Applies To:Show Versions
BIG-IQ Centralized Management
Deploying BIG-IQ Virtual Edition in Microsoft Azure
How do I deploy a BIG-IQ VE in Microsoft Azure?
- Establish a Microsoft Azure environment that includes a virtual network to which you will deploy your BIG-IP devices and BIG-IQ Virtual Edition (VE). For details, refer tohttps://azure.microsoft.com/en-us/services/virtual-machines/.
- In your Microsoft Azure environment, deploy the BIG-IP Virtual Edition (VE) machines that you plan to use to manage your application traffic. For details, refer tohttps://support.f5.com/csp/knowledge-center/cloud/Public%20Cloud/Microsoft%20Azure.
- Create a resource group in your Microsoft Azure environment that enables the ports and protocols required by the applications you plan to manage on your BIG-IP VE machines. For details, refer tohttps://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-portal.
- Create a security group in the resource group in which you plan to deploy your BIG-IQ VE. In addition to the normal inbound and outbound security rules you use in your Azure security groups, you must include an inbound security rule for port 22 (for SSH access to your VE) and port 443 (for HTTPS access).
- Use MS Azure PowerShell to load a sequence of PowerShell Cmdlets.
- Assemble a PowerShell script that creates a BIG-IQ VE.
- Run the script to deploy a BIG-IQ VE on Azure.
- Log in to the new VE and use TMSH to enable the root and admin passwords.
Load PowerShell Cmdlets
- Log in to the Microsoft Azure command line interface.
- Set the repository name. You can use an entry similar to:set-psrepository -name PSGallery -InstallationPolicy Trusted
- Use the Microsoft Azure command line interface to load the AZureRM cmdlets to your Azure environment.Your command line entry might read:Install-Module -Name AZ
Assemble a PowerShell script
- Log in to the Microsoft Azure user interface.
- Use the Microsoft Azure user interface to build a PowerShell script using a sequence of cmdlets from your Azure environment.# Tested with PowerShell 7.0.0 and Az module 4.7.0 # Login to Azure Portal Login-AzAccount # Provide values for the variables # instance name $bigiqInstance = 'ExampleBIG-IQ-CM1' # resource group to use $resourceGroup = 'ExampleResourceGroup' $location = 'ExampleRegion' $vmSize = 'Example-Instance-Type' $diskSizeGB = '95' # Azure Network Info $vnetName = 'Example_Vnet' $subnetNic1name = 'Example_Subnet1' $subnetNic2name = 'Example_Subnet2' # VM specific info $ipName = $bigiqInstance + '_Pip' $nic1Name = $bigiqInstance + '_mgmt' $nic2Name = $bigiqInstance + '_internal' $vmName = $bigiqInstance + '-vm' $computerName = $bigiqInstance # Get the username and password to be used for the administrators account on the VM. # This is used when connecting to the VM using ssh. (do NOT use admin for User, e.g. adminUser) $cred = Get-Credential $vnet = Get-AzVirtualNetwork -ResourceGroupName $resourceGroup -Name $vnetName $pip = New-AzPublicIpAddress -Name $ipName -ResourceGroupName $resourceGroup -Location $location ` -AllocationMethod Dynamic $subnetNic1 = Get-AzVirtualNetworkSubnetConfig -Name $subnetNic1name -VirtualNetwork $vnet $subnetNic2 = Get-AzVirtualNetworkSubnetConfig -Name $subnetNic2name -VirtualNetwork $vnet $nic1 = New-AzNetworkInterface -Name $nic1Name -ResourceGroupName $resourceGroup -Location $location ` -SubnetId $subnetNic1.Id -PublicIpAddressId $pip.Id $nic2 = New-AzNetworkInterface -Name $nic2Name -ResourceGroupName $resourceGroup -Location $location ` -SubnetId $subnetNic2.Id # Start building the VM configuration $vm = New-AzVMConfig -VMName $vmName -VMSize $vmSize $vm = Set-AzVMOperatingSystem -VM $vm -Linux -ComputerName $computerName -Credential $cred $vm = Set-AzVMOSDisk -VM $vm -DiskSizeInGB $diskSizeGB -CreateOption FromImage -Caching ReadWrite $vm = Set-AzVMSourceImage -VM $vm -PublisherName f5-networks -Offer f5-big-iq -Skus "f5-bigiq-virtual-edition-byol" -Version latest # Finish the VM configuration and add the NIC. $vm = Add-AzVMNetworkInterface -VM $vm -Id $nic1.Id -Primary $vm = Add-AzVMNetworkInterface -VM $vm -Id $nic2.Id # Set the VM image as source image for the new VM Set-AzVMPlan -VM $vm -Name f5-bigiq-virtual-edition-byol -Product f5-big-iq -Publisher f5-networks # Have to accept terms Get-AzMarketplaceTerms -Name f5-bigiq-virtual-edition-byol -Product f5-big-iq -Publisher f5-networks | Set-AzMarketplaceTerms -Accept # Create the VM New-AzVM -VM $vm -ResourceGroupName $resourceGroup -Location $location # Verify that the VM was created $vmList = Get-AzVM -ResourceGroupName $resourceGroup $vmList.Name
- Change the names of the variables as required to meet your needs. The table lists the variables that must be changed and then lists the variables that you can change if you want to.The first table lists the variables that must be changed, and then the second lists the variables that you can change if you want to.Required Variable Name EntriesYou must revise the variables listed here before you run the PowerShell script.Variable NameDescription$bigiqInstance = 'bigiq_name'Name of the BIG-IQ instance you want to create.$resourceGroup = 'resource_groupResource group in which you want the virtual machine to reside$location = 'geographic_zone'Geographic location in USThis might influence what size virtual machines are available to choose from.$vmSize = 'standard_d4_v3'Platform type of host.$vnetName = 'example_vnet'Name of the virtual network defined for your BIG-IP devices in the Azure cloud.$subnetNic1name = 'Example_Subnet1'Name of the subnet to be used for the first NIC interface created for this BIG-IQ VE.$subnetNic2name = 'Example_Subnet2'Name of the subnet to be used for the second NIC interface created for this BIG-IQ VE.Optional Variable Name EntriesYou can revise these entries, or accept the default values.Variable NameDescription$ipName = $bigiqInstance + '_Pip'The public name of the instance created by this script.$nic1Name = $bigiqInstance + '_mgmt'The name of the first NIC interface created for this BIG-IQ VE.$nic2Name = $bigiqInstance + '_internal'The name of the second NIC interface created for this BIG-IQ VE.$vmName = $bigiqInstance + '-vm'The name of the virtual machine created for this BIG-IQ VE.$computerName = $bigiqInstanceThe name of the computer created for this BIG-IQ VE.
- When you finish customizing the variable names in the script, save it to a location you can access and make note of the script name and location.
Run a PowerShell
script to deploy a BIG-IQ VE virtual machine
- From the Microsoft Azure PowerShell command line interface, locate and run the custom PowerShell script that you have prepared.The script prompts you for your Microsoft Azure account credentials.
- Type the Microsoft Azure account credentials and then clickOK.The script prompts you for the credentials that you want to specify for first time access to the BIG-IQ VE you are creating.
- Type the first time access credentials and then clickOK.The rest of the script runs and begins creating the VE image without further prompts. When you see the name of the virtual machine ($vmName = $bigiqInstance + '-vm') specified in the PowerShell script appear in the list of objects in the Microsoft Azure portal, that means that you can move on to the next step. Add your management interface to the security group that controls access to your Azure instances.
Add the management
interface to your security group
- On the Microsoft Azure Portal All services screen, click theResource groupsicon to display the resource groups defined on your portal.
- Click the name of the resource group specified in your PowerShell script.
- Click the name of the management interface specified in your PowerShell script and note a couple of things:
You can use the filters at the top of the list to show only selected object types. If you filter on Network interface, it is much easier to find the name you are looking for.
- There is no security group specified for this interface.
- The Public IP address value. You will need this address to access the BIG-IQ VE.
- On the left, click theNetwork Security groupicon.
- At the top of the screen, click theEditicon, and then click the right arrow to view the list of security groups defined on your portal.
- From the list of security groups, click the name of the security group you plan to use for your BIG-IQ VE, and then click theSaveicon.
Set the admin and
- Run a PowerShell script to create a BIG-IQ VE.
- Use a security group to make the virtual machine management port accessible through the Internet.
- Know the public IP address assigned to the BIG-IQ VE.
- Use the credentials that you specified for first time access, and the public IP address of your BIG-IQ VE to log in to the new BIG-IQ that you just launched using a command line interface.For example:
Then, when prompted, type the first time access password that you specified when prompted by the PowerShell script.$ ssh <nameoffirstimeaccessuser>@<publicipofbigiq>You can also use a terminal emulator such as PuTTY to test your connectivity.
- At thetmshcommand prompt, typemodify auth password admin.Because this login is visible externally, make sure to use a strong, secure password.The terminal window displays the message:changing password for admin, and then prompts:new password.
- Type your new password and then press Enter.The terminal window displays the message:confirm password.
- Re-type the new password and press Enter.
- At thetmshcommand prompt, typetmsh modify /sys db systemauth.disablerootlogin value false.If the terminal window does not display an error message, then root access is now enabled.
- At thetmshcommand prompt, typemodify auth password root.Because this login is visible externally, make sure to use a strong, secure password.The terminal window displays the message:changing password for root, and then prompts:new password.
- Type your new password and press Enter.The terminal window displays the message:confirm password.
- Re-type the new password and press Enter.
- To ensure that the system retains the password changes, at thetmshcommand prompt, typesave sys config, and then press Enter.