Manual Chapter : CE file for BIG-IQ licensing and initial setup

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 7.1.0
Manual Chapter

CE file for BIG-IQ licensing and initial setup

You must have a base registration key before you can license the BIG-IQ system. If you do not have a base registration key, contact the F5 Networks sales group (
f5.com
). After you set up your BIG-IQ VE or set up your BIG-IQ 7000 Series, you can install the BIG-IQ software license.
  1. Use a browser to log in to BIG-IQ by typing
    https://
    <management_IP_address>
    , where
    <management_IP_address>
    is the address you specified for device management.
  2. Click
    Activate
    .
  3. Select
    New License
    and click the
    Next
    button.
  4. Select
    Skip License
    and click the
    Next
    button.
  5. Type a
    Passphrase
    that satisfies the requirements specified on screen, and then type the same phrase for
    Confirm Passphrase
    , and then click the
    Next
    button.
    BIG-IQ uses the pass phrase to generate a master key, which BIG-IQ uses to communicate with other BIG-IQ systems in your configuration.
    • It's important to keep track of the pass phrase for the master key, because you cannot recover it if you lose it. You can change the master key at any time only if this BIG-IQ is not part of a BIG-IQ high availability or DCD configuration from the
      System
      THIS DEVICE
      General Properties
      screen.
    • You must have the passphrase used to generate the master key before you can change the master key.
    • Finally, when you backup and restore a BIG-IQ, the master key is backed up with the rest of the data, and you cannot restore that data onto a BIG-IQ that has a different master key, so without that key you will be unable to have this BIG-IQ and it's data in an HA or DCD configuration.
    If you are setting up a Microsoft Azure VE, and you type an entry in any of the fields, you will not be able to continue successfully. The only way to proceed is to leave all of the fields empty and click the
    Next
    button at the bottom of the screen. This allows the system to use the first-time access credentials you specified previously.
  6. In
    Base Registration Key
    box, paste the BIG-IQ registration key.
  7. In
    Add-On Keys
    , paste any additional license key you have.
  8. To add another additional add-on key, click the
    +
    sign and paste the additional key in the new
    Add-On Keys
    field.
  9. For
    Activation Method
    , select
    Automatic
    , click the
    Activate
    button, and then click the
    Next
    button.
    If you are setting up BIG-IQ for the first time, the Accept User Legal Agreement screen opens. To accept the license agreement, click the
    Agree
    button, and then click the
    Next
    button.
    BIG-IQ displays the Master Key page.
  10. Type a
    Passphrase
    that satisfies the requirements specified on screen, and then type the same phrase for
    Confirm Passphrase
    , and then click the
    Next
    button.
    BIG-IQ uses the pass phrase to generate a Master Key. For a BIG-IQ high availability (HA) configuration, this pass phrase must be the same on all BIG-IQ systems or they won't be able to communicate with each other.
    • Make sure you keep track of the pass phrase, because it cannot be recovered if you lose it.
    • You must have the passphrase used to generate the master key before you can change the master key.
    • Finally, when you backup and restore a BIG-IQ, the master key is backed up with the rest of the data, and you cannot restore that data onto a BIG-IQ that has a different master key.
    If you are setting up a Microsoft Azure VE, and you type an entry in any of the fields, you will not be able to continue successfully. The only way to proceed is to leave all of the fields empty and click the
    Next
    button at the bottom of the screen. This allows the system to use the first-time access credentials you specified previously.
  11. Type a
    Passphrase
    that satisfies the requirements specified on screen, and then type the same phrase for
    Confirm Passphrase
    .
    The DCD uses the pass phrase to generate a Master Key. This pass phrase must be the same on all of the devices in the DCD cluster or they won't be able to communicate with each other. Make sure you keep track of the pass phrase, because it cannot be recovered if you lose it.
    • Make sure you keep track of the pass phrase, because it cannot be recovered if you lose it. To protect the security of this device, you must have the pass phrase used to generate the master key before you can change the master key.
    • To add a BIG-IQ to an HA or DCD configuration, its master key must match the key for the other devices in the BIG-IQ HA or DCD configuration. So if the pass phrase is different and you do not know what it is, the only way to add that BIG-IQ to a cluster is to reset it to its factory defaults; However, that reset destroys any data on that BIG-IQ.
    • Finally, when you backup and restore a BIG-IQ, the master key is backed up with the rest of the data, and you cannot restore that data onto a BIG-IQ that has a different master key, so without that key you will be unable to have this BIG-IQ and it's data in an HA or DCD configuration.
    If you are setting up a Microsoft Azure VE, and you type an entry in any of the fields, you will not be able to continue successfully. The only way to proceed is to leave all of the fields empty and click the
    Next
    button at the bottom of the screen. This allows the system to use the first-time access credentials you specified previously.
  12. Specify an admin and root password and click the
    Next
    button.
  13. For System Personality, select
    BIG-IQ Central Management
    and click the
    Next
    button.
    You cannot undo this choice. Once you license a device as a BIG-IQ Central Management, you can't change your mind and license it as a BIG-IQ Data Collection Device.
  14. For System Personality, select
    BIG-IQ Data Collection Device
    and click the
    Next
    button.
    You cannot undo this choice. Once you license a device as a BIG-IQ Data Collection, you can't change your mind and license it as a BIG-IQ Data Collection Device.
  15. For System Personality, select
    BIG-IQ License Manager
    and click the
    Next
    button.
  16. On the System Personality screen, select the option that applies to how you intend to use the BIG-IQ, and then click
    Next
    .
    You cannot undo this choice. Once you license a device as a BIG-IQ Central Management, you can't change your mind and license it as a BIG-IQ Data Collection Device.
    The Networking screen opens.
  17. In the
    Hostname
    box, type a fully-qualified domain name (FQDN) for the system.
    The FQDN can consist of letters and numbers, as well as the characters underscore ( _ ), dash ( - ), or period ( . ).
  18. Type the
    Management Port IP Address
    and
    Management Port Route
    .
    The management port IP address must be in Classless Inter-Domain Routing (CIDR) format. For example:
    10.10.10.10/24
    .
  19. Select an option for what you want BIG-IQ to use for the
    Discovery Address
    .
    BIG-IQ uses this address for bi-lateral communication with its managed BIG-IP devices.
    When choosing whether to use the management port or a self IP address, consider the long-term ramifications. Changing the discovery address is a lengthy process that includes rediscovering all managed BIG-IP devices. If your deployment includes a data collection device (DCD) cluster, you would also need to reset and rebuild the entire cluster to change the discovery address for this BIG-IQ.
    • To use the management port, select
      Use Management Address
      .
    • To use the internal self IP address, select
      Self IP Address
      , and type the IP address.
      If you are configuring BIG-IQ to manage applications in a service scaling group (SSG), use the internal self IP address.
      If you plan to manage both IPv4 and IPv6 devices, you must configure an additional interface. BIG-IQ does not manage both protocols on the same interface. You can use a self IP address for this. So if your deployment includes DCDs, your discovery address will use one internal self IP address and you will need to add a second self IP to facilitate discovery of both protocol types.
      The self IP address must be in Classless Inter-Domain Routing (CIDR) format. For example:
      10.10.10.10/24
      .
  20. If you want to create a self IP address, click the
    Create
    button in the
    Self IPs
    section.
  21. If you want to associate a VLAN with the new self IP address, click
    Create
    button in the
    VLANs
    section.
  22. To create self IP addresses, click the self IP address
    Create
    button and specify the name and self IP address.
  23. To create VLANs, click the VLAN
    Create
    button and:
    1. Type a name and optional description for this VLAN.
    2. In the
      Tag
      field, type an optional tag number for this VLAN. The tag number can be any integer between
      1
      and
      4094
      . The system automatically assigns a tag number if you do not specify a value.
    3. From the
      Interface
      list, you can select an interface. An interface is a physical or virtual port that you use to connect the BIG-IQ system to managed devices in your network.
    4. In the
      MTU
      field, type an optional frame size value for Path Maximum Transmission Unit (MTU).
      By default, BIG-IP devices use the standard Ethernet frame size of 1518 bytes (1522 bytes if VLAN tagging is used) with the corresponding MTU of 1500 bytes. For BIG-IP devices that support Jumbo Frames, you can specify another MTU value and click the
      Save
      button.
  24. Specify what you want the DCD to use for the
    Discovery Address
    .
    The DCD uses this address to communicate with the BIG-IQ. Best practice is to use the same option (management or self-ip) for all of the BIG-IQ systems and DCDs you set up.
    When choosing whether to use the management port or a self IP address, consider the long-term ramifications. Changing the discovery address is a lengthy process that includes resetting and rebuilding the entire cluster to change the discovery address for this DCD.
    • To use the management IP address, select
      Use Management Address
      .
    • To use the internal self IP address, select
      Self IP Address
      , and type the IP address.
      The self IP address must be in Classless Inter-Domain Routing (CIDR) format. For example:
      10.10.10.10/24
      .
  25. For
    Activation Method
    , select
    Manual
    and click the
    Get Dossier
    button.
    The BIG-IQ system refreshes and displays the dossier in the
    Device Dossier
    field.
  26. Click the
    Next
    button at the bottom of the screen.
  27. Select and copy the text displayed in
    Device Dossier
    .
  28. Click the
    Access F5 manual activation web portal
    link.
    The Activate F5 Product site opens.
  29. Into the
    Enter your dossier
    field, paste the dossier.
    Alternatively, if you saved the file, click the
    Choose File
    button and navigate to it.
  30. Click
    Next
    .
    • If you are setting up this device for the first time, the Accept User Legal Agreement screen opens. To accept the license agreement, select
      I have read and agree to the terms of this license
      , and click
      Next
      . The licensing server creates the license key text.
    • If you have set up this device before, the licensing server goes right to generating the license text.
  31. Copy the license key.
  32. In the
    License Text
    field on BIG-IQ, paste the license text.
  33. Click the
    Activate
    button.
  34. Click
    Accept
    .
  35. In the
    DNS Lookup Servers
    field, type the IP address of your DNS server.
    You can click the
    Test Connection
    button to verify that BIG-IQ can reach that IP address.
  36. In the
    DNS Search Domains
    field, type the name of your search domain.
    The DNS search domain list allows the BIG-IQ system to search for local domain lookups to resolve local host names.
  37. In the
    Time Servers
    field, type the IP addresses of your Network Time Protocol (NTP) server.
    You can click the
    Test Connection
    button to verify that BIG-IQ can reach the IP address.
  38. From the
    Time Zone
    list, select your local time zone.
  39. Click the
    Next
    button at the bottom of the screen.
  40. After you reviewing the details, click
    Launch
    .