Manual Chapter : Managing Object Pinning

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 7.1.0
Manual Chapter

Managing Object Pinning

What is object pinning?

You
pin
an object, such as a logging profile, to a pinning policy to have it included in a deployment. The pinning policy is associated with a BIG-IP device and has the same name as the BIG-IP device. You do not create pinning policies. Pinning policies always exist to contain objects that get pinned to a policy.
You pin an object to a pinning policy for a BIG-IP device to mark the object as being used by the BIG-IP device configuration, and to have it deployed with that configuration and not deleted from the device. When an object is pinned for deployment to a BIG-IP device that is part of a cluster, the object is deployed to the other member of the cluster as well.
You use the Pinning Policies screen to pin policy objects so that they are deployed to a BIG-IP device, or to view the objects that are already pinned to be deployed to a BIG-IP device. The objects that can be selected for pinning differ depending on which service is being used. For example, only the Network Security service allows you to pin firewall policy objects, and only the Local Traffic service allows you to pin SMTP server objects. You can pin objects to, or unpin objects from, multiple BIG-IP device pinning policies at once.
Both the system and users can pin an object. But users can unpin only objects that are labeled as user pinned. For easy identification, objects pinned by a user are listed with the User identifier in the Pin Source Tags column on the Pinning Policy Properties screen. Any user can unpin a user pinned object.

Pin objects to a BIG-IP device pinning policy

You pin objects, such as logging profiles, to BIG-IP device pinning policies to ensure that the objects are deployed to BIG-IP devices. The process for pinning to a single BIG-IP device pinning policy differs from the process for pinning to several BIG-IP device pinning policies.
  1. Open the Pinning Policies screen. How you access the screen depends on the service you are using.
    • To pin Local Traffic service objects, click
      Configuration
      LOCAL TRAFFIC
      Pinning Policies
      .
    • To pin Network Security service objects, click
      Configuration
      SECURITY
      Network Security
      Pinning Policies
      .
    • To pin Shared Security service objects, click
      Configuration
      SECURITY
      Shared Security
      Pinning Policies
      .
    • To pin Access service objects, click
      Configuration
      ACCESS
      Access Groups
      Pinning Policies
      . An Access group must exist to see this menu item.
    • To pin DNS service objects, click
      Configuration
      DNS
      Pinning Policies
      .
  2. Decide whether to pin to a single BIG-IP device pinning policy, or multiple BIG-IP device pinning policies.
    • Go to Step 3 to pin objects to a single BIG-IP device pinning policy.
    • Go to Step 4 to pin objects to multiple BIG-IP device pinning policies.
  3. To pin objects to a pinning policy for a single BIG-IP device:
    1. Click the name of the BIG-IP device pinning policy to which you will pin objects. (It has the same name as the associated BIG-IP device.)
      The properties screen opens.
    2. At the top of the area near the bottom of the screen, select the type of object to be pinned.
      The screen lists objects of the type you selected.
    3. Select the check box to the left of the objects to be pinned, and click
      Add Selected
      .
  4. To pin objects to multiple BIG-IP device pinning policies:
    1. Select the check boxes for the BIG-IP device pinning policies to which to pin objects, and click
      Pin to Multiple Policies
      .
      The properties screen opens and displays the selected BIG-IP device pinning policies.
    2. In the area near the bottom of the screen, select the type of object to be pinned.
      The screen lists objects of the type you selected.
    3. Select the check box for objects to be pinned and click
      Add Selected
      .
  5. When you are satisfied with the changes you have made, click
    Save & Close
    .
    A dialog box displays the success of the pinning operation. The object, or objects, are pinned to the pinning policy for the BIG-IP device, or devices, and will be deployed with them.
Changes that you make are made only to the pending version. The
pending version
serves as a repository for changes you stage before deploying them to the managed device. Object settings for the pending version are not the same as the object settings on the actual BIG-IP device until they are deployed or discarded.
When you finish revising the settings for this policy, the next step is to evaluate and then deploy the changes to the target device. Until you deploy the changes stored in the pending version, objects on the managed device are not changed.

Unpin objects from a BIG-IP device pinning policy

You unpin objects, such as logging profiles, from a BIG-IP device pinning policy when they no longer need to be deployed with the BIG-IP device. The process for unpinning from a single BIG-IP device pinning policy differs from the process for unpinning from several BIG-IP device pining policies.
Both the system and users can pin an object. But users can unpin only objects that are labeled as user pinned. For easy identification, objects pinned by a user are listed with the User identifier in the Pin Source Tags column on the Pinning Policy Properties screen. Any user can unpin a user pinned object.
  1. Open the Pinning Policies screen. How you access the screen depends on the service you are using.
    • To unpin Local Traffic service objects, click
      Configuration
      LOCAL TRAFFIC
      Pinning Policies
      .
    • To unpin Network Security service objects, click
      Configuration
      SECURITY
      Network Security
      Pinning Policies
      .
    • To unpin Shared Security service objects, click
      Configuration
      SECURITY
      Shared Security
      Pinning Policies
      .
    • To pin Access service objects, click
      Configuration
      ACCESS
      Access Groups
      Pinning Policies
      . An Access group must exist to see this menu item.
    • To pin DNS service objects, click
      Configuration
      DNS
      Pinning Policies
      .
  2. Decide whether to unpin from a single BIG-IP device pinning policy, or from multiple BIG-IP device pinning policies.
    • Go to Step 3 to unpin objects from a single BIG-IP device pinning policy.
    • Go to Step 4 to unpin objects from multiple BIG-IP device pinning policies.
  3. To unpin objects from a single BIG-IP device pinning policy:
    1. Click the name of the BIG-IP device pinning policy from which to unpin objects.
      The properties screen opens.
    2. In the Selected Resources area, expand the resource type of the object you want to unpin.
      The screen lists objects of the type you selected.
    3. Select the check box for the objects to be unpinned and click
      Remove
      .
      Both the system and users can pin an object. But users can unpin only objects that are labeled as user pinned. For easy identification, objects pinned by a user are listed with the User identifier in the Pin Source Tags column on the Pinning Policy Properties screen. Any user can unpin a user pinned object.
  4. To unpin objects from multiple BIG-IP device pinning policies:
    1. Select the check boxes for the BIG-IP device pinning policies from which to unpin objects, and click
      Unpin from Multiple Policies
      .
      The properties screen opens and displays the selected BIG-IP device pinning policies.
    2. In the lower area of the screen, select the type of object to be unpinned.
      The screen lists objects of the type you selected.
    3. Select the check box for the objects to unpin and click
      Add Selected
      .
      The Selected Resources area lists the objects to be unpinned. Both the system and users can pin an object. But users can unpin only objects that are labeled as user pinned. For easy identification, objects pinned by a user are listed with the User identifier in the Pin Source Tags column on the Pinning Policy Properties screen. Any user can unpin a user pinned object.
  5. When you are satisfied with the changes you have made, click
    Save & Close
    .
    A dialog box displays the success of the unpinning operation. The object, or objects, are unpinned to the pinning policy for the BIG-IP device, or devices, and will be deployed with them.
Changes that you make are made only to the pending version. The
pending version
serves as a repository for changes you stage before deploying them to the managed device. Object settings for the pending version are not the same as the object settings on the actual BIG-IP device until they are deployed or discarded.
When you finish revising the settings for this policy, the next step is to evaluate and then deploy the changes to the target device. Until you deploy the changes stored in the pending version, objects on the managed device are not changed.