the
      BIG-IP Virtual Edition 13.1.0 and VMware ESXi: Setup
      on
      support.f5.com
      .
      You can click
      +
      if you want to specify additional NICs for this environment.
  5. For
    IP Pool Alias Mapping
    , you can map existing IP pools from BIG-IP devices to specific aliases to be referenced later.
    This is optional. The full list of IP pools is available to choose from when you create the BIG-IP VE device. You can click
    +
    if you want to specify additional aliases for this environment.
  6. Click the
    Save & Close
    button at the bottom of the screen.
    BIG-IQ creates the new cloud environment. This VMware environment is available for you to create BIG-IP VE devices in it from BIG-IQ.

Create a BIG-IP VE device in a VMware cloud environment

You'll need to have a VMware environment configured before you can create a BIG-IP VE device in it.
You create a BIG-IP VE device so you can then configure it and start managing it from BIG-IQ Centralized Management.
  1. At the top of the screen, click
    Devices
    .
  2. On the left, click
    BIG-IP VE CREATION
    .
  3. Click
    Create
    .
  4. Type a name for this task
  5. For
    BIG-IP VE Name
    , type a name to identify this BIG-IP VE you are creating.
  6. From the
    Cloud Environment
    list, select your VMware environment.
  7. From the
    Address
    list, select an option for the type of addresses you want to use for new BIG-IP VE devices.
  8. In the
    Number of BIG-IP VE to Create
    field, specify the number of devices you want to create.
    You can create up to five at a time.
  9. Click the
    Create
    button at the bottom of the screen.
When BIG-IQ successfully completes a BIG-IP VE creation task, the task displays on the BIG-IP VE creation screen. The BIG-IP VE creation process can take up to 10 minutes, depending on the cloud environment and the BIG-IP VE configuration.
You can now configure t his BIG-IP VE device through the onboarding process.

Configure a BIG-IP VE device in a VMware cloud environment through onboarding

You must configure your cloud environment and create BIG-IP VE devices in it before you can configure the BIG-IP VE devices.
You can configure BIG-IP VE devices through a process called declarative onboarding (DO), also referred to as just onboarding. When you
onboard
a BIG-IP VE, you specify all of the details of its configuration, and discover and import their services in one procedure. After you onboard BIG-IP VE devices, you can start managing them from the BIG-IQ
Devices
BIG-IP DEVICES
screen.
  1. At the top of the screen, click
    Devices
    .
  2. On the left, click
    BIG-IP VE CREATION
    .
    Alternatively, you can click
    BIG-IQ ONBOARDING
    on the left and onboard the BIG-IP VE from that screen.
  3. Select the check box next to the BIG-IP VE Creation task that completed successfully, and click the
    Onboard
    button to start the onboarding task.
  4. Type a name and optional description to help you identify this task.
  5. Select the onboarding classes you want to use to configure the BIG-IP VE devices, and when you're done, click the
    Onboard
    button at the bottom of the screen.
    Following is a list of the minimally required and highly recommended parameters you should specify for onboarding BIG-IP VE devices. Every environment is different, so, in addition to the classes and parameters here, consider additional configuration options you might need for your network and applications. For example, you might want to set up DNS, or add a route.
    You can view the API call that BIG-IQ makes to onboard BIG-IP devices at any time by clicking
    View Sample API Request
    at the upper right.
    DNS settings are automatically specified by your cloud environment.
    You can use parameter values written as in-place references to other DO classes only from the API. For example, using a parameter value of "
    /Common/failoverGroup/members/0
    " (pointer to a different class in the same declaration) for an address, instead of the actual remote address. Do not use parameters with references to other DO classes in the user interface from the
    BIG-IQ
    Devices
    BIG-IP ONBOARDING
    Create
    screen; instead, use the actual value for the field.
    Class and Parameter
    API Parameter Example
    Description
    Notes
    Device:
    Target Host
    "targetHost"
    :
    "{IP address}"
    IP address of this BIG-IP VE device
    Required for initial onboarding of new BIG-IP VE devices, as well as changes to existing BIG-IP VE devices.
    Device:
    Target Username
    "targetUsername" : "admin"
    Admin user name for this BIG-IP VE device
    Required for initial onboarding of new BIG-IP VE devices, as well as changes to existing BIG-IP VE devices.
    Device:
    Target Passphrase
    "targetPassphrase" : "{password}"
    Admin password for this BIG-IP VE device
    Required
    You must have specified a
    Target Username
    or
    Target Ssh
    .
    Device:
    Target Ssh Key
    "targetSshKey" : "path" : "{path}"
    SSH private key for this BIG-IP VE device
    Is not required for VMware environments if you provide the
    Target User
    and
    Target Passphrase
    .
    We recommend that you do not use the
    Target Ssh Key
    for subsequent declarations for BIG-IP VE devices.
    Device:
    Hostname
    "hostname": "{hostname}.domain.com"
    FDQN for this BIG-IP VE device
    Although not required, it's highly recommended that you specify a host name as the FQDN of the BIG-IP VE device so you can properly identify it.
    Device:
    License
    "licenseType"
    :
    "{license type}"
    ,
    "{license key}"
    :
    "xxx-xxx-xxx-xx"
    },
    License type
    Required if the BIG-IP VE has a reg key or pool BYOL license. It is not required if you are using a PAYG VE.
    If using a pool license when onboarding a BIG-IP VE device running version 14.0 or later, you must supply the BIG-IP admin and user names, same as the ones entered for the
    User
    class.
    Subsequent changes to the configuration of same BIG-IP VE devices do not require changes to the
    License
    class.
    Onboard Class:
    NTP
    "myNtp": { "class": "NTP", "servers": [ "{server}" ], "timezone": "{time zone}"
    NTP server details for this BIG-IP VE device
    Although not required, it's recommended that you specify an NTP server so BIG-IQ and BIG-IP VE devices are synchronized with the correct time.
    You must specify a valid time zone specified in the Time Zone Database. For more information, refer to: List_of_tz_database_time_zones
    Onboard Class:
    Provision
    "name": "{myProvision}", "ltm": "nominal",
    Licensed services for this BIG-IP VE device
    LTM is required and selected by default for all BIG-IP VE devices onboarded.
    Select any additional services you want to provision.
    If you're using analytics, you must provision AVR, which is not selected by default.
    Onboard Class:
    User
    "{name}": { "class": "User", "userType": "root", "newPassword": "{new password}", "oldPassword": "{old password}"
    User name and password for admin (
    regular
    ) user with TMSH access and the
    root
    user for this BIG-IP VE device
    Required only for the first time you onboard BIG-IP VE devices running version 14.0 or later, because you must change the passwords for initial log in. When you change the admin password, that same password is applied as the root password. So if you want the root password to be unique, you'll need to change it. Since the root password is changed to the same password as admin, use that as the "old password" when updating the root password.
    Onboard Class:
    VLAN
    "tag":4093, "mtu":1500, "interfaces":[ { "name":"1.2", "tagged":true}
    VLAN for this BIG-IP VE device's network configuration.
    This is optional. Your cloud environment settings are automatically specified by your cloud environment. Most network configurations require a VLAN for each self IP address (typically two are required for an LTM pool). Specify the VLAN configuration details before you add the self IP addresses.
    If you populate the
    Tag
    field, you must select true or false from the
    Tagged
    list.
    Onboard Class:
    Self IP
    "internal-self":{ "class":"SelfIp", "address":"{self IP address}", "vlan":"internal", "allowService":"default", "trafficGroup":"traffic-group-local-only"}
    Self IP addresses for this BIG-IP VE device's network configuration.
    This is optional. Your cloud environment settings are automatically specified by your cloud environment. Most network configurations require a self IP address for each VLAN (typically two are required for an LTM pool). Specify the VLAN configuration details before you add the self IP addresses.
    BIG-IQ configures the BIG-IP VE devices in this cluster and automatically imports its provisioned services based on the
    BIG-IQ Settings Onboard Classes
    . When the BIG-IP VE devices are successfully onboarded, the status displays as
    Onboard Finished
    and the BIG-IP VE devices displays on the BIG-IP Devices screen where you can start managing them. This onboarding task remains in the list until you delete it. You can use existing onboard tasks for the basis of new onboard tasks.

API example of onboarding BIG-IP VE device in VMware cloud environment

This is an example of what you'll see when you specify the details for an onboard declaration and click the
View Sample API Request
button from the Create Onboard Declaration screen. API REST URL:
/mgmt/shared/declarative-onboarding
For more information about declarative onboarding, refer to the API REST documentation:
https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReferences/bigiq_public_api_ref/r_do_onboarding.html
{ "class": "DO", "declaration": { "schemaVersion": "1.5.0", "class": "Device", "async": true, "Common": { "class": "Tenant", "myLicense": { "class": "License", "licenseType": "regKey", "regKey": "xxx-xx-xx-xxx" }, "myProvision": { "class": "Provision", "ltm": "nominal" }, "myNtp": { "class": "NTP", "servers": [ "ntp1.ntp.com" ] }, "hostname": "mybigip_no3.mycompany.domain.com" } }, "targetHost": "10.10.75.23", "targetUsername": "admin", "targetPassphrase": "Password", "bigIqSettings": { "failImportOnConflict": false, "conflictPolicy": "USE_BIGIQ", "deviceConflictPolicy": "USE_BIGIP", "versionedConflictPolicy": "KEEP_VERSION" } }

Configure a cluster of BIG-IP VE devices in an VMware cloud environment through onboarding

You must configure your cloud environment and create BIG-IP VE devices in it before you can configure the BIG-IP VE devices.
You can configure BIG-IP VE devices through a process called
declarative onboarding
declarative onboarding (DO), also referred to as just, onboarding. Onboarding BIG-IP VE clusters makes it easy for you to configure more than one BIG-IP VE at one time.When you
onboard
a cluster of BIG-IP VE devices, you specify all of the details of their configuration, and discover and import their services in one procedure. After you onboard the BIG-IP VE devices, you can start managing them from the BIG-IQ
Devices
BIG-IP DEVICES
screen.
  1. At the top of the screen, click
    Devices
    .
  2. On the left, click
    BIG-IP VE CREATION
    .
    Alternatively, you can click
    BIG-IQ ONBOARDING
    on the left and onboard the BIG-IP VE from that screen.
  3. Select the check mark next to two or more BIG-IP VE creation task that is successful and then click the
    Onboard Cluster
    button.
    BIG-IQ allows you to simultaneously onboard the BIG-IP VE devices you select as a cluster.
  4. Select the onboarding classes you want to use to configure the BIG-IP VE devices and when you're done, click the
    Onboard
    button at the bottom of the screen.
    Following is a list of the minimally required and highly recommended parameters you should specify for onboarding BIG-IP VE devices. Every environment is different, so, in addition to the classes and parameters here, consider additional configuration options you might need for your network and applications. For example, you might want to set up DNS, or add a route.
    You can view the API call that BIG-IQ makes to onboard BIG-IP devices at any time by clicking
    View Sample API Request
    at the upper right.
    DNS settings are automatically specified by your cloud environment.
    You can use parameter values written as in-place references to other DO classes only from the API. For example, using a parameter value of "
    /Common/failoverGroup/members/0
    " (pointer to a different class in the same declaration) for an address, instead of the actual remote address. Do not use parameters with references to other DO classes in the user interface from the
    BIG-IQ
    Devices
    BIG-IP ONBOARDING
    Create
    screen; instead, use the actual value for the field.
    Class and Parameter
    API Parameter Example
    Description
    Notes
    Onboard Class:
    BIG-IQ Settings: Cluster Name
    "bigIqSettings": {"clusterName": "My_cluster_name"}
    Cluster name.
    Onboard Class:
    Device Group
    For
    Type
    you can specify sync-only:
    "myDeviceGroup": { "class": "DeviceGroup", "type": "sync-only", "members": [ "bigip1.example.com", "bigip2.example.com" ], "owner": "bigip1.example.com", "autoSync": true, "networkFailover": true, "asmSync": true }
    Or cluster synch-failover:
    "myDeviceGroup": { "class": "DeviceGroup", "type": "sync-failover", "members": [ "bigip1.example.com", "bigip2.example.com" ], "owner": "bigip1.example.com", "autoSync": true, "networkFailover": true, "asmSync": true }
    This is the BIG-IP sync group.
    These must be the same on every BIG-IP device in the group.
    For ASM sync, make sure ASM is provisioned on all BIG-IP devices in the cluster.
    DNS sync groups are not supported in BIG-IP version 7.0.
    Onboard Class:
    Device Trust
    On BIG-IP1
    "myDeviceTrust": { "class": "DeviceTrust", "localUsername": "admin1", "localPassword": "Admin1Passwd", "remoteHost": "bigip1.example.com", "remoteUsername": "admin1", "remotePassword": "Admin1Passwd" }
    On BIG-IP2
    "myDeviceTrust": { "class": "DeviceTrust", "localUsername": "admin2", "localPassword": "Admin2Passwd", "remoteHost": "bigip1.example.com", "remoteUsername": "admin1", "remotePassword": "Admin1Passwd" }
    These are the BIG-IP Device Trust settings.
    The
    Remote UserName
    and
    Remote Password
    must be the same on all BIG-IP devices in the cluster.
BIG-IQ configures the BIG-IP VE devices in this cluster and automatically imports its provisioned services based on the
BIG-IQ Settings Onboard Classes
. When the BIG-IP VE devices are successfully onboarded, the status displays as
Onboard Finished
and the BIG-IP VE devices displays on the BIG-IP Devices screen where you can start managing them. This onboarding task remains in the list until you delete it. You can use existing onboard tasks for the basis of new onboard tasks.

API example of onboarding a cluster of BIG-IP VE devices

This is an example of what you'll see when you specify the details for an BIG-IP VE cluster onboard declaration for a BIG-IP VE cluster and click the
View Sample API Request
button from the Create Onboard Declaration screen. API REST URL:
/mgmt/shared/declarative-onboarding
For more information about declarative onboarding, refer to the API REST documentation: https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReferences/bigiq_public_api_ref/r_do_onboarding.html
API for BIG-IP 1
{ "class": "DO", "declaration": { "schemaVersion": "1.5.0", "class": "Device", "async": true, "Common": { "class": "Tenant", "myDeviceGroup": { "class": "DeviceGroup", "type": "sync-only", "members": [ "bigip1.example.com", "bigip2.example.com" ], "owner": "bigip1.example.com", "autoSync": true, "networkFailover": true, "asmSync": true }, "myDeviceTrust": { "class": "DeviceTrust", "localUsername": "admin1", "localPassword": "Admin1Passwd", "remoteHost": "bigip1.example.com", "remoteUsername": "admin1", "remotePassword": "Admin1Passwd" } } }, "targetUsername": "Admin", "targetHost": "2.24.176.244", "targetSshKey": { "path": "/var/ssh/restnoded/my_awsve_1_2_3_111.pem" }, "bigIqSettings": { "failImportOnConflict": false, "conflictPolicy": "USE_BIGIQ", "deviceConflictPolicy": "USE_BIGIP", "versionedConflictPolicy": "KEEP_VERSION", "clusterName": "my_cluster_name" } }
API for BIG-IP 2
{ "class": "DO", "declaration": { "schemaVersion": "1.5.0", "class": "Device", "async": true, "Common": { "class": "Tenant", "myDeviceGroup": { "class": "DeviceGroup", "type": "sync-only", "members": [ "bigip1.example.com", "bigip2.example.com" ], "owner": "bigip1.example.com", "autoSync": true, "networkFailover": true, "asmSync": true }, "myDeviceTrust": { "class": "DeviceTrust", "localUsername": "admin2", "localPassword": "Admin2Passwd", "remoteHost": "bigip1.example.com", "remoteUsername": "admin1", "remotePassword": "Admin1Passwd" } } }, "targetUsername": "Admin", "targetHost": "2.22.29.148", "targetSshKey": { "path": "/var/ssh/restnoded/my_awsve_1_2_3_2525.pem" }, "bigIqSettings": { "failImportOnConflict": false, "conflictPolicy": "USE_BIGIQ", "deviceConflictPolicy": "USE_BIGIP", "versionedConflictPolicy": "KEEP_VERSION", "clusterName": "my_cluster_name" } }