Manual Chapter : BIG-IQ Deployment Planning Overview

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 7.1.0
Manual Chapter

BIG-IQ Deployment Planning Overview

Before you deploy BIG-IQ

Before you begin to deploy a BIG-IQ system, you should complete these preparations.
  • Determine the deployment scenario that works best for your needs.
  • Create the interfaces, communications, and networks needed to support your deployment scenario
  • Configure your network (including switches and firewalls) to permit BIG-IQ network traffic to flow based on the deployment scenario you choose.
  • Assemble the passwords, IP addresses, and licensing information needed for the BIG-IQ cluster components.

What kind of solutions can BIG-IQ provide?

There are a number of solutions you can provision and configure the BIG-IQ to provide. You decide whether you need a simple license management tool or a more elaborate centralized management solution. You can choose a centralized management solution that manages every aspect of your BIG-IP traffic applications, including: backups, licensing, monitoring, configuration management, threat detection and mitigation, and application management. The solution you choose determines not only which components you need, but which resources you need to make available and how you need to configure them.
BIG-IQ can function in one of three modes. In the user interface, these modes are referred to as system personalities.
BIG-IQ Centralized Management
In this mode, you can manage BIG-IP devices and all of their services (such as LTM, AFM, ASM, and so forth), from one location. BIG-IQ can manage up to 1000 (physical, virtual, or vCMP) BIG-IP devices In this mode, you have access to all BIG-IQ features. Using BIG-IQ helps you more efficiently manage your BIG-IP devices. That means you and your co-workers don't have to log in to individual BIG-IP systems to get your job done. Instead, you can discover, upgrade, deploy policy changes, manage licenses, and more, from just one place. From BIG-IQ, you can manage a variety of tasks from software updates to health monitoring, and traffic to security. And because permissions for users are role-based, you can limit access to just a few trusted administrators to minimize downtime and potential security issues. You can also allow users to view or edit only those BIG-IP objects that they need to do their job. This system personality requires a license.
BIG-IQ Data Collection Device
In this mode, the BIG-IQ functions only as a DCD. You cannot access any device or license management features. A DCD helps you to manage and store alerts, events, and statistical data from your managed BIG-IP devices. Gathering and analyzing data helps you make intelligent decisions about you network. This system personality does not require a license.
License Manager
In this mode, the BIG-IQ functions only as the license administrator for un-managed devices. You cannot access any device management or data collection features. BIG-IQ can handle licensing for up to 5,000 un-managed devices. This system personality does not require a license.
For an end-to-end workflow detailing how to deploy BIG-IQ as a license administrator for un-managed BIG-IP devices, refer to:
Deploy BIG-IQ to manage licenses for BIG-IP VE devices
on
support.f5.com
.
When you install BIG-IQ for centralized device management, you need a license to complete the installation. The other BIG-IQ system personalities do not require a license.

What components comprise a BIG-IQ solution?

The components that comprise A BIG-IQ solution are listed below. Which components (and how many of each) you use depends on the kind of problems your business plans to solve.
BIG-IQ centralized manager
You can use the BIG-IQ to centrally manage your BIG-IP devices, performing operations such as backups, licensing, monitoring, configuration management, and application management. Because access to each area of BIG-IQ is role-based, you can limit access to users, thus maximizing work flows while minimizing errors and potential security issues.
The BIG-IQ dashboards provide the visibility you need to facilitate these management tasks. When you set up your BIG-IQ Centralized Management (CM) with a cluster of BIG-IQ Data Collection Devices (DCDs), these dashboards show you analytics and statistics data from your managed BIG-IP services. Viewing details and trends for the analytics, events, and alerts, generated by your BIG-IP traffic, provides you the information you need to manage it efficiently and effectively.
BIG-IP devices
Each BIG-IP device runs a number of licensed services designed around application availability, access control, and security solutions. These components run on top of F5 Traffic Management Operating System (TMOS). This custom operating system is an event driven operating system designed specifically to inspect network and application traffic and make real-time decisions based on the configurations you provide. The BIG-IP software runs on both hardware and virtual environments.
BIG-IQ data collection devices
The
data collection device
(DCD) is a specially provisioned BIG-IQ system that manages and stores the alerts, events, and analytics data from your BIG-IP systems. This solution provides F5's best insight into your network. The BIG-IQ Centralized Management (CM) uses the data that the BIG-IQ DCD collects from your managed BIG-IP devices to generate a number of dashboards. These dashboards (on the Monitoring and Application tabs) provide you with visibility into the health of your devices and the applications.
Configuration tasks on the BIG-IP system determine when and how alerts or events are triggered.
The group of data collection devices that work together to store and manage your data are referred to as the
data collection cluster
. The individual BIG-IQ DCD and BIG-IQ CM devices are generally referred to as
nodes
.
Remote storage device
The remote storage device is necessary only when your deployment includes a DCD and you plan to store backups of your events, alerts, and statistical data for disaster recovery . Remote storage is also required so that you can retain this data when you upgrade your BIG-IQ software.
Quorum DCD device
If you want BIG-IQ to automatically failover to a peer BIG-IQ in a high availability (HA) configuration, you must identify a DCD to serve as a
quorum device
. Automatic failover is an option when two BIG-IQ and one DCD are in the same Layer 2 network in on-premises environments. The quorum device is used to determine which BIG-IQ in the HA configuration is active. If communication is disrupted between the active and standby BIG-IQ in the HA pair, the BIG-IQ that can communicate with the quorum device becomes active. Automatic failover provides the option to configure a floating management (mgmt) IP address that can be used by the active BIG-IQ, supported by the Qurorum DCD over a shared, layer 2 network. The quorum device is a DCD, so it can be included in a DCD cluster. But because it is a DCD, not a BIG-IQ, it cannot be not used as a standby BIG-IQ in an HA configuration.