Manual Chapter :
New Features in BIG-IQ Version 8.1.0
Applies To:
Show VersionsBIG-IQ Centralized Management
- 8.1.0
New Features in BIG-IQ Version 8.1.0
Supported BIG-IP services
BIG-IQ version 8.1.0 introduces support for the following
BIG-IP services:
BIG-IP 16.1 support
BIG-IQ now includes support for the following services running on
BIG-IP 16.1:
- Access Policy Manager (APM)
- Advanced Firewall Manager (AFM)
- Application Delivery Controller (ADC)
- Web Application Security (ASM or WAF)
- Fraud Protection Service (FPS)
BIG-IP SSL Orchestrator (SSLO) support
BIG-IQ now supports a number of BIG-IP SSLO RPM versions:
- SSLO RPM versions 7.5. You can now discover, import, configure, and deploy configurations for managed BIG-IP devices running this RPM version. To learn more about features supported in this SSLO RPM version, see the BIG-IP SSLO 15.1 release notes.
- SSLO RPM versions 8.3. You can now discover, import, configure, and deploy configurations for managed BIG-IP devices running this RPM version. To learn more about features supported in these SSLO RPM versions, see the BIG-IP SSLO 16.0.1 release notes.
Application Services Extension 3 (AS3) support
This BIG-IQ release supports Application Services Extension 3 (AS3)
version 3.28 and later.
Declarative Onboarding (DO) support
This BIG-IQ release supports BIG-IQ supports Declarative Onboarding
(DO) version 1.21 and later.
Enhanced Web Application Security signature management
If you are upgrading from BIG-IQ version 7.1 or earlier: The policy signatures structure has been refactored to enhance performance when working with individual signatures, creating custom signatures, and additional signature management activities.
The changes implemented to improve policy signature management may impact the policy import and creation processes.
Policy import and creation may require additional time to complete, as each signature is handled separately in the database. Additionally, this will require additional database storage for Web Application Security policy management. See
Check the disk volume size required by the BIG-IQ software upgrade
in Preparing to upgrade BIG-IQ .BIG-IQ upgrade
BIG-IQ version 8.1.0 introduces a number of enhancements to the upgrade process.
Pre-upgrade script enhancements
The pre-upgrade script, used to verify that your BIG-IQ configuration supports the upgrade to 8.1.0, was expanded.
The script now includes several additional items, including:
- A check for BIG-IQ versions 7.1 and earlier, to verify that the BIG-IQ VE is not using a single network interface card (NIC).Upgrading a BIG-IQ VE running 7.1 or earlier with a single NIC is not supported.
- Advanced logging to troubleshoot issues that might impact your upgrade.
BIG-IP configuration management
BIG-IQ version 8.1.0 introduces the following new features
for BIG-IP configuration management:
OAuth Policy Deployment Enhancements
With the support for OAuth client and scope session variables added
in this release, APM policy deployment is easier for you to configure and can
significantly reduce the time it takes BIG-IQ to deploy large, complex policies.
Scaling recommendations for Web Application Security
The Web Application Security service on BIG-IQ has improved its
maximum sizing recommendations for the BIG-IQ CM. Web Application Security can now
support up to 160 discovered devices, 1,000 policies, and 60 policies per managed
BIG-IP. For more information about scaling, see
BIG-IQ:
Sizing Guidelines
.These values
reflect a BIG-IQ system managing Web Application Security and Local Traffic (LTM)
services. If your BIG-IQ solution manages multiple services, the scale limits will
likely be lower that the values reported.
Statistics and monitoring
BIG-IQ version 8.1.0 introduces the following new features for BIG-IQ statistics and monitoring:
Special data retention settings per service
You can now specify special data retention values for specific service modules (for example,. AFM, ASM/WAF, LTM). For users with DCDs in their BIG-IQ configuration, statistics data is stored based on raw, hourly, daily, and monthly data sets. Previously, retention per time unit was a global setting applied to all modules. You can now customize service module retention settings (per unit of time) at a different rate than the global retention settings.
BIG-IQ retains data based on global retention settings if specific settings are not specified for a service. For more information, see
Configuring Statistics Collection
in the BIG-IQ: Monitoring and Reports
guide found on support.f5.com
.BIG-IQ user management
BIG-IQ version 8.1.0 introduces the following new features for BIG-IQ user management:
New user role for accessing DCD and BIG-IP APIs
BIG-IQ now supports a user role with device trust access privileges to DCD and BIG-IP APIs. Previously, only users with Admin privileges could access device trust management. This user role is strictly for device trust management, additional user groups and roles are not customizable. Third Party Integrations
Support for Venafi token-based authentication
BIG-IQ now supports Venafi's token-based authentication, which was introduced in Venafi version 20.x. BIG-IQ supports Venafi versions 20.x and 22.x. If you are running one of these supported Venafi versions, you can add the token-based authentication to your certificate management settings.