F5 Logo MyF5
Search
  1. MyF5 Home
  2. Managing BIG-IP Devices from BIG-IQ
  3. device-discovery-and-basic-management
  4. Establish trust and add BIG-IP devices for management by BIG-IQ
Manual Chapter : Establish trust and add BIG-IP devices for management by BIG-IQ

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 8.4.0
Manual Chapter

Establish trust and add BIG-IP devices for management by BIG-IQ

The first task in managing a BIG-IP device from BIG-IQ is to add it to BIG-IQ. Largely, this is making sure that the BIG-IQ system can access the device at the specified IP address and ports. This is sometimes referred to as
establishing trust
 with the BIG-IP device.
If you are using BIG-IQ only to manage BIG-IP VE licenses for unmanaged devices, establishing trust is not required. Instead, you must use the BIG-IP devices' user name and password for licensing tasks. For more information about using BIG-IQ to only manage licenses, refer to
Deploy BIG-IQ to Manage Licenses for BIG-IP Devices
 on
support.f5.com
.
After this task is complete, all of the BIG-IQ Device functionality (inventory reporting, backup and restore, script management, licensing, password management, software upgrade, and so on) is available for the discovered device. If at least one Data Collection Device (DCD) is deployed in the environment, statistics data for device, LTM, and DNS objects can also be collected and reported.
In environments that only require centralized device management, this task might be the only one you need to perform. The remaining tasks are for those environments that want to manage service configurations, such as Network Security, as well as the devices.
Adding the BIG-IP device and establishing trust with it involves several tasks:
  1. The BIG-IQ administrator adds the IP address, user name and password for an administrative user on the BIG-IP device.
  2. If the BIG-IP device is clustered, the administrator selects how to handle deployment to the clustered devices.
  3. The BIG-IP device and the BIG-IQ system exchange certificates to create a trust relationship.
    If you are managing devices running Web Application Security that require added protection for the connection between BIG-IP and the Central Policy Builder, you must enable
    Secure Policy Builder
     and replace the default SSL certificate with a certificate issued by a trusted CA (Certificate Authority). If the SSL certificate is not replaced, the system will be unable to provide policy suggestions under
    Secure Policy Builder
    . If you do not enable a secure connection, you do not need to perform the certificate replacement task.
    Replace the default SSL certificate with a new certificate signing request (CSR) and a new SSL private key by a trusted CA (Certificate Authority). For more information about generating and new CSR and a new SSL private key (not self-signed), see: K52425065 on
    support.f5.com
    .
  4. For earlier versions of BIG-IP devices, the administrator might need to update the REST framework on the BIG-IP device to be able to manage it.
    There are several ways you can add BIG-IP devices to BIG-IQ so you can manage them:
    • Add and configure BIG-IP VE devices in an AWS, Azure, or VMware cloud.
    • Add BIG-IP devices to BIG-IQ and import their services in two separate steps.
    • Add multiple BIG-IP devices and add their services in one step.
    • Import multiple BIG-IP devices and add their services using a CSV file.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information