Manual Chapter :
Deploying BIG-IQ Virtual Edition in
Applies To:
Show VersionsBIG-IQ Centralized Management
- 8.3.0, 8.2.0, 8.1.0, 8.0.0
Deploying BIG-IQ Virtual Edition in
How do I deploy a BIG-IQ VE in ?
Load PowerShell Cmdlets
To create a BIG-IQ VE in the Microsoft Azure cloud, you build and
then run a custom PowerShell script composed of a sequence of cmdlets. Before you
can assemble the script, you need to load the cmdlets into your Azure
environment.
This process describes the steps to load the
necessary cmdlets in using the Windows PowerShell user interface. To use the
Azure command line interface, refer to the Azure online documentation published
by Microsoft.
- Log in to the Microsoft Azure command line interface.
- Set the repository name. You can use an entry similar to:set-psrepository -name PSGallery -InstallationPolicy Trusted
- Use the Microsoft Azure command line interface to load the AZureRM cmdlets to your Azure environment.Your command line entry might read:Install-Module -Name AZureRM
Assemble a PowerShell script
Before you can assemble the PowerShell script
with the correct commands, you must have loaded the required PowerShell cmdlets to your
Azure PowerShell environment.
To create a BIG-IQ VE in the Microsoft Azure cloud, you run a custom
PowerShell script composed of a sequence of cmdlets. You assemble the script and
customize the variables as appropriate for your Azure environment and business
requirements.
The example script provided here is designed to use with
PowerShell version 7.0.0 and Microsoft Azure PowerShell cmdlets version 4.7.0 (Az
4.7.0). Do not use this script with previous versions of these two resources.
- Log in to the Microsoft Azure user interface.
- Use the Microsoft Azure user interface to build a PowerShell script using a sequence of cmdlets from your Azure environment.# Tested with PowerShell 7.0.0 and Az module 4.7.0 # Login to Azure Portal Login-AzAccount # Provide values for the variables # instance name $bigiqInstance = 'ExampleBIG-IQ-CM1' # resource group to use $resourceGroup = 'ExampleResourceGroup' $location = 'ExampleRegion' $vmSize = 'Example-Instance-Type' $diskSizeGB = '95' # Azure Network Info $vnetName = 'Example_Vnet' $subnetNic1name = 'Example_Subnet1' $subnetNic2name = 'Example_Subnet2' # VM specific info $ipName = $bigiqInstance + '_Pip' $nic1Name = $bigiqInstance + '_mgmt' $nic2Name = $bigiqInstance + '_internal' $vmName = $bigiqInstance + '-vm' $computerName = $bigiqInstance # Get the username and password to be used for the administrators account on the VM. # This is used when connecting to the VM using ssh. (do NOT use admin for User, e.g. adminUser) $cred = Get-Credential $vnet = Get-AzVirtualNetwork -ResourceGroupName $resourceGroup -Name $vnetName $pip = New-AzPublicIpAddress -Name $ipName -ResourceGroupName $resourceGroup -Location $location ` -AllocationMethod Dynamic $subnetNic1 = Get-AzVirtualNetworkSubnetConfig -Name $subnetNic1name -VirtualNetwork $vnet $subnetNic2 = Get-AzVirtualNetworkSubnetConfig -Name $subnetNic2name -VirtualNetwork $vnet $nic1 = New-AzNetworkInterface -Name $nic1Name -ResourceGroupName $resourceGroup -Location $location ` -SubnetId $subnetNic1.Id -PublicIpAddressId $pip.Id $nic2 = New-AzNetworkInterface -Name $nic2Name -ResourceGroupName $resourceGroup -Location $location ` -SubnetId $subnetNic2.Id # Start building the VM configuration $vm = New-AzVMConfig -VMName $vmName -VMSize $vmSize $vm = Set-AzVMOperatingSystem -VM $vm -Linux -ComputerName $computerName -Credential $cred $vm = Set-AzVMOSDisk -VM $vm -DiskSizeInGB $diskSizeGB -CreateOption FromImage -Caching ReadWrite $vm = Set-AzVMSourceImage -VM $vm -PublisherName f5-networks -Offer f5-big-iq -Skus "f5-bigiq-virtual-edition-byol" -Version latest # Finish the VM configuration and add the NIC. $vm = Add-AzVMNetworkInterface -VM $vm -Id $nic1.Id -Primary $vm = Add-AzVMNetworkInterface -VM $vm -Id $nic2.Id # Set the VM image as source image for the new VM Set-AzVMPlan -VM $vm -Name f5-bigiq-virtual-edition-byol -Product f5-big-iq -Publisher f5-networks # Have to accept terms Get-AzMarketplaceTerms -Name f5-bigiq-virtual-edition-byol -Product f5-big-iq -Publisher f5-networks | Set-AzMarketplaceTerms -Accept # Create the VM New-AzVM -VM $vm -ResourceGroupName $resourceGroup -Location $location # Verify that the VM was created $vmList = Get-AzVM -ResourceGroupName $resourceGroup $vmList.Name
- Change the names of the variables as required to meet your needs. The table lists the variables that must be changed and then lists the variables that you can change if you want to.The first table lists the variables that must be changed, and then the second lists the variables that you can change if you want to.Required Variable Name EntriesYou must revise the variables listed here before you run the PowerShell script.Variable NameDescription$bigiqInstance = 'bigiq_name'Name of the BIG-IQ instance you want to create.$resourceGroup = 'resource_groupResource group in which you want the virtual machine to reside$location = 'geographic_zone'Geographic location in USThis might influence what size virtual machines are available to choose from.$vmSize = 'standard_d4_v3'Platform type of host.$vnetName = 'example_vnet'Name of the virtual network defined for your BIG-IP devices in the Azure cloud.$subnetNic1name = 'Example_Subnet1'Name of the subnet to be used for the first NIC interface created for this BIG-IQ VE.$subnetNic2name = 'Example_Subnet2'Name of the subnet to be used for the second NIC interface created for this BIG-IQ VE.Optional Variable Name EntriesYou can revise these entries, or accept the default values.Variable NameDescription$ipName = $bigiqInstance + '_Pip'The public name of the instance created by this script.$nic1Name = $bigiqInstance + '_mgmt'The name of the first NIC interface created for this BIG-IQ VE.$nic2Name = $bigiqInstance + '_internal'The name of the second NIC interface created for this BIG-IQ VE.$vmName = $bigiqInstance + '-vm'The name of the virtual machine created for this BIG-IQ VE.$computerName = $bigiqInstanceThe name of the computer created for this BIG-IQ VE.
- When you finish customizing the variable names in the script, save it to a location you can access and make note of the script name and location.
Run a PowerShell
script to deploy a BIG-IQ VE virtual machine
You must have created a custom PowerShell
script and saved it to a location that you can access.
Running the custom PowerShell script that you have assembled
creates a new BIG-IQ VE instance in your Microsoft Azure environment.
- From the Microsoft Azure PowerShell command line interface, locate and run the custom PowerShell script that you have prepared.The script prompts you for your Microsoft Azure account credentials.
- Type the Microsoft Azure account credentials and then clickOK.The script prompts you for the credentials that you want to specify for first time access to the BIG-IQ VE you are creating.
- Type the first time access credentials and then clickOK.The rest of the script runs and begins creating the VE image without further prompts. When you see the name of the virtual machine ($vmName = $bigiqInstance + '-vm') specified in the PowerShell script appear in the list of objects in the Microsoft Azure portal, that means that you can move on to the next step. Add your management interface to the security group that controls access to your Azure instances.
Add the management
interface to your security group
Before you can log in and set up your BIG-IQ VE, you must make it
accessible. To do this, you add the management interface to the security group that
controls access to your Microsoft Azure cloud.
- On the Microsoft Azure Portal All services screen, click theResource groupsicon to display the resource groups defined on your portal.
- Click the name of the resource group specified in your PowerShell script.
- Click the name of the management interface specified in your PowerShell script and note a couple of things:
- There is no security group specified for this interface.
- The Public IP address value. You will need this address to access the BIG-IQ VE.
You can use the filters at the top of the list to show only selected object types. If you filter on Network interface, it is much easier to find the name you are looking for. - On the left, click theNetwork Security groupicon.
- At the top of the screen, click theEditicon, and then click the right arrow to view the list of security groups defined on your portal.
- From the list of security groups, click the name of the security group you plan to use for your BIG-IQ VE, and then click theSaveicon.
Set the admin and root passwords
To
perform this task, you must first:
- Run a PowerShell script to create a BIG-IQ VE.
- Use a security group to make the virtual machine management port accessible through the Internet.
- Know the public IP address assigned to the BIG-IQ VE.
To access your BIG-IQ instance with a browser and an admin password,
you must create an admin user password. You can specify an admin password using an SSH
session and a set of
tmsh
commands.tmsh
commands. If you decide to
create an admin or root password, choose the password wisely. Bear in mind that,
depending on your Security Group policies, this login might provide external SSH access
to the BIG-IQ.
If you plan on setting this BIG-IQ up in a high availability configuration, both the active and the standby BIG-IQ systems must have root access enabled.
- Use the credentials that you specified for first time access, and the public IP address of your BIG-IQ VE to log in to the new BIG-IQ that you just launched using a command line interface.For example:
Then, when prompted, type the first time access password that you specified when prompted by the PowerShell script.$ ssh <nameoffirstimeaccessuser>@<publicipofbigiq>You can also use a terminal emulator such as PuTTY to test your connectivity. - At thetmshcommand prompt, typemodify auth password admin.Because this login is visible externally, make sure to use a strong, secure password.The terminal window displays the message:changing password for admin, and then prompts:new password.
- Type your new password and then pressEnter.The terminal window displays the message:confirm password.
- Re-type the new password and pressEnter.
- If you plan on setting this BIG-IQ up in a high availability configuration, perform this step to enable root access on this BIG-IQ VE. Otherwise, proceed to the next step to save your password changes.
- At thetmshcommand prompt, typetmsh modify /sys db systemauth.disablerootlogin value false.If the terminal window does not display an error message, then root access is now enabled.
- At thetmshcommand prompt, typemodify auth password root.The terminal window displays the message:Because this login is visible externally, make sure to use a strong, secure password.changing password for root, and then prompts:new password.
- Type your new password and pressEnter.The terminal window displays the message:confirm password.
- Re-type the new password and then pressEnter.
- Re-type the new password and pressEnter.
- To ensure that the system retains the password changes, at thetmshcommand prompt typesave sys config, and then pressEnter.
The admin and root passwords are now
changed.
Before you can use this new BIG-IQ, you must license it. Refer to
Deploying a BIG-IQ for Centralized Management
in the Setting up and Configuring a BIG-IQ Centralized Management Solution
guide for step by step instructions. You can find this guide on support.F5.com
.The last step in the setup and licensing process prompts you to change the admin and root passwords. When you reach that step, do not type in a password. No entry that you provide will be processed successfully. Instead, just click
Next
to complete the process.