Manual Chapter :
BIG-IQ Deployment Planning Overview
Applies To:
Show VersionsBIG-IQ Centralized Management
- 7.1.0
BIG-IQ Deployment Planning Overview
Before you deploy BIG-IQ
Before you begin to deploy a BIG-IQ system, you should complete these
preparations.
- Determine the deployment scenario that works best for your needs.
- Create the interfaces, communications, and networks needed to support your deployment scenario
- Configure your network (including switches and firewalls) to permit BIG-IQ network traffic to flow based on the deployment scenario you choose.
- Assemble the passwords, IP addresses, and licensing information needed for the BIG-IQ cluster components.
What kind of solutions can BIG-IQ provide?
There are a number of solutions you can provision and configure the BIG-IQ to provide. You decide whether you need a simple license management tool or a more elaborate centralized management solution. You can choose a centralized management solution that manages every aspect of your BIG-IP traffic applications, including: backups, licensing, monitoring, configuration management, threat detection and mitigation, and application management. The solution you choose determines not only which components you need, but which resources you need to make available and how you need to configure them.
BIG-IQ can function in one of three modes. In the user interface, these modes are referred to as system personalities.
- BIG-IQ Centralized Management
- In this mode, you can manage BIG-IP devices and all of their services (such as LTM, AFM, ASM, and so forth), from one location. BIG-IQ can manage up to 1000 (physical, virtual, or vCMP) BIG-IP devices In this mode, you have access to all BIG-IQ features. Using BIG-IQ helps you more efficiently manage your BIG-IP devices. That means you and your co-workers don't have to log in to individual BIG-IP systems to get your job done. Instead, you can discover, upgrade, deploy policy changes, manage licenses, and more, from just one place. From BIG-IQ, you can manage a variety of tasks from software updates to health monitoring, and traffic to security. And because permissions for users are role-based, you can limit access to just a few trusted administrators to minimize downtime and potential security issues. You can also allow users to view or edit only those BIG-IP objects that they need to do their job. This system personality requires a license.
- BIG-IQ Data Collection Device
- In this mode, the BIG-IQ functions only as a DCD. You cannot access any device or license management features. A DCD helps you to manage and store alerts, events, and statistical data from your managed BIG-IP devices. Gathering and analyzing data helps you make intelligent decisions about you network. This system personality does not require a license.
- License Manager
- In this mode, the BIG-IQ functions only as the license administrator for un-managed devices. You cannot access any device management or data collection features. BIG-IQ can handle licensing for up to 5,000 un-managed devices. This system personality does not require a license.
- For an end-to-end workflow detailing how to deploy BIG-IQ as a license administrator for un-managed BIG-IP devices, refer to:Deploy BIG-IQ to manage licenses for BIG-IP VE devicesonsupport.f5.com.
When you install BIG-IQ for centralized device management, you need a license to complete the installation. The other BIG-IQ system personalities do not require a license.
What components comprise a BIG-IQ solution?
The components that comprise A BIG-IQ solution are listed below. Which
components (and how many of each) you use depends on the kind of problems your business
plans to solve.
BIG-IQ centralized manager | You can use the BIG-IQ to centrally manage your
BIG-IP devices, performing operations such as backups, licensing, monitoring,
configuration management, and application management. Because access to each
area of BIG-IQ is role-based, you can limit access to users, thus maximizing
work flows while minimizing errors and potential security issues. The BIG-IQ dashboards provide the visibility you need to
facilitate these management tasks. When you set up your BIG-IQ Centralized
Management (CM) with a cluster of BIG-IQ Data Collection Devices (DCDs),
these dashboards show you analytics and statistics data from your managed
BIG-IP services. Viewing details and trends for the analytics, events, and
alerts, generated by your BIG-IP traffic, provides you the information you
need to manage it efficiently and effectively. | |
BIG-IP devices | Each BIG-IP device runs a number of licensed
services designed around application availability, access control, and security
solutions. These components run on top of F5 Traffic Management Operating
System (TMOS). This custom operating system is an event driven operating system
designed specifically to inspect network and application traffic and make
real-time decisions based on the configurations you provide. The BIG-IP
software runs on both hardware and virtual environments. | |
BIG-IQ data collection devices | The data collection
device (DCD) is a specially provisioned BIG-IQ system that manages
and stores the alerts, events, and analytics data from your BIG-IP systems.
This solution provides F5's best insight into your network. The BIG-IQ
Centralized Management (CM) uses the data that the BIG-IQ DCD collects from
your managed BIG-IP devices to generate a number of dashboards. These
dashboards (on the Monitoring and Application tabs) provide you with visibility
into the health of your devices and the applications. Configuration tasks on the BIG-IP system determine when and how alerts or
events are triggered. The group of data collection devices that work together
to store and manage your data are referred to as the data collection cluster . The individual
BIG-IQ DCD and BIG-IQ CM devices are generally referred to as nodes . | |
Remote storage device | The remote storage device is necessary only when
your deployment includes a DCD and you plan to store backups of your events,
alerts, and statistical data for disaster recovery . Remote storage is also
required so that you can retain this data when you upgrade your BIG-IQ
software. | |
Quorum DCD device | If you want BIG-IQ to automatically failover to a
peer BIG-IQ in a high availability (HA) configuration, you must identify a DCD
to serve as a quorum device . Automatic
failover is an option when two BIG-IQ and one DCD are in the same Layer 2
network in on-premises environments. The quorum device is used to determine
which BIG-IQ in the HA configuration is active. If communication is disrupted
between the active and standby BIG-IQ in the HA pair, the BIG-IQ that can
communicate with the quorum device becomes active. Automatic failover provides
the option to configure a floating management (mgmt) IP address that can be
used by the active BIG-IQ, supported by the Qurorum DCD over a shared, layer 2
network. The quorum device is a DCD, so it can be included in a DCD cluster.
But because it is a DCD, not a BIG-IQ, it cannot be not used as a standby
BIG-IQ in an HA configuration. |