F5 Logo MyF5
Search
  1. MyF5 Home
  2. Managing BIG-IP Devices from BIG-IQ
  3. Device Discovery and Basic Device Management
Manual Chapter : Device Discovery and Basic Device Management

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 7.0.0
Manual Chapter

Device Discovery and Basic Device Management

How do I start managing BIG-IP devices from BIG-IQ?

To start managing a BIG-IP device, you must add it to BIG-IQ.
If you only want to do basic management tasks (like software upgrades, license management, and UCS backups) for a BIG-IP device, you do not have to discover and import its service configurations.
There are a few ways you can add BIG-IP and BIG-IP VE devices to your BIG-IQ system so you can start managing them.
  • Add a BIG-IP or BIG-IP VE device located in your network, specify its configuration options, and import its services all in one step in a process called
    onboarding
    .
  • Add a BIG-IP VE device located in a third-party cloud environment, then onboard it.
  • Add a single BIG-IP device located in your network, and discover and import its services in a separate procedure. When you do this, you can manage any differences for shared objects between BIG-IQ and the BIG-IP device you’re adding, on an object-by-object basis.
  • Import BIG-IP devices located in your network in bulk, using a CSV file.
    You cannot add multiple BIG-IP devices with SSLO services. These BIG-IP devices must be added individually.

About discovering BIG-IP devices and importing services

If you choose to add BIG-IP devices and import their services in two separate steps, there's some things to keep in mind.
It's important to know a few things about services shared between BIG-IQ and BIG-IP devices. When BIG-IQ manages BIG-IP devices, it stores a copy of their service configuration objects. The BIG-IQ system uses the following terms to describe configurations between BIG-IQ and BIG-IP devices:
  • The
    working configuration
     is the configuration that is maintained and edited on the BIG-IQ system. This is the configuration you deploy to the BIG-IP device during a deployment.
  • The
    current configuration
    is the configuration discovered on the BIG-IP device. This is also sometimes referred to as the running configuration. The current configuration is updated during re-import or re-discovery and before calculating differences during the deployment process. The current configuration is also updated after a successful deployment to the BIG-IP device.
  • Shared - All objects shared across BIG-IP devices, except LTM profiles and monitors.
  • Version-specific - Only LTM profile and monitor objects that are specific to a BIG-IP software version.
  • Device-specific - Objects that are specific to a particular BIG-IP device, and are not shared among BIG-IP devices.
Use BIG-IQ
Keep the object that is in BIG-IQ system's working configuration, and the next time you deploy a configuration to that BIG-IP device, BIG-IQ overwrites the object with the one in the BIG-IQ configuration.
Use BIG-IP
Use the object from the BIG-IP device's configuration to replace the object in the BIG-IQ working configuration. If you select this option, BIG-IQ replaces that object for all of your managed BIG-IP devices the next time it deploys a configuration.
Create Version
BIG-IQ creates and stores a copy of the BIG-IP device's LTM monitor or profile object (s), specific to the software version running on that BIG-IP device. If you select this option, BIG-IQ replaces that object for all the managed BIG-IP devices running that version, the next time it deploys a configuration. You can store multiple versions of LTM monitors or profiles. BIG-IQ deploys the appropriate stored version to your managed devices. BIG-IQ automatically resolves conflicts against the appropriate version the next time it imports services that contain LTM monitors or profiles.
Alternatively, if you successfully imported the LTM service, you can have BIG-IQ stop importing the specific service that contains the conflict, and attempt to discover and import the next service. If you use this option, you can rediscover and reimport the services that failed from the BIG-IP device's
Service
 page, and resolve each conflict individually.
If you want to view shared objects, from the command line, type the following command:
GET "/mgmt/cm/shared/metadata?\$filter='category'+eq+'working-config'+and+'configData/configType'+eq+'shared'&\$select=itemKind,uriPath"

Add a single BIG-IP device

Before you can add BIG-IP devices to BIG-IQ Centralized Management:
  • The BIG-IP device must be located in your network and running a compatible software version. Refer to K14592 for more information.
  • The management address of the BIG-IP device must be open (typically this is port 22 and 443), or any alternative IP address used to add the BIG-IP device to the BIG-IQ inventory. Ports 22 and 443 and the management IP address are open by default on BIG-IQ.
  • If you are adding a BIG-IP device provisioned with the ASM service, and that device is part of a DSC cluster, that device must also be a member of a sync-only device group, and ASM synchronization must be enabled for the device group. Without these DSC group settings, deploying changes to the ASM device can cause the cluster to get out of sync. For details on configuring these groups, refer to
    Creating a Sync-Only device group
     and
    Synchronizing an ASM-enabled device group
     in the
    Automatically Synchronizing Application Security Configurations
     article on
    support.f5.com
    .
A BIG-IP device running versions 10.2.0 - 12.0.x is considered a
legacy device
, and cannot be added to the BIG-IQ system's inventory for management. Although version 12.1.x is supported, its features are limited, and it is recommended to upgrade to version 13.0 or later. If you were managing a legacy device in a previous version of BIG-IQ and upgrade, the legacy device displays as impaired with a yellow triangle next to it in the BIG-IP Devices inventory. To manage it, you must upgrade it to version 12.1.0 or later. For instructions, refer to the section titled,
Upgrading a Legacy Device
.
You add a BIG-IP device to BIG-IQ so you can discover and import its services, such as LTM, AFM, and so forth. After you discover and import a device's services, you can start managing it. This procedure allows you to add a single BIG-IP device.
If you would prefer to add several BIG-IP devices at once and handle all object conflicts the same way, select the
Add multiple BIG-IP devices
 option.
  1. At the top of the screen, click
    Devices
    .
  2. On the left, click
    BIG-IP DEVICES
    .
  3. Click the
    Add Device(s)
     button.
  4. For the
    Device
     setting, select
    Add a single BIG-IP device
    .
  5. For
    IP Address
    , type the IPv4 or IPv6 address of the device.
  6. In the
    Port
     box, type the management port for this BIG-IP device.
    The port number must be between 4 and 65535. In many cases, it's the default port 443.
    Chrome and Safari browsers don't allow access to web applications running on port 65535. So if you use port 65535 as the management port, you won't be able to access the BIG-IP device's interface from BIG-IQ when using Chrome or Safari. You can still discover and manage BIG-IP devices that are using port 65535.
  7. If this device is part of a Device Service Cluster (DSC) group, for the
    Cluster Display Name
     setting, specify how to handle it:
    • For an existing DSC group, select
      Use Existing
       from the list, and then select the name of the DSC group from the next list.
    • To create a new DSC group, select
      Create New
       from the list, and type a name in the field.
    For BIG-IQ to properly associate the devices in the same DSC group, the
    Cluster Display Name
     must be the same for all members in a group.
    There can be up to 8 members in a DSC group.
    For BIG-IP devices with ASM services, you can only add five devices at a time. If the BIG-IP device(s) provisioned with ASM is part of a DSC cluster, that device must also be a member of a sync-only device group, and ASM synchronization must be enabled on one of the devices in the DSC group. Without these DSC group settings, deploying changes to the ASM device can cause the cluster to become out of sync. For details on configuring these groups, refer to K12200102 or the ASM implementations chapter
    Automatically Synchronizing Application Security Configurations
     on
    support.f5.com
    .
  8. If this device is configured in a Device Service Clustering (DSC) group, for the
    Deployment Settings
    , specify how to handle it:
    For more information about DSC groups, see
    What is a BIG-IP Device Service Clustering (DSC) group and how do I start managing it from BIG-IQ?
    .
    • Initiate BIG-IP DSC sync when deploying configuration changes (Recommended)
      : Select this option if this device is part of a DSC group and you want BIG-IQ to automatically synchronize configuration changes with other members in the DSC group from BIG-IQ.
      • Allow deployment when DSC configured devices have changes pending (Not Recommended)
        this option pushes changes to all the devices in the cluster independently, ignoring the logical device cluster configuration. This option is intended for temporary use when a BIG-IP cluster node becomes unavailable, you would like to push changes to individual devices, until the node comes back online.
        If multiple nodes are online, the entire BIG-IP DSC group will go into a
        Change Pending
         state. This can only be resolved by the system administrator.
    • Ignore BIG-IP DSC sync when deploying configuration changes
      : Select this option if you want to manually synchronize configurations changes between members in the DSC group.
  9. Click the
    Add
     button at the bottom of the screen.
    The BIG-IQ system opens communication to the BIG-IP device, and checks the BIG-IP device framework.
    The BIG-IQ system can properly manage a BIG-IP device only if the BIG-IP device is running a compatible version of the REST framework.
  10. Click the
    Discover & Import
     button at the bottom of the screen.
  11. To centrally manage this device's configurations for licensed services, select the check box next to each service you want to discover.
    You can select other service configurations after you add the BIG-IP device to the inventory.
You can now discover the services for this device, and manage any differences for shared objects (on an object-by-object basis) between the BIG-IQ system and the BIG-IP device(s) during import.

Discover and import services for a BIG-IP device you added

You discover and import services for a BIG-IP device you have added to BIG-IQ so you can start managing it. Use this procedure if you added a BIG-IP device, but have not yet discovered and imported its services. When you're importing services, you have the opportunity to select a conflict resolution option for any conflicts between the shared objects between BIG-IQ and this BIG-IP device.
To discover IPS services for AFM, you must enable its discovery on BIG-IQ. See
Discover and import IPS services
.
  1. At the top of the screen, click
    Devices
    .
  2. On the left, click
    BIG-IP DEVICES
    .
  3. Click the name of the BIG-IP device you're discovering and importing services for.
  4. On the left, click
    SERVICES
    .
  5. To create a snapshot of the BIG-IQ configuration before discovering and importing services, select the
    Snapshot
     check box.
    Clear this check box if you are adding devices that are in an access group you just created. If you don't, BIG-IQ won't be able to add the device(s).
  6. To ignore conflicts for objects shared between BIG-IQ and the BIG-IP device(s) you're adding, leave the
    Conflict Resolution
     check box selected.
    This allows you to continue to import services that have no conflicts, and fix the conflicts individually later, from the
    BIG-IP DEVICES
    SERVICES
     screen, to complete the import process for those services.
  7. Click the
    Discover and Import
     button at the bottom of the screen.
  8. For each service this BIG-IP device is licensed for, click the
    Discover
     button.
  9. After BIG-IQ discovers the service, click the
    Import
     button next to the service to import it.
When you're finished discovering and importing services for this device, the device displays on the BIG-IP Devices screen.
You can now manage this device and its services.

Discover and import IPS services

You must ensure that you have the proper licenses for AFM and IPS on the managed BIG-IP device. You must have access to the BIG-IQ Advanced Shell. If you do not have access, contact F5 support at support.f5.com.
To manage IPS (Intrusion Prevention System) within BIG-IQ CM (console node), you must first change the default settings that block initial discovery for the host BIG-IP device. This requires setting
protocolInspectionDisabled
 to
false
 in the file
/var/config/rest/config/restjavad.properties.json
. Once you have enabled IPS discovery, you need to re-discover and re-import AFM services to the appropriate BIG-IP devices.
If you have a standby console nodes, complete steps 2-3 of the following process for the standby node.
  1. Log into the BIG-IQ Advanced Shell (console node) using ssh.
  2. In the
    restjavad.properties.json
     file, locate the
    "afm"
     property.
  3. In the
    "afm"
     property, locate the
    "ips"
     property.
    If the
    "ips"
     property does not exist, you can add this property using the example provided in step 4. Ensure that the "
    protocolInspectionDisabled
    " property is included within
    "ips"
    .
  4. Ensure the value for "
    protocolInspectionDisabled
    " is
    false
    .
    The following example shows a possible configuration of the 
    ...
"afm" :
    {
...
        "ips" : {
            "protocolInspectionDisabled": false
        }
...
    },
...
  5. Restart the restjavad process using the following command:
    bigstart restart restjavad
  6. In the BIG-IQ UI, re-discover and re-import AFM services, for each licensed device by going to
    Devices
    BIG-IP DEVICES
    .
    To perform a bulk re-discovery and re-import for all services, on multiple devices, see
    Re-discover and re-import services in bulk
    .
  7. Select the device name.
  8. On the left, click
    SERVICES
    .
  9. In the Network Security (AFM) area, click the
    Re-discover
    or
    Discover
     button.
  10. In the Network Security (AFM) area click the
    Re-import
    or
    Discover
     button.
After the services re-import/import, the BIG-IP Devices inventory list includes the AFM service (see
Devices
BIG-IP DEVICES
). You can now manage this BIG-IP device's IPS services from BIG-IQ.

Before you use a CSV file to add BIG-IP devices and discover and import their services

Before you add BIG-IP devices to BIG-IQ and discover and import their services, save the devices' information in a comma separated values file. The information you save can include:
Device Details
Description and Action
Management IP address
Specify the management IP address(es) for the BIG-IP device(s) you are adding.
HTTPS Port
Type the management port for this BIG-IP device(s). This number must be between
4
 and
65535
 In many cases, it's the default port
443
.
Chrome and Safari browsers don't allow access to web applications running on port
65535
. So if you use port
65535
 as the management port, you won't be able access the BIG-IP device's interface from BIG-IQ when using Chrome or Safari. You can still discover and manage BIG-IP devices that are using port
65535
.
admin user name
admin
Password
Specify the admin user's password for the device(s).
Cluster Name
Specify if these devices are part of a cluster.
DSC Sync Mode
If these devices are part of a DSC, initiate DSC sync when deploying configuration changes by specifying FALSE.
Pending Changes
If these devices are part of a DSC, allow deployment of any pending changes by specifying TRUE.
Services List
List of services running on these devices, separated by a space. For example: LTM APM ASM AFM SSM DNS FPS
Enable Statistics Collection
If these device are collecting statistics, allow data collection by specifying TRUE.
Zone
If these devices are part of a data collection device cluster, specify the name of their zone.
APM Group
If these devices support the APM service, specify the APM group.
APM Shared Import
If these devices are part of an APM group, set this to TRUE only for the first device in the APM group, leave the rest at FALSE.
Shared Object Conflict Policy
Specify how you want any shared object conflicts between BIG-IQ and the BIG-IP devices using one of the following values: USE_BIGIQ, USE_BIGIP, .
Version Object Conflict Policy
Conflict Resolution Policy for Version Specific Objects. Specify one of the following values: USE_BIGIQ, USE_BIGIP, KEEP_VERSION. The default is USE_BIGIQ.
Device Specific Conflict Policy
Conflict Resolution Policy for Device Specific Objects. Specify one of the following values: USE_BIGIQ, USE_BIGIP. The default is USE_BIGIP.

Exporting device inventory details to a comma separated values (CSV) file

To export the BIG-IP Device inventory to a CSV file, your browser must be configured to allow popup screens.
Using BIG-IQ, you can quickly access and view the properties for all the devices you manage in your network. These properties include details about the device's IP addresses, platform type, license details, software version, and so forth. You (or another department in your company) can create custom reports containing this information to help manage these assets. To do this, you can export device properties to a CSV file and edit the data as required.
  1. At the top of the screen, click
    Devices
    .
  2. On the left, click
    BIG-IP DEVICES
    .
  3. Click the
    Export Inventory
     button.
BIG-IQ creates a CSV file and downloads it locally.

Use a CSV file to add BIG-IP devices, and discover and import their services

Before you can add BIG-IP devices to BIG-IQ Centralized Management:
You must save your devices' details in a comma separated value (CSV) file.
  • The BIG-IP device must be located in your network and running a compatible software version. Refer to K14592 for more information.
  • The management address of the BIG-IP device must be open (typically this is port 22 and 443), or any alternative IP address used to add the BIG-IP device to the BIG-IQ inventory. Ports 22 and 443 and the management IP address are open by default on BIG-IQ.
  • If you are adding a BIG-IP device provisioned with the ASM service, and that device is part of a DSC cluster, that device must also be a member of a sync-only device group, and ASM synchronization must be enabled for the device group. Without these DSC group settings, deploying changes to the ASM device can cause the cluster to get out of sync. For details on configuring these groups, refer to
    Creating a Sync-Only device group
     and
    Synchronizing an ASM-enabled device group
     in the
    Automatically Synchronizing Application Security Configurations
     article on
    support.f5.com
    .
If you are running BIG-IP versions earlier than version 11.6.0, you might need root user credentials to discover and add the device to the BIG-IP devices inventory. You don't need root user credentials for BIG-IP devices running versions 11.6.0 and later.
A BIG-IP device running versions 10.2.0 - 12.0.x is considered a
legacy device
, and cannot be added to the BIG-IQ system's inventory for management. Although version 12.1.x is supported, its features are limited, and it is recommended to upgrade to version 13.0 or later. If you were managing a legacy device in a previous version of BIG-IQ and upgrade, the legacy device displays as impaired with a yellow triangle next to it in the BIG-IP Devices inventory. To manage it, you must upgrade it to version 12.1.0 or later. For instructions, refer to the section titled,
Upgrading a Legacy Device
.
For devices with ASM services, you can only add five devices at a time. If the BIG-IP device(s) provisioned with ASM is part of a DSC cluster, that device must also be a member of a sync-only device group, and ASM synchronization must be enabled for the device group. Without these DSC group settings, deploying changes to the ASM device can cause the cluster to get out of sync. For more information see K12200102 or the ASM Implementations chapter
Automatically Synchronizing Application Security Configurations
 on
support.f5.com
.
You cannot add multiple BIG-IP devices with SSLO services. These BIG-IP devices must be added individually.
You add BIG-IP devices to BIG-IQ Centralized Management and discover and import their services so you can start managing them. This procedure allows you add multiple BIG-IP devices to BIG-IQ using a comma separated value (CSV) file, and discover and import their services.
  1. At the top of the screen, click
    Devices
    .
  2. On the left, click
    BIG-IP DEVICES
    .
  3. Click the
    Add Device(s)
     button.
  4. For the
    Device
     setting, select
    Add multiple BIG-IP devices
  5. To create a snapshot of the BIG-IQ configuration before discovering and importing services, select the
    Snapshot
     check box.
    Clear this check box if you are adding devices that are in an access group you just created. If you don't, BIG-IQ won't be able to add the device(s).
  6. To create a snapshot of the BIG-IQ configuration before discovering and importing services, select the
    Snapshot
     check box.
    Clear this check box if you are adding devices that are in an access group you just created. If you don't, BIG-IQ won't be able to add the device(s).
  7. To ignore conflicts for objects shared between BIG-IQ and the BIG-IP device(s) you're adding, leave the
    Conflict Resolution
     check box selected.
    This allows you to continue to import services that have no conflicts, and fix the conflicts individually later, from the
    BIG-IP DEVICES
    SERVICES
     screen, to complete the import process for those services.
  8. Click the
    Upload CSV
     button.
  9. Navigate to the location where you saved your CSV file and click
    Open
    .
  10. Select the check box next to the BIG-IP devices you want to discover and import services for, and click the
    Discover and Import
     button at the bottom of the screen.
To view status and address any conflicts between BIG-IQ and BIG-IP device objects, on the left, click
BIG-IP DEVICES
.

About basic device management

After you add BIG-IP devices to BIG-IQ Centralized Management and discover and import their services, you can start managing those devices.

Managing a device from the device properties screen

You can use a device's Properties screen to manage that device. You can log directly in to the device, remotely reboot it, and create an instant backup of its configuration. You can also view details about the managed device, such as:
  • Host name
  • Self IP Address
  • Build Number
  • Software Version
  • Status
  • Last Contact
  • Boot Location
  • Cluster Properties
From this screen you can also perform the following tasks:
  • Create an instant backup of the device's configuration.
  • Change the boot location of the device.
  • Edit cluster properties.
  • Log directly into the device from BIG-IQ.
  • Reboot the device from BIG-IQ.
  • Access details about the health of the device.
  • Access statistics for the device (if applicable).
  • Access services licensed for the device.
  1. At the top of the screen, click
    Devices
    .
  2. Click the name of the device you want to view.
    The device Properties screen opens.

How can I organize the way devices display in BIG-IQ so they're easier to find and manage?

To more easily manage a large number of BIG-IP devices, you can organize them into groups. The types of groups you can use are:
  • Static groups
  • Dynamic groups
A
static group
 contains specific devices that you add to it, and those devices stay in that group until you remove them. For example you might want to create a static group named,
Seattle
, and add all of the devices located in Seattle to it.
In contrast, a
dynamic group
 is basically a saved query on a group. For example, if you created a static group that contained all of your managed devices located in Seattle and you wanted to view only those devices running a specific application, you could create a dynamic group with that filter. If one of the devices stops running the specified application, the device no longer appears in that dynamic group.
If you delete a managed BIG-IP device from the parent group, you see that change when you view the dynamic group.

Creating a static group of managed devices

You must license and discover BIG-IP devices before you can place them into a group.
To more easily manage a large number of devices, you can organize them into groups. For example, you could add devices to groups according to the running applications, geographical location, or department.
  1. At the top of the screen, click
    Devices
    .
  2. On the left, click
    DEVICE GROUPS
    .
  3. Near the top of the screen, click the
    Create
     button.
  4. In the
    Name
     field, type the name you want to use to identify this group.
    You can change this name at any time, after you save this group.
  5. In the
    Description
     field, type a description for this group.
    For example,
    BIG-IP devices located in Seattle
    .
    You can change this description at any time, after you save this group.
  6. For the
    Group Type
     setting, select
    Static
    .
  7. From the
    Parent Group
     list, select the source for the group you are creating.
  8. For the
    Available in Services
     setting, select the services licensed for this device.
    If this BIG-IP device is licensed for services you are not managing, you can reduce the number of devices displayed in the BIG-IP inventory by selecting the check box next to only the services you manage. If you are managing all aspects of BIG-IQ, select the check box next to each service running on this BIG-IP device.
  9. From the
    Available
     list, select the BIG-IP device(s) you want to add to this group.
    You can filter on specific groups by selecting a group from the list.
  10. Click the
    Save & Close
     button.
If you want to further filter specific devices from within this group, you can create a dynamic group.

Creating a dynamic group of managed devices

You must create a static group before you can create a dynamic group.
To filter a static group on certain parameters, you can create a dynamic group. For example, if you have a static group for all devices located in a particular city, and you want to view only those running a specific version of software, you could create a dynamic group to filter on that version number.
  1. At the top of the screen, click
    Devices
    .
  2. On the left, click
    DEVICE GROUPS
    .
  3. Click the
    Add Group
     button.
  4. In the
    Name
     field, type the name you want to use to identify this group.
    You can change this name at any time, after you save this group.
  5. In the
    Description
     field, type a description for this group.
    For example,
    BIG-IP Devices running version 13.0
    You can change this description any time, after you save this group.
  6. For the
    Group Type
     setting, select
    Dynamic Group
    .
  7. From the
    Parent Group
     list, select the source for the group you are creating.
  8. In the
    Search Filter
     field, type a term on which you want to filter the group.
  9. For the
    Available in Services
     setting, select the services licensed for this device.
    If this BIG-IP device is licensed for services you are not managing, you can reduce the number of devices displayed in the BIG-IP inventory by selecting the check box next to only the services you manage. If you are managing all aspects of BIG-IQ, select the check box next to each service running on this BIG-IP device.
  10. Click the
    Save & Close
     button.
This dynamic group reflects any changes made to the static group. For example, if a device is removed from its parent group, it no longer appears in the associated static group. Also, if a device no longer contains the object you filtered on, the device no longer displays in the dynamic group.

Filtering the BIG-IP device inventory list for specific BIG-IP components

From each BIG-IQ screen that contains a list of objects, you can easily find specific objects. For example, after you discover several devices, you might want to find a specific device by its name or IP address. To do this, you start by filtering on certain configuration objects. Filtering on specific criteria saves you time because you can view only those objects associated with the criteria you specify.
  1. At the top of the screen, click
    Devices
    .
  2. On the left, click
    BIG-IP DEVICES
    .
  3. To search for a specific object, in the
    Filter
     field at the top right of the screen, type all or part of an object's name and click the filter icon.
    BIG-IQ refreshes the screen to show only those devices that contain the object you filtered on.
  4. To remove the filter, click the
    X
     icon next to it.

Change several BIG-IP passwords simultaneously

When you manage BIG-IP device from BIG-IQ Centralized Management, it is good practice to change the default admin and root passwords on a regular basis. From BIG-IQ, you can change the passwords for several BIG-IP devices at one time.
You can change the passwords for several BIG-IP devices simultaneously only if they have the same password.
  1. At the top of the screen, click
    Devices
    .
  2. On the left, click
    PASSWORD MANAGEMENT
    Change Device Passwords
    .
  3. Near the top of the screen, click the
    Create
     button.
  4. In the
    Name
     and
    Descriptions
     fields, type a name and optional description to help you identify this task.
  5. From the
    Available
     list, select devices and move them to the
    Selected
     list.
    The passwords for the BIG-IP devices you select must all be identical.
  6. Select an option for the
    Change Password
     setting.
  7. Provide the old and new passwords, as required.
  8. Click the
    Run
     button at the bottom of the screen.
    BIG-IQ will apply the new password to all of the selected BIG-IP devices. You can view the status of this task from the Change Device Passwords screen.

Re-discover BIG-IP devices and re-import services

If you upgrade or make a change directly on a managed BIG-IP device, you must re-discover and re-import services for that device so BIG-IQ Centralized Management has the most current configuration for that device.
You cannot re-import SSLO configurations from discovered BIG-IP devices.
  1. At the top of the screen, click
    Devices
    .
  2. Select the check box next to the device you want to rediscover and reimport services for.
  3. Click the
    More
     button and select
    Re-discover and Re-import
    .
  4. In the
    Name
     and
    Description
     fields, type a name and an optional description to identify this task.
  5. For the
    Shared Object Conflict Resolution Policy
     and
    Version Object Conflict Resolution Policy
     and
    Device Object Conflict Resolution
    Policy
     settings, select an option:
    • Use BIG-IQ
       Keep the object in BIG-IQ system's working configuration. The next time BIG-IQ deploys a configuration to that BIG-IP device, it updates the object to match the one on BIG-IQ.
    • Use BIG-IP
       if you want to override the configuration settings stored on BIG-IQ with the settings from the BIG-IP device if any differences for shared objects are found.
    For the
    Version Object Conflict Resolution Policy
    , you also have the option to select
    Create Version
    , if you want BIG-IQ to create a version-specific object if any differences for version-specific objects are found. If you select this option, BIG-IQ creates and stores a copy of the BIG-IP device's LTM monitor or profile object (s), specific to the software version running on that BIG-IP device and replaces that object for all the managed BIG-IP devices running that version, the next time it deploys a configuration. You can store multiple versions of LTM monitors or profiles. BIG-IQ deploys the appropriate stored version to your managed devices. BIG-IQ automatically resolves conflicts against the appropriate version the next time it imports services that contain LTM monitors or profiles.
  6. If you want to save a snapshot of the BIG-IP device's configuration before importing their services, select the
    Create a snapshot of the current configuration before importing
     check box.
  7. Click the
    Create
     button at the bottom of the screen.
You can now manage these BIG-IP devices.

What is a BIG-IP Device Service Clustering (DSC) group and how do I start managing it from BIG-IQ?

Device Service Clustering
, or DSC, is a BIG-IP TMOS feature that lets you organize BIG-IP devices in groups to share configurations. These groups are called
device service clusters
 (also DSC). With BIG-IQ, you can manage devices configured in a DSC, and their shared objects, from one centralized location.
Before you can manage BIG-IP systems configured in a DSC, you must:
  • Add the DSC device members to the BIG-IP Devices inventory.
  • Add the DSC group to the BIG-IP Clusters inventory.
  • Ensure that each DSC group includes at least one sync-failover configuration.
When a DSC group is in the BIG-IP Cluster inventory, you can view its properties and the devices within those groups, and synchronize their configurations, all without having to log in to each device individually. This allows for automatic synchronization among devices for any changes on objects defined in the cluster.
For specific information about BIG-IP DSC groups, refer to the
BIG-IP Device Service Clustering: Administration
 guide.
It is important to note, that although objects are shared among devices in a DSC group, they appear based on the state of each managed BIG-IP device. This can indicate that objects, such as a shared pool, is offline for a specific device that is experiencing network issues. However, the pool will appear as online for other devices in the DSC group.

Discover BIG-IP Device Service Cluster groups

You must add the BIG-IP devices configured in a DSC to the BIG-IQ system's BIG-IP Device inventory before you can discover DSC groups.
All BIG-IP devices in a cluster must be running the same software version and the same settings for:
  • Pools
  • Traffic-groups
  • VLANs
  • Tunnels
  • Route domains
The BIG-IQ DSC Groups inventory screen shows you a centralized view specific to DSC clusters.
The
Cluster Display Name
 displays on this screen only for managed BIG-IP devices in a DSC.
BIG-IQ supports up to 8 BIG-IP systems in a DSC.
  1. At the top of the screen, click
    Devices
    .
  2. On the left, click
    BIG-IP CLUSTERS
    DSC groups
    .
  3. Click the
    Discover
     button.
  4. Select the devices in the
    Available
     list, and then click the right arrow to add them to the
    Selected
     list.
    This list is populated from the BIG-IP Device inventory list. If you can't see all of the available devices listed, left-click the right bottom corner of the list and use your cursor to expand the dialog box.
  5. Click the
    Discover
     button.
The DSC Groups list refreshes to display the discovered DSC group.

Synchronizing configurations between BIG-IP devices in a DSC cluster

You must add a BIG-IP device configured in a DSC to the BIG-IP Devices inventory list and discover the DSC from the DSC Groups inventory list before you can synchronize BIG-IP devices configured in a DSC.
Synchronizing configuration between BIG-IP devices in a DSC cluster saves you time because you don't have to log on to each BIG-IP device in the cluster individually.
Unmanaged BIG-IP devices in a DSC do not display the
Sync
 button.
  1. At the top of the screen, click
    Devices
    .
  2. On the left, click
    BIG-IQ CLUSTERS
    DSC Groups
    .
    The screen displays the list of DSC groups defined on this device.
  3. Click the name of the cluster you want to synchronize.
  4. Click the
    Refresh Status
     button to get the most current sync status for the devices in the DSC group.
  5. For the
    Sync Option
     setting, select one of the options:
    • Device to Group
       - Select this option to prompt the BIG-IP device to synchronize its configuration with other device(s) in the DSC group.
    • Group to Device
       - Select this option to prompt the DSC group to load its configuration onto the BIG-IP device.
  6. Click the
    Sync
     button.
  7. To close the screen, click the
    Close
     button.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information