Manual Chapter : BIG-IP Devices, HA Pairs, and Clusters

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 7.1.0
Manual Chapter

BIG-IP Devices, HA Pairs, and Clusters

Preliminary tips for putting an Access group together

As you start to think about how to group BIG-IP devices into Access groups that share a configuration, there are a few things you might want to keep in mind. When you select a device for an Access group, you are selecting the shared configuration for all of the devices in the group.
When you add BIG-IP devices to an Access group, Access evaluates the differences between the devices in the group. Access reports the differences for your information. If you need to make configuration changes on any of the devices, Access lets you know which device to change, and which object to update, delete, or add.

Things to know about machine accounts

Machine accounts support Microsoft Exchange clients that use NTLM authentication. An NTLM Auth Configuration object refers to a machine account. If the APM® configurations on the BIG-IP systems include machine accounts, you might want to be aware of the following information.
In an Access group, the machine accounts on the devices must each have been created with the same name. If this is not the case, the deployment fails. The deployment differences will include the names of the devices on which you must reconfigure the machine accounts before you can successfully deploy.

Configure a machine account

You may configure a machine account so that Access can establish a secure channel to a domain controller.
  1. Log in to the BIG-IQ system with your user name and password.
  2. At the top of the screen, select
    , then on the left side of the screen, click
    Access Groups
  3. Click the name of an Access group.
    A new screen displays the group's properties.
  4. Expand
    and click
    Machine Account
    The New Machine Account screen displays.
  5. In the
    field, type a name for the configuration..
  6. From
    , select the associated BIG-IP device. This only displays when you create a device-specific OCSP Responder server.
  7. In the Configuration area, in the
    Machine Account Name
    field, type a name.
  8. In the
    Domain FQDN
    field, type the fully qualified domain name (FQDN) for the domain that you want the machine account to join.
  9. In the
    Domain Controller FQDN
    field, type the FQDN for a domain controller.
  10. In the
    Admin User
    field, type the name of a user who has administrator privilege.
  11. In the
    Admin Password
    field, type the password for the admin user.
    Access uses these credentials to create the machine account on the domain controller. However, Access does not store the credentials and you do not need them to update an existing machine account configuration later.
  12. Click
This creates a machine account and joins it to the specified domain. This also creates a non-editable
NetBIOS Domain Name
field that is automatically populated.
If the
NetBIOS Domain Name
field on the machine account is empty, delete the configuration and recreate it. The field populates.

Things to know about bandwidth controller configurations

On a BIG-IP device, bandwidth controller configuration objects (policies and priority groups) are configured at the system level. In APM®, they are used to provide traffic shaping for Citrix clients that support MultiStream ICA. In an access policy, a
BWC policy
item refers to a bandwidth controller policy. If the APM configurations on the BIG-IP systems refer to bandwidth controller objects, you should be aware of the following information.
The bandwidth controller configuration objects on the device are treated as if they were part of the Access shared configuration. That means when you import the APM service configuration from a device, the bandwidth controller objects are imported and cannot be updated in the BIG-IQ system. When you deploy the configuration, deployment creates the bandwidth controller objects on the devices.