Manual Chapter : Managing Ongoing Change

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 7.0.0, 6.1.0, 6.0.1
Manual Chapter

Managing Ongoing Change

How to manage ongoing configuration change

If you make changes on a BIG-IP® device before you have deployed the configuration from the BIG-IQ® system, configuration conflicts can occur. If conflicts do exist, when you deploy the configuration from the BIG-IQ system, you will have to choose between the configuration on the BIG-IQ or on the BIG-IP. You cannot keep both.

changing, evaluating and deploying on BIG-IQ is one cycle; changing on BIG-IP and then reimporting that change     into BIG-IQ starts another cycle of change

Ongoing change

How does re-import impact the device-specific resources?

When you re-import the APM® service configuration, the process adds and deletes any device-specific resources that were added and deleted on the device for the Access group. The process, however, does not overwrite any existing device-specific resources on the BIG-IQ® system.

Device-specific resources are processed like this whether you import the APM service configuration from the Device Management user interface.

Guidelines for making changes to the Access configuration

These are general guidelines for updating the configuration:

  • You should make any needed change that you can from the Access user interface.
  • If you still need to make changes, you should make them on the BIG-IP® device.

See the table for more specific guidelines.

Resource Description
Access: Device-specific resource
  • Modify device-specific resources on the BIG-IQ® system and deploy the changes.
  • Add or delete device-specific resources on the device; then re-import the service configuration into the BIG-IQ system.
Access: Shared resource Add, modify, and delete shared resources on the device. Then re-import the service configuration into the BIG-IQ system.
Access: Pools and pool members You can add and update pools and pool members when you configure some AAA servers in Access. Any changes you make are immediately available in ADC. To deploy these changes, you must deploy ADC before you deploy APM.
ADC: Pools and pool members If you use ADC to add, update, or delete pools or pool members, you can create conflicts with the Access configuration. If you make changes in ADC, they are not available from Access.
ADC: Route domains and self-IP addresses To add or edit route domains and self-IP addresses, do so in ADC. To make the changes available in Access, deploy the LTM® working configuration and then reimport the LTM configuration to the BIG-IQ system,
ADC: Virtual servers Access configuration objects do not refer to virtual servers; however, you probably want to know how to configure them. You can add and edit virtual servers in ADC, but you can configure Access-specific settings, such as specifying an access profile, only on the BIG-IP system. You can add or edit virtual servers in either of these ways:
  • Add or edit virtual servers in ADC. Deploy the LTM configuration to one or more devices. Edit Access-specific settings on the BIG-IP systems. Reimport the LTM configuration to the BIG-IQ system.
  • Add or edit a virtual server on the BIG-IP system. Reimport the LTM configuration.
ADC: iRule, nodes, interfaces, routes, VLANs, DNS resolvers Access configuration objects do not refer to these objects directly. You do not need to worry about conflicts in the Access configuration.

Re-discover and re-import the APM service configuration

You can move any changes made to the Access Policy Manager (APM) service configuration on the device into the working configuration for the BIG-IQ system.
Note: When you use the Reimport option for an Access group, it re-discovers and re-imports the APM service configuration. It also detects whether changes were made to the LTM service configuration and displays a message if you need to re-discover and re-import LTM first.
  1. At the top of the screen, select Configuration, then on the left side of the screen, click ACCESS > Access Groups .
  2. In the Access Groups list on the right, click the name of the Access group.
    The Properties screen opens.
  3. Click Reimport.
    A confirmation message displays.
    Important: Reimporting can cause major changes to the working configuration.
  4. To continue with re-discovery and re-import, click Continue.
The APM service configuration is imported. Importing the APM service configuration can change objects in the ADC configuration.

Re-discover and re-import the LTM service configuration

You can move any changes made to the Local Traffic Manager (LTM) service configuration on the device into the working configuration for the BIG-IQ system. You just re-discover and re-import the LTM service configuration.
Note: If changes made to Local Traffic configuration objects in ADC dictate that you deploy LTM first, the system displays a message telling you to do that.
  1. At the top of the screen, click Devices.
  2. Click the name of the device you want to discover a service configuration from.
  3. On the left, click Services.
  4. For Local Traffic (LTM), click Re-discover.
    If the current configuration on the BIG-IQ is different than the one on the BIG-IP device, BIG-IQ displays a screen for you to resolve the conflicts.
  5. If there are conflicts, select one of the following options for each object that is different, and then click the Continue button:
    • Use BIG-IQ to use the configuration settings stored on BIG-IQ.
    • Use BIG-IP to override the configuration setting stored on BIG-IQ with the settings from the BIG-IP device.
  6. For Local Traffic (LTM), select the Create a snapshot of the current configuration before importing. check box to save a copy of the device's current configuration.
    You're not required to create a snapshot, but it is a good idea in case you have to revert to the previous configuration for any reason.
  7. For Local Traffic (LTM), click Re-import.
The LTM service configuration is imported.