Manual Chapter : Adding and Configuring BIG-IP VE Devices in an AWS Cloud Environment

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 8.3.0, 8.2.0, 8.1.0, 8.0.0, 7.1.0
Manual Chapter

Adding and Configuring BIG-IP VE Devices in an AWS Cloud Environment

How do I create and configure BIG-IP VE devices in an AWS cloud environment?

BIG-IQ Centralized Management makes it easy for you to create, configure, and manage BIG-IP VE devices on AWS, Azure, and VMware cloud environments.
To start managing a BIG-IP VE device in an cloud environment, you'll need to complete the following tasks:
Configure your AWS Virtual Private Cloud
Set up your AWS cloud environment. For this, you'll need a Virtual Private Cloud (VPC). You also need secret keys and a security group to keep the environment safe.
Specify your cloud provider details
Specify the cloud provider's credentials so you can access the cloud environment from BIG-IQ.
Create your cloud environment
Define your cloud environment by specifying the cloud-specific properties for that environment.
Create a BIG-IP VE device
Create a BIG-IP VE device from BIG-IQ in the cloud environment you defined.
Onboard your BIG-IP VE device
Provide the details for the BIG-IP VE device's configuration, and provision the services you want BIG-IQ to import through the onboarding process. BIG-IQ applies the configuration to the BIG-IP VE device through a declarative onboarding API call. For more information about declaration onboarding API specific to BIG-IP VE devices, see
https://github.com/F5Networks/f5-declarative-onboarding
After you save the configuration for the BIG-IP VE device you created, BIG-IQ sends an API call to apply that configuration to the targeted BIG-IP VE device. After BIG-IQ successfully applies the configuration, it then discovers and imports the services the device is licensed for. This means you don't have to discover and import services in a separate step. When the onboarding process is complete, you can start managing the BIG-IP VE device from the
Devices
BIG-IP DEVICES
screen.

Configure your AWS Virtual Private Cloud

To deploy BIG-IP VE devices in an AWS cloud, you need a Virtual Private Cloud (VPC). You also need secret keys and a security group to keep the environment safe.
To properly configure your environment, your account requires full access permissions for the following AWS resources: Auto Scale Groups, Instances, SQS, S3, CloudWatch, and CloudFormation. Additionally, you need list, create, and delete permissions for the IAM
role/rolePolicy/InstanceProfile
.
  • If you use the AWS cloud for all of your resources, you install the BIG-IP VE devices and DCDs in the AWS environment. When you use AWS for your BIG-IQ and DCDs, you most likely have already created an AWS environment and deployed the BIG-IP VE devices. If this is the case, be sure to review the AWS requirements here to ensure proper support.
  • If you deployed your BIG-IP VE devices and DCDs in a private cloud or on-premises environment, after you create the AWS environment, configure a VPN to support the required communication between the BIG-IP VE devices and the management components.
    For the most current instructions for creating a VPC, refer to the VPC Documentation web site,
    https://docs.aws.amazon.com/AmazonVPC/latest/GettingStartedGuide/getting-started-ipv4.html
    .
  1. Access your AWS account, and create a virtual private cloud (VPC).
    As you configure the VPC, make sure it is in the region you want to work in and contains the following elements:
    • Name tag
    • IPv4 CIDR block
    • Only 1 subnet,is supported for BIG-IP VE creation. If you want more subnets, you must configure them manually in your AWS environment after you create your BIG-IP VE.
    • Internet gateway attached to this VPC
    • Route table that targets the internet gateway (1 for each subnet)
  2. Create a key pair to allow SSH access.
  3. Create a security group to protect the elastic load balancer (ELB).
    When you configure the security group for the ELB, you must not specify any ingress rules.
  4. Create a classic elastic load balancer (ELB) using the settings detailed in the table.
    ELB Type
    Classic Load Balancer
    VPC and subnets
    Use the objects created in step 1.
    Health Checks
    • Ping protocol:TCP
    • Ping port: 22
    • Timeout: 5 seconds
    • Interval: 30 seconds
    EC2 Instances
    Cross-Zone Load Balancing enabled and Connection Draining Enabled at 300 seconds.
    When you configure the ELB, note that you can deploy it as either Internet-facing or internal. Internal is fine if all of the application traffic you support is within your AWS VPC. If not, then make sure you deploy it as Internet-facing.
    Additionally, the classic ELB and the BIG-IP VE devices that manage your applications must be in the VPC. If they are not in the same VPC, traffic will not reach the BIG-IP VE devices.
    For more information, refer to: VPC_SecurityGroups.html.
  5. After the ELB is created successfully, edit the ELB listeners to remove the default listener (Load Balancer Protocol and Instance Protocol of HTTP on port 80).
Before AWS can create the BIG-IP VE instances, you must subscribe and agree to the software terms for the Amazon machine image (AMI) you plan to use.
  • Navigate to the AWS marketplace.
  • Search for the AMI that best fits your needs.
  • When you find the AMI you want, select it and then click
    Continue to Subscribe
    and follow the prompts.

Configuration requirements for an AWS VPN

When you manage BIG-IP VE devices running applications in AWS environment, and use a BIG-IQ and data collection devices that are housed in a private cloud or on-premises, you need a VPN to facilitate communication. Without a VPN, the devices cannot send the analytic information you need to manage your applications. Also, if you use the BYOL licensing option, when new devices are created, they need the VPN so they can contact the BIQ-IQ acting as a license server.
Requirement
For more information
Both ends of the VPN require a gateway. That is, you need a gateway between your BIG-IQ/data collection device cluster and the VPN; and, you need a virtual private gateway between the VPN and the AWS environment.
Refer to the vendor documentation for the gateway you use locally. For details on the AWS end, refer to
AWS Managed VPN Connections
on
docs.aws.amazon.com
.
You must use a VPN supported by AWS.
For details on the VPN types that AWS supports, refer to
Amazon Virtual Private Cloud Documentation
on
docs.aws.amazon.com
.
Subnets on your local network must use a different subnet than the subnet used by the VPC you create in the AWS environment. There can be no overlap.
For example, if the BIG-IQ and data collection devices in your local cloud use a subnet such as 172.16.0.0/16, you could use a subnet such as
10.1.0.0/16
There must be a route from your BIG-IQ/data collection device cluster to the AWS environment through your gateway.
Create this route by logging in to the BIG-IQ and DCD in your local cloud and running a set of
tmsh
commands. For example, if your setup used the subnets listed in the previous example (AWS network is
10.1.0.0/16
and your gateway address is
172.16.0.9
, you could run the following sequence of commands:
tmsh create /net route 10.1.10.0/16 gw 172.16.0.9 tmsh list net route tmsh save /sys config

Specify credentials required to connect to an AWS cloud

You create a new AWS cloud provider to tell BIG-IQ how to connect to your AWS cloud environment.
  1. At the top of the screen, click
    Applications
    then, on the left, click
    ENVIRONMENTS
    Cloud Providers
    .
  2. Click
    Create
    .
    The New Provider screen opens.
  3. Type a
    Name
    for the provider you are creating.
  4. To help identify this provider when you want to use it later, type a brief
    Description
    .
  5. From the
    Provider Type
    list, select
    AWS
    .
    Under Provider Details, the screen display s settings that you use to specify your AWS credentials.
  6. Type your
    Access Key ID
    and
    Secret Access Key
    , and then click
    Test
    to confirm your connection.
  7. Click
    Save & Close
    .
The system creates the new AWS provider account, which is now ready to be used in a cloud environment.
Before you can use this provider to create a BIG-IP VE device in, you need to create the AWS cloud environment.

Configure your AWS cloud environment on BIG-IQ

When you create an AWS cloud environment, you specify the parameters that BIG-IQ uses to create BIG-IP VE devices in that environment.
  1. At the top of the screen, click
    Applications
    then, on the left, click
    ENVIRONMENTS
    Cloud Environments
    .
  2. Click
    Create
    .
  3. After you provide a
    Name
    and optional
    Description
    for this cloud environment, from the
    Device Template
    list, select the device template you want to use to define the new BIG-IP VE devices.
  4. From the
    Cloud Provider
    list, select the name of the AWS provider you want to use for this environment.
    The screen displays the AWS Properties settings.
  5. From the
    VPC
    list, select the name of the virtual private cloud you created for this environment.
    The subnets defined for this VPC are listed under Available.
  6. For
    Restricted Source Address
    , using the CIDR format, specify the addresses that you want to be able to access the environment.
    For example
    12.12.0.0/16
    .
    Only addresses that match your entry will have access (IP addresses that use
    12.12.xxx.xxx
    in the example above).
  7. Leave the
    SSH Key Name
    blank.
  8. For
    License Type
    , select
    Utility
    .
    From your cloud provider marketplace, you'll need to select
    F5 BIG-IP Virtual Edition - GOOD (PAYG)
    .
  9. For
    AMI Image
    , select the AMI you want to use for the devices created in this environment.
  10. For
    Instance Type
    , select the name of the kind of instance you want to use for the devices created in this environment.
  11. Click
    Save & Close
    .
This AWS cloud environment is available for you to create BIG-IP VE devices in it from BIG-IQ.

Create a BIG-IP VE device in an AWS cloud environment

You'll need to have an AWS cloud environment configured before you can create a BIG-IP VE device in it.
You create a BIG-IP VE device so you can then configure it and start managing it from BIG-IQ Centralized Management.
BIG-IP devices created for declarative onboarding (DO) are provisioned with a single network interface. To add an additional network interface, refer to the user documentation for the public cloud to which you deployed the device.
  1. At the top of the screen, click
    Devices
    .
  2. On the left, click
    BIG-IP VE CREATION
    .
  3. Click
    Create
    .
  4. For
    Task Name
    , type a name for this onboarding task.
  5. For
    BIG-IP VE Name
    , type a name to identify the BIG-IP VE you are creating.
  6. From the
    Cloud Environment
    list, select your cloud environment where you want this created.
  7. In the
    Number of BIG-IP VE to Create
    field, specify the number of BIG-IP VE devices you want to create.
    You can create up to 5 at a time.
  8. Click the
    Create
    button at the bottom of the screen.
When BIG-IQ successfully completes a BIG-IP VE creation task, the task displays on the BIG-IP VE creation screen. The BIG-IP VE creation process can take up to 10 minutes, depending on the cloud environment and the BIG-IP VE configuration.
You can now configure this BIG-IP VE device through the onboarding process.

Configure a BIG-IP VE device in an AWS cloud environment through onboarding

You can configure BIG-IP VE devices through a process called declarative onboarding (DO), also referred to as just onboarding. When you
onboard
a BIG-IP VE, you specify all of the details of its configuration, and discover and import their services in one procedure. After you onboard BIG-IP VE devices, you can start managing them from the BIG-IQ
Devices
BIG-IP DEVICES
screen.
  1. At the top of the screen, click
    Devices
    .
  2. On the left, click
    BIG-IP VE CREATION
    .
    Alternatively, you can click
    BIG-IP ONBOARDING
    on the left and onboard the BIG-IP VE from that screen.
  3. Select the check box next to the BIG-IP VE Creation task that completed successfully, and click the
    Onboard
    button to start the onboarding task.
  4. Select the onboarding classes you want to use to configure the BIG-IP VE devices, and when you're done, click the
    Onboard
    button at the bottom of the screen.
    Following is a list of the minimally required and highly recommended parameters you should specify for onboarding BIG-IP VE devices. Every environment is different, so, in addition to the classes and parameters here, consider additional configuration options you might need for your network and applications. For example, you might want to set up DNS, or add a route.
    You can view the API call that BIG-IQ makes to onboard BIG-IP devices at any time by clicking
    View Sample API Request
    at the upper right.
    You can use parameter values written as in-place references to other DO classes only from the API. For example, using a parameter value of "
    /Common/failoverGroup/members/0
    " (pointer to a different class in the same declaration) for an address, instead of the actual remote address. Do not use parameters with references to other DO classes in the user interface from the
    BIG-IQ
    Devices
    BIG-IP ONBOARDING
    Create
    screen; instead, use the actual value for the field.
    If you use a Fully Qualified Domain Name (FQDN) for
    Device Group
    ,
    Owner
    and/or
    Remote Hosts
    , you must validate that you can resolve that FQDN with the DNS server.
    Class and Parameter
    API Parameter Example
    Description
    Notes
    Device:
    Target Host
    "targetHost"
    :
    "{IP address}"
    IP address of this BIG-IP VE device
    Required for initial onboarding of new BIG-IP VE devices, as well as changes to existing BIG-IP VE devices.
    Device:
    Target Username
    "targetUsername" : "admin"
    Admin user name for this BIG-IP VE device
    Required for initial onboarding of new BIG-IP VE devices, as well as changes to existing BIG-IP VE devices.
    Device:
    Target Passphrase
    "targetPassphrase" : "{password}"
    Admin password for this BIG-IP VE device
    Not required for BIG-IP VE devices in an AWS cloud environment if you have a
    Target Ssh Key
    specified.
    Device:
    Target Ssh Key
    "targetSshKey" : "path" : "{path}"
    SSH private key for this BIG-IP VE device
    Required for first-time onboarding of new BIG-IP VE devices in an AWS cloud environment. BIG-IQ automatically populates this field, however, if the field is not populated, navigate to the
    Devices
    BIG-IP VE CREATION
    screen and onboard that BIG-IP VE device from that screen.
    We recommend that you do not use the
    Target Ssh Key
    for subsequent declarations for BIG-IP VE devices.
    Device:
    Hostname
    "hostname": "{hostname}.domain.com"
    FDQN for this BIG-IP VE device
    Although not required, it's highly recommended that you specify a host name as the FQDN of the BIG-IP VE device so you can properly identify it.
    Device:
    License
    "licenseType"
    :
    "{license type}"
    ,
    "{license key}"
    :
    "xxx-xxx-xxx-xx"
    },
    License type
    Required if the BIG-IP VE has a reg key or pool BYOL license. It is not required if you are using a PAYG VE.
    If using a pool license when onboarding a BIG-IP VE device running version 14.0 or later, you must supply the BIG-IP admin and user names, same as the ones entered for the
    User
    class.
    Subsequent changes to the configuration of same BIG-IP VE devices do not require changes to the
    License
    class.
    Onboard Class:
    NTP
    "myNtp": { "class": "NTP", "servers": [ "{server}" ], "timezone": "{time zone}"
    NTP server details for this BIG-IP VE device
    Although not required, we recommend that you specify an NTP server so BIG-IQ and BIG-IP VE devices are synchronized with the correct time.
    You must specify a valid time zone specified in the Time Zone Database. For more information, refer to: List_of_tz_database_time_zones
    Onboard Class:
    Provision
    "name": "{myProvision}", "ltm": "nominal",
    Licensed services for this BIG-IP VE device
    LTM is required and selected by default for all BIG-IP VE devices onboarded.
    Select any additional services you want to provision.
    If you're using analytics, you must provision AVR, which is not selected by default.
    Onboard Class:
    User
    "{name}": { "class": "User", "userType": "root", "newPassword": "{new password}", "oldPassword": "{old password}"
    User name and password for admin (
    regular
    ) user with TMSH access and the
    root
    user for this BIG-IP VE device
    Required only for the first time you onboard BIG-IP VE devices running version 14.0 or later, because you must change the passwords for initial log in. When you change the admin password, that same password is applied as the root password. So if you want the root password to be unique, you'll need to change it. Since the root password is changed to the same password as admin, use that as the "old password" when updating the root password.
    Onboard Class:
    VLAN
    "tag":4093, "mtu":1500, "interfaces":[ { "name":"1.2", "tagged":true}
    VLAN for this BIG-IP VE device's network configuration.
    Your cloud provider automatically creates one VLAN. However, most network configurations require that you use two self IP addresses (one for internal and one for external traffic), and each self IP address requires a VLAN. You must specify the VLAN configuration details before you add a self IP address.
    If you populate the
    Tag
    field, you must select true or false from the
    Tagged
    list.
    Onboard Class:
    Self IP
    "internal-self":{ "class":"SelfIp", "address":"{self IP address}", "vlan":"internal", "allowService":"default", "trafficGroup":"traffic-group-local-only"}
    Self IP addresses for this BIG-IP VE device's network configuration.
    Your cloud provider automatically creates one self IP address. However, two self IP addresses are most commonly used for internal and external traffic.
    You must specify the VLAN configuration details before you add a self IP address.
    BIG-IQ configures the BIG-IP VE device and automatically imports its provisioned services based on the
    BIG-IQ Settings Onboard Classes
    . When the BIG-IP VE device is successfully onboarded, the status displays as
    Onboard Finished
    and the BIG-IP VE device displays on the BIG-IP Devices screen where you can start managing them. This onboarding task remains in the list until you delete it. You can use existing onboard tasks for the basis of new onboard tasks.
You can now manage the BIG-IP VE.

API example of onboarding a BIG-IP VE device in an AWS cloud environment

This is an example of what you'll see when you specify the details for an onboard declaration and click the
View Sample API Request
button from the Create Onboard Declaration screen. API REST URL:
/mgmt/shared/declarative-onboarding
For more information about declarative onboarding, refer to the API REST documentation:
https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReferences/bigiq_public_api_ref/r_do_onboarding.html
. DNS settings are automatically specified by your cloud environment. If you use a Fully Qualified Domain Name (FQDN) for Device
Group
,
Owner
and/or
Remote Hosts
, you must validate that you can resolve that FQDN with the DNS server.
{ "class": "DO", "declaration": { "schemaVersion": "1.5.0", "class": "Device", "async": true, "Common": { "class": "Tenant", "myLicense": { "class": "License", "licenseType": "regKey", "regKey": "xxx-xxx-xxx-xx" }, "myProvision": { "class": "Provision", "ltm": "nominal" }, "myNtp": { "class": "NTP", "servers": [ "time.nist.gov" ], "timezone": "UTC" }, "admin": { "class": "User", "userType": "regular", "partitionAccess": { "all-partitions": { "role": "admin" } }, "shell": "tmsh", "password": "adminpassword" }, "root": { "class": "User", "userType": "root", "newPassword": "rootpassword", "oldPassword": "adminpassword" } } }, "targetHost": "54.10.10.10", "targetUsername": "admin", "targetPassphrase": "admin", "targetSshKey": { "path": "/var/ssh/restnoded/privatessh.key" }, "bigIqSettings": { "failImportOnConflict": false, "conflictPolicy": "USE_BIGIQ", "deviceConflictPolicy": "USE_BIGIP", "versionedConflictPolicy": "KEEP_VERSION", "statsConfig": { "enabled": true, "zone": "default" }, "snapshotWorkingConfig": false } }

Configure a cluster of BIG-IP VE devices in an AWS cloud environment through onboarding

You must configure your cloud environment and create BIG-IP VE devices in it before you can configure the BIG-IP VE devices.
You can configure BIG-IP VE devices through a process called
declarative onboarding
(DO), also referred to as just, onboarding. Onboarding BIG-IP VE clusters makes it easy for you to configure more than one BIG-IP VE at one time. When you
onboard
a cluster of BIG-IP VE devices, you specify all of the details of their configuration, and discover and import their services in one procedure. After you onboard the BIG-IP VE devices, you can start managing them from the BIG-IQ
Devices
BIG-IP DEVICES
screen.
  1. At the top of the screen, click
    Devices
    .
  2. On the left, click
    BIG-IP VE CREATION
    .
    Alternatively, you can click
    BIG-IP ONBOARDING
    on the left and onboard the BIG-IP VE from that screen.
  3. Select the check mark next to two or more BIG-IP VE creation tasks that were successful, and then click the
    Onboard Cluster
    button.
    BIG-IQ allows you to simultaneously onboard the BIG-IP VE devices you select as a cluster.
  4. Type a name and optional description to help you identify this task.
  5. Select the onboarding classes you want to use to configure the BIG-IP VE devices and when you're done, click the
    Onboard
    button at the bottom of the screen.
    Following is a list of the minimally required and highly recommended parameters you should specify for onboarding BIG-IP VE devices. Every environment is different, so, in addition to the classes and parameters here, consider additional configuration options you might need for your network and applications. For example, you might want to set up DNS, or add a route.
    You can view the API call that BIG-IQ makes to onboard BIG-IP devices at any time by clicking
    View Sample API Request
    at the upper right.
    You can use parameter values written as in-place references to other DO classes only from the API. For example, using a parameter value of "
    /Common/failoverGroup/members/0
    " (pointer to a different class in the same declaration) for an address, instead of the actual remote address. Do not use parameters with references to other DO classes in the user interface from the
    BIG-IQ
    Devices
    BIG-IP ONBOARDING
    Create
    screen; instead, use the actual value for the field.
    If you use a Fully Qualified Domain Name (FQDN) for
    Device Group
    ,
    Owner
    and/or
    Remote Hosts
    , you must validate that you can resolve that FQDN with the DNS server.
    Class and Parameter
    API Parameter Example
    Description
    Notes
    Onboard Class:
    BIG-IQ Settings
    "bigIqSettings": {"clusterName": "My_cluster_name"}
    Cluster name.
    Onboard Class:
    Device Group
    "myDeviceGroup": { "class": "DeviceGroup", "type": "sync-only", "members": [ "bigip1.example.com", "bigip2.example.com" ], "owner": "bigip1.example.com", "autoSync": true, "networkFailover": true, "asmSync": true }
    This is the BIG-IP sync group.
    These must be the same on every BIG-IP device in the group.
    For ASM sync, make sure ASM is provisioned on all BIG-IP devices in the cluster.
    DNS sync groups are not supported in BIG-IP version 7.0.
    You must select
    sync-only
    . This is the only option supported for a newly-created BIG-IP VE with a single NIC.
    If you use a Fully Qualified Domain Name (FQDN), you must validate that you can resolve that FQDN with the DNS server.
    Onboard Class:
    Device Trust
    On BIG-IP1
    "myDeviceTrust": { "class": "DeviceTrust", "localUsername": "admin1", "localPassword": "Admin1Passwd", "remoteHost": "bigip1.example.com", "remoteUsername": "admin1", "remotePassword": "Admin1Passwd" }
    On BIG-IP2
    "myDeviceTrust": { "class": "DeviceTrust", "localUsername": "admin2", "localPassword": "Admin2Passwd", "remoteHost": "bigip1.example.com", "remoteUsername": "admin1", "remotePassword": "Admin1Passwd" }
    These are the BIG-IP Device Trust settings.
    The
    Remote UserName
    and
    Remote Password
    must be the same on all BIG-IP devices in the cluster.
    Onboard Class:
    Dbvariable
    “configsync.allowmanagement": "enable"
    Allow management IP address for config sync.
    For more information refer to: K17427
BIG-IQ configures the BIG-IP VE devices in this cluster and automatically imports its provisioned services based on the
BIG-IQ Settings Onboard Classes
. When the BIG-IP VE devices are successfully onboarded, the status displays as
Onboard Finished
and the BIG-IP VE devices displays on the BIG-IP Devices screen where you can start managing them. This onboarding task remains in the list until you delete it. You can use existing onboard tasks for the basis of new onboard tasks.

API example of onboarding a cluster of BIG-IP VE devices

This is an example of what you'll see when you specify the details for an BIG-IP VE cluster onboard declaration for a BIG-IP VE cluster and click the
View Sample API Request
button from the Create Onboard Declaration screen. API REST URL:
/mgmt/shared/declarative-onboarding
For more information about declarative onboarding, refer to the API REST documentation: https://clouddocs.f5.com/products/big-iq/mgmt-api/v7.0.0/ApiReferences/bigiq_public_api_ref/r_do_onboarding.html If you use a Fully Qualified Domain Name (FQDN) for
Device Group
,
Owner
and/or
Remote Hosts
, you must validate that you can resolve that FQDN with the DNS server
API for BIG-IP 1
{   "class": "DO",   "declaration": {     "schemaVersion": "1.5.0",     "class": "Device",     "async": true,     "Common": {       "class": "Tenant",       "myDbVariables": {         "class": "DbVariables",         "configsync.allowmanagement": "enable"       },       "myProvision": {         "asm": "nominal",         "ltm": "nominal",         "class": "Provision"       },       "myNtp": {         "class": "NTP",         "servers": [           "0.pool.ntp.org",           "1.pool.ntp.org",           "2.pool.ntp.org"         ],         "timezone": "UTC"       },       "admin": {         "class": "User",         "userType": "regular",         "partitionAccess": {           "all-partitions": {             "role": "admin"           }         },         "password": "Mypassword2020!"       },       "myConfigSync": {         "class": "ConfigSync",         "configsyncIp": "10.0.0.65"       },       "myDeviceGroup": {         "type": "sync-only",         "class": "DeviceGroup",         "owner": "bigip01.example.com",         "asmSync": true,         "members": [           "bigip01.example.com",           "ip-10-0-0-179.ec2.internal"         ],         "autoSync": true,         "networkFailover": true       },       "myDeviceTrust": {         "class": "DeviceTrust",         "remoteHost": "bigip01.example.com",         "localUsername": "admin",         "remoteUsername": "admin",         "localPassword": "Mypassword2020!",         "remotePassword": "Mypassword2020!"       }     }   },   "targetUsername": "admin",   "targetHost": "54.224.38.217",   "targetSshKey": {     "path": "/var/ssh/restnoded/joeyawsveF_3_12869.pem"   },   "bigIqSettings": {     "failImportOnConflict": false,     "conflictPolicy": "USE_BIGIQ",     "deviceConflictPolicy": "USE_BIGIP",     "versionedConflictPolicy": "KEEP_VERSION",     "clusterName": "myawscluster"   } }
API for BIG-IP 2
{   "class": "DO",   "declaration": {     "schemaVersion": "1.5.0",     "class": "Device",     "async": true,     "Common": {       "class": "Tenant",       "myDbVariables": {         "class": "DbVariables",         "configsync.allowmanagement": "enable"       },       "myProvision": {         "asm": "nominal",         "ltm": "nominal",         "class": "Provision"       },       "myNtp": {         "class": "NTP",         "servers": [           "0.pool.ntp.org",           "1.pool.ntp.org",           "2.pool.ntp.org"         ],         "timezone": "UTC"       },       "admin": {         "class": "User",         "userType": "regular",         "partitionAccess": {           "all-partitions": {             "role": "admin"           }         },         "password": "Mypassword2020!"       },       "myConfigSync": {         "class": "ConfigSync",         "configsyncIp": "10.0.0.65"       },       "myDeviceGroup": {         "type": "sync-only",         "class": "DeviceGroup",         "owner": "bigip01.example.com",         "asmSync": true,         "members": [           "bigip01.example.com",           "ip-10-0-0-179.ec2.internal"         ],         "autoSync": true,         "networkFailover": true       },       "myDeviceTrust": {         "class": "DeviceTrust",         "remoteHost": "bigip01.example.com",         "localUsername": "admin",         "remoteUsername": "admin",         "localPassword": "Mypassword2020!",         "remotePassword": "Mypassword2020!"       }     }   },   "targetUsername": "admin",   "targetHost": "54.198.50.34",   "targetSshKey": {     "path": "/var/ssh/restnoded/joeyawsveF_4_12862.pem"   },   "bigIqSettings": {     "failImportOnConflict": false,     "conflictPolicy": "USE_BIGIQ",     "deviceConflictPolicy": "USE_BIGIP",     "versionedConflictPolicy": "KEEP_VERSION",     "clusterName": "myawscluster"   } }