Manual Chapter :
BIG-IP Access (APM) Visibility
Applies To:
Show VersionsBIG-IQ Centralized Management
- 8.2.0, 8.1.0
BIG-IP Access (APM) Visibility
Overview: About the BIG-IP configuration for Access visibility
The F5 BIG-IQ Centralized Management Application Summary
dashboard displays statistics for applications and users that are managed by
the BIG-IP system. This includes the most requested applications, and how
often individual users access the applications. For example, as an
administrator, you can see the application summary report for the SharePoint
application managed by the BIG-IQ system. You can use the report to track
usage statistics, such as the request count for SharePoint and the most
frequent users by request count. You can also adjust the time slider to see
statistics for a certain time period.
To display these statistics, you must configure the BIG-IP
system to classify the application traffic, create log messages, and send
them to the BIG-IQ system. You can choose from two types of configurations:
- Basic
- A Basic configuration is your starting point to configure the BIG-IP system for application visibility. In some cases, you only need this option to generate the application logs and send them to the BIG-IQ system.
- Advanced
- In an Advanced configuration, after you configure a basic configuration and validate the reports, you might need to configure more BIG-IP resources such as classification presets and profiles. This situation typically occurs if there are no predefined classification profile in the application where you want to display statistics and reports.
Before you begin configuring application visibility, refer to
Access Reporting and Statistics
,
in the BIG-IQ: Monitoring and Reports
guide. Configure both BIG-IP and BIG-IP APM. Portal
Access is not supported.
Notice the length of time displayed by the line graph,
dictated by the time slider above. Also notice the top ten applications,
with SharePoint at number one. You can select an application and view the
usage over time and the top users for that application.
View and configure the Application Summary dashboard
The
BIG-IQ
Centralized Management Application Summary dashboard displays information
regarding the applications linked to the system.
- At the top of the screen, clickMonitoring.
- On the left, select.
The Application Summary screen opens,
showing detailed information and charts for specific applications.
What is a basic configuration?
The basic BIG-IP system configuration for BIG-IQ application visibility is when a classification profile is already available to the administrator. This situation occurs when you want to track predefined access applications in BIG-IQ, such as SharePoint, OWA, PeopleSoft, or Lotus Notes. When you configure the virtual server for one or more of these applications, the BIG-IP system has already configured a classification profile. For most other applications, this basic configuration does not apply, and you must create the classification profile as well as other necessary resources.
In some cases, you might want to define your own signatures. If so, even in a basic configuration, you must upload the signatures in Traffic Intelligence.
For a basic configuration, configure the following resources in both the BIG-IQ and BIG-IP systems:
- Enable remote logging in the Access area of BIG-IQ. Refer to the "BIG-IQ Centralized Management: Access" manual to learn how to configure remote logging.
- Update classification signatures in BIG-IP Traffic Intelligence.
- Configure a virtual server in BIG-IP Local Traffic.
- Attach an existing classification profile to the virtual server.
You must use BIG-IP version 13.0 as well as BIG-IQ version 5.2 or later.
As part of the remote log configuration process, the system creates only the classification profile object name (classification _access). Because this classification profile is not attached to any virtual servers, you must add it to the virtual server used for applications that display reporting data. You should also enable the classification profile on the virtual server.
About traffic signatures for application
visibility
Classification signatures
define different types of traffic that the
BIG-IP® system can recognize through Traffic Intelligence.
The
system recognizes a predefined set of signatures for common applications and application
categories that are updated periodically. You can download signature updates from F5 Networks,
and schedule the system to automatically update the signatures (pull the updated signatures
automatically). You can also manually install the classification signatures and updates, for
example, if the BIG-IP system does not have Internet access.Signatures are updated once a month and have the following requirements:
- Set up the DNS server on the BIG-IP system in order for the automatic updates to work.
- The management network should be on the Internet.
Scheduling automatic signature
updates
You can set up the BIG-IP system to automatically update the classification signatures. This
ensures that the system always has the latest classification signature files.
- On the Main tab, click.The Signatures screen opens.
- ClickCheck for Updatesto manually upload a signature file update if one is available.You see the current date and time in theLatest Update Checksetting of the Signature Definitions area.
- To upload a signature file update, in the Signature Definitions area, clickImport Signatures.The Applications screen displays aSignatures Filefield where you can select the new signature file.
- To discard and remove any installed upgrades and reset the classification engine and signatures to factory default, clickReset to Defaults.
- In theSignatures Filefield, clickChoose Fileto navigate to the previously uploaded signatures file.
- ClickUpload.A message displays indicating whether your upload was successful.
- For theAutomatic Updates Settings, in theSignature Updatescreen, selectEnabled.
- From theUpdate Schedulesetting, selectDaily,Weekly, orMonthlyto specify how often you want the system to check for updates.
- ClickUpdateto save your settings.
The signature updates take effect
immediately.
Modify the virtual server for a basic
configuration
Before you configure the virtual
server in the
BIG-IP system, you must enable remote logging in the
BIG-IQ system.
For the BIG-IQ system to display
statistics and reporting for an application such as SharePoint, OWA, or Lotus Notes, the
application's virtual server must have a classification profile attached.
- In the Main tab, click.A list of existing virtual servers displays.
- Select the virtual server of the application that you wish to map to the BIG-IQ system.The virtual server editing (properties) screen opens.
- From theConfigurationlist, selectAdvanced.
- From theClassification Profilelist, selectclassification_access.This classification profile was created by the BIG-IP system when you enabled remote logging in the BIG-IQ system.
- ClickUpdate.
You have added a classification profile to the virtual server.
What is an advanced configuration?
If you want to display statistics and reports using the Access feature of BIG-IQ in an application that does not have a predefined classification profile, you must create the classification profile and attach it to the virtual server. This is considered an advanced configuration, and applies to most applications.
Because of this, you must configure the following resources in both BIG-IQ and BIG-IP systems:
- Enable remote logging in BIG-IQ Access. Refer to theBIG-IQ Centralized Management: Accessmanual to learn how to configure remote logging.
- Create a classification policy in BIG-IP system Traffic Intelligence screens.
- Create a new application from the Traffic Intelligence application list by customizing a category.
- Update the existing classification preset or create a new preset.
- Create a classification profile in the BIG-IP system's Local Traffic settings if you created a new classification preset. Otherwise, update the existing classification profile to include the existing preset.
- Configure a virtual server in the BIG-IP system's Local Traffic settings.
As part of the remote log configuration, only the classification profile object name (classification _access) is created. Because this classification profile is not attached to any virtual servers, you must add to the virtual server used for applications that display reports. You should also enable the classification profile on the virtual server.
Creating a custom local traffic
policy
You can create a custom local
traffic policy to manage traffic assigned to a virtual server.
- On the Main tab, click.For more information about local traffic policies, refer toBIG-IP Local Traffic Manager: Implementations.The Policy List screen opens.
- ClickCreate.The New Policy List screen opens.
- In thePolicy Namefield, type a unique name for the policy, for examplecompanyA.
- In theDescriptionfield, type descriptive text that identifies the policy definition.
- From theStrategylist, select the action that the policy initiates when there are multiple rules that match.RuleDescriptionAllUses the first or best strategy to resolve the conflict of rule match.BestApplies the actions of the rule specified in the list of defined strategies for the associated policy.FirstApplies the actions of only the first rule. This implies that the rule with the lowest ordinal, highest priority, or first in the list is applied.
- From theTypelist, selectCE Profileto attach the policy to a CE profile.
- ClickCreate Policy.This creates a policy that manages traffic assigned to a virtual server.
You have created a new local traffic
policy for application visibility.
Creating a category
On the BIG-IP
system, you can create customized categories for classifying traffic if the predefined
categories are not sufficient for your needs. For example, if you plan to create new
application types unique to your organization, you can create a category to group them
together. Alternatively, you can add an existing category to your application
list.
- On the Main tab, click.The Applications screen displays a list of the supported classification categories.
- On the Main tab, click.The Category list screen opens.
- ClickCreate.The New URL Category screen opens.
- In theNamefield, type a name for the classification category.
- In theDescriptionfield, type optional informative text.
- In theCategory IDfield, type an identifier for this category, a unique number.
- In theApplication Listsetting, select applications from the list and use the Move buttons to move applications from one list to the other.
- ClickFinished.
You have created custom applications
to handle traffic.
Create a classification
application
The BIG-IP
system classifies many categories of traffic, and specific applications within those
categories. You can create a new classification application, and determine which
categories and applications of traffic the system can classify.
- On the Main tab, click.The Applications screen displays a list of the supported classification categories.
- To view the applications in each category, click the+icon next to the category.
- To view or edit the properties of the application or category, click the name to open its properties screen.Here you can view the application or category ID number.
- ClickCreate.
- In theNamefield, type a name for the classification application.
- In theDescriptionfield, type a descriptive text identifying the classification application.
- In theApplication IDfield, type the identifier for a category, a new, unique number.
- From theCategorylist, select an existing category or a category that you created.
- ClickFinished.
About presets and profiles
In
BIG-IQ® application visibility, as part of the advanced configuration,
there are two ways to configure the BIG-IP classification preset and
classification profile.
- You can use the existing classification preset, and make sure it is associated with the current classification profile.
- You can create a new classification preset, but you must also associate it with a new classification profile.
Updating classification presets
On the BIG-IP
system, you can update classification preset settings for a classification policy that
you have previously created. Alternatively, you can create a new preset for application
visibility.
- On the Main tab, click.The Presets screen displays a list of the supported classification categories.
- From the preset list, select the presetCE.
- From thePoliciessetting, move policies from theAvailablelist to theEnabledlist.
- ClickUpdate.
Updating a classification profile
If you update the existing
classification preset, update the existing classification profile and attach the
existing preset. In the profile, you can change which virtual servers and which
categories of traffic are included in the classification statistics.
- On the Main tab, click.The Classification screen opens.
- Click theCreate.The New Classification Profile screen displays.
- In theNamefield, type a name for the classification profile.
- In theDescriptionfield, click the check box and type a description for the profile.
- From theParent Profiledropdown list, select an existing profile from which this profile is derived.This profile inherits settings from the parent profile.
- Click the check box next toCustom.
- From thePresetdropdown list, select the presetCE.
- From theLog Publisher dropdownlist, selectaccess-gpa-log-publisher.
- ClickFinished.
The BIG-IP system classifies traffic for the virtual servers and categories
specified in the Classification profile.
Creating classification presets
On the BIG-IP system, you can create classification preset
settings for a classification policy that you have previously created.
- On the Main tab, click.The Presets screen displays a list of the supported classification categories.
- ClickCreate.The New Presets screen opens.
- In theNamefield, type a name for the application.
- In theDescriptionfield, type optional descriptive text for the classification presets.
- For thePolicysetting, move the classification policies fromAvailablelist to theSelectedlist, to create a new preset.
- In theAllow Reclassificationlist,Enabledis the default selection.
- In theFlow Bundlinglist,Enabledis the default selection.
- In theCache Resultslist,Enabledis the default selection.
- ClickFinished.
Creating a classification profile
If you create a new classification
preset, you must create a new classification profile and attach the preset. In the
profile, you can change which virtual servers and which categories of traffic are
included in the classification statistics.
- On the Main tab, click.The Classification screen opens.
- Click theCreate.The New Classification Profile screen displays.
- In theNamefield, type a name for the classification profile.
- In theDescriptionfield, click the check box and type a description for the profile.
- From theParent Profiledropdown list, select an existing profile from which this profile is derived.This profile inherits settings from the parent profile.
- Click the check box next toCustom.
- From thePresetdropdown list, select the new preset that you created previously.
- From theLog Publisher dropdownlist, selectaccess-gpa-log-publisher.
- ClickFinished.
The BIG-IP system classifies traffic for the virtual servers and categories
specified in the Classification profile.
Modify the virtual server for an advanced
configuration
Before you configure the virtual
server in the BIG-IP system, enable remote logging in BIG-IQ and create a classification profile.
For the Access feature of BIG-IQ to
display statistics and reporting for an application such as SharePoint, OWA, or Lotus
Notes, the application's virtual server must have a classification profile attached.
- In the Main tab, click.A list of existing virtual servers displays.
- Select the virtual server of the application that you want to map to the BIG-IQ system.The virtual server editing screen opens.
- From theConfigurationsetting, selectAdvanced.
- From theClassification Profilelist, select the classification profile associated with the advanced configuration use case.
- ClickUpdate.
You have added a classification profile to the virtual server.
How much memory does application visibility
need?
In the BIG-IP system configuration for BIG-IQ
application tracking reporting, you do not need to allocate separate memory resources to
enable the application visibility functionality. The runtime memory consumption depends on the
amount of traffic processed, such as concurrent TCP flows.
Application visibility troubleshooting
commands
Type these commands in the BIG-IP UNIX shell to start and stop
debugging and logging.
Command | Description |
---|---|
tmctl gpa_classification_stats | Displays classification results in a table that lists all applications that were
classified, the number of flows, the bytes in, and the bytes out. |
tmsh modify sys db tmm.cec.log.level value Debug tmsh modify sys db tmm.gpa.log.level value Debug | Generates debug logs. The log messages are stored in
/var/log/tmm . |
tmsh modify sys db tmm.cec.log.level reset-to-default tmsh modify sys db tmm.gpa.log.level reset-to-default | Stops debug log messages. |