Manual Chapter : Deploying BIG-IQ Virtual Edition

Applies To:

Show Versions Show Versions
Manual Chapter

Deploying BIG-IQ Virtual Edition

Microsoft Azure deployment overview

Before you can start the tasks to deploy the BIG-IQ Virtual Edition (VE) system on Microsoft Azure, you must first:
  • Establish a Microsoft Azure environment that includes a virtual network to which you will deploy your BIG-IP devices and BIG-IQ Virtual Edition (VE). For details, refer to https://azure.microsoft.com/en-us/services/virtual-machines/.
  • In your Microsoft Azure environment, deploy the BIG-IP Virtual Edition (VE) machines that you plan to use to manage your application traffic. For details, refer to https://support.f5.com/csp/knowledge-center/cloud/Public%20Cloud/Microsoft%20Azure.
  • Create a resource group in your Microsoft Azure environment that enables the ports and protocols required by the applications you plan to manage on your BIG-IP VE machines. For details, refer to https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-portal.
  • Create a security group in the resource group in which you plan to deploy your BIG-IQ VE. In addition to the normal inbound and outbound security rules you use in your Azure security groups, you must include an inbound security rule for port 22 (for SSH access to your VE) and port 443 (for HTTPS access).
To deploy the BIG-IQ Virtual Edition (VE) system on Microsoft Azure, you:
  • Use MS Azure PowerShell to load a sequence of PowerShell Cmdlets.
  • Assemble a PowerShell script that creates a BIG-IQ VE.
  • Run the script to deploy a BIG-IQ VE on Azure.
  • Log in to the new VE and use TMSH to enable the root and admin passwords.

Load PowerShell Cmdlets

To create a BIG-IQ VE in the Microsoft Azure cloud, you build and then run a custom PowerShell script composed of a sequence of cmdlets. Before you can assemble the script, you need to load the cmdlets into your Azure environment.
Note: This process describes the steps to load the necessary cmdlets in using the Windows PowerShell user interface. To use the Azure command line interface, refer to the Azure online documentation published by Microsoft.
  1. Log in to the Microsoft Azure command line interface.
  2. Set the repository name. You can use an entry similar to:
    set-psrepository -name PSGallery -InstallationPolicy Trusted
  3. Use the Microsoft Azure command line interface to load the AZureRM cmdlets to your Azure environment.
    Your command line entry might read:
    Install-Module -Name AZureRM 

Assemble a PowerShell script

Before you can assemble the PowerShell script with the correct commands, you must have loaded the required PowerShell cmdlets to your Azure PowerShell environment.

To create a BIG-IQ VE in the Microsoft Azure cloud, you run a custom PowerShell script composed of a sequence of cmdlets. You assemble the script and customize the variables as appropriate for your Azure environment and business requirements.

  1. Log in to the Microsoft Azure user interface.
  2. Use the Microsoft Azure user interface to build a PowerShell script using a sequence of cmdlets from your Azure environment.
    # Provide values for the variables
    # instance name
    Login-AzureRMAccount
    $bigiqInstance = 'ExampleBIG-IQ-VE'
                            
    #vnet to use
    $resourceGroup = 'ExampleResourceGroup'
    $location = 'ExampleRegion'
    $vmSize = 'Example-Instance-Type'
    $diskSizeGB = '95'
                            
    #Azure Network Info -- Can be shared between machines
    $vnetName = 'Example_Vnet'
                            
    # VM specific info, needs to be changed for each deployment
    $ipName = $bigiqInstance + '_Pip'
    $nic1Name = $bigiqInstance + '_mgmt'
    $nic2Name = $bigiqInstance + '_internal'
                            
    $vmName = $bigiqInstance + '-vm'
    $computerName = $bigiqInstance
                            
    # Get the username and password to be used for the administrators account on the VM. 
    # This is used when connecting to the VM using RDP.
                            
    $cred = Get-Credential
                            
    $vnet = Get-AzureRmVirtualNetwork -ResourceGroupName $resourceGroup -Name $vnetName
    $pip = New-AzureRmPublicIpAddress -Name $ipName -ResourceGroupName $resourceGroup -Location $location `
    -AllocationMethod Dynamic
                            
                            
    $nic1 = New-AzureRmNetworkInterface -Name $nic1Name -ResourceGroupName $resourceGroup -Location $location `
    -SubnetId $vnet.Subnets[0].Id -PublicIpAddressId $pip.Id 
                            
                            
    $nic2 = New-AzureRmNetworkInterface -Name $nic2Name -ResourceGroupName $resourceGroup -Location $location `
    -SubnetId $vnet.Subnets[1].Id
                            
    # Start building the VM configuration
    $vm = New-AzureRmVMConfig -VMName $vmName -VMSize $vmSize
    $vm = Set-AzureRmVMOperatingSystem -VM $vm -Linux -ComputerName $computerName -Credential $cred
    $vm = Set-AzureRmVMOSDisk -VM $vm -DiskSizeInGB $diskSizeGB -CreateOption FromImage -Caching ReadWrite
    $vm = Set-AzureRmVMSourceImage -VM $vm -PublisherName f5-networks -Offer f5-big-iq -Skus "f5-bigiq-virtual-edition-byol" -Version latest
                            
                            
                            
    # Finish the VM configuration and add the NIC.
    $vm = Add-AzureRmVMNetworkInterface -VM $vm -Id $nic1.Id -Primary
    $vm = Add-AzureRmVMNetworkInterface -VM $vm -Id $nic2.Id
                            
                            
    # Set the VM image as source image for the new VM
    Set-AzureRmVMPlan -VM $vm -Name f5-bigiq-virtual-edition-byol -Product f5-big-iq -Publisher f5-networks
                            
    #Have to accept terms
    Get-AzureRmMarketplaceTerms -Name f5-bigiq-virtual-edition-byol -Product f5-big-iq -Publisher f5-networks | Set-AzureRmMarketplaceTerms -Accept
    # Create the VM
    New-AzureRmVM -VM $vm -ResourceGroupName $resourceGroup -Location $location
                            
    # Verify that the VM was created
    $vmList = Get-AzureRmVM -ResourceGroupName $resourceGroup
    $vmList.Name
                        
  3. Change the names of the variables as required to meet your needs. The table lists the variables that must be changed and then lists the variables that you can change if you want to.
    The first table lists the variables that must be changed, and then the second lists the variables that you can change if you want to.
    Table 1. Required Variable Name Entries.
    Important: You must revise the variables listed here before you run the PowerShell script.
    Variable Name Description
    $bigiqInstance = 'bigiq_name' Name of the BIG-IQ instance you want to create.
    $resourceGroup = 'resource_group Resource group in which you want the virtual machine to reside
    $location = 'geographic_zone'

    Geographic location in US

    This might influence what size virtual machines are available to choose from.

    $vmSize = 'standard_d4_v3' Platform type of host.
    $vnetName = 'example_vnet' Name of the virtual network defined for your BIG-IP devices in the Azure cloud.
    Table 2. Optional Variable Name Entries.
    Note: You can revise these entries, or accept the default values.
    Variable Name Description
    $ipName = $bigiqInstance + '_Pip' The public name of the instance created by this script.
    $nic1Name = $bigiqInstance + '_mgmt' The name of the first NIC interface created for this BIG-IQ VE.
    $nic2Name = $bigiqInstance + '_internal' The name of the second NIC interface created for this BIG-IQ VE.
    $vmName = $bigiqInstance + '-vm' The name of the virtual machine created for this BIG-IQ VE.
    $computerName = $bigiqInstance The name of the computer created for this BIG-IQ VE.
  4. When you finish customizing the variable names in the script, save it to a location you can access and make note of the script name and location.

Run a PowerShell script to deploy a BIG-IQ VE virtual machine

You must have created a custom PowerShell script and saved it to a location that you can access.

Running the custom PowerShell script that you have assembled creates a new BIG-IQ VE instance in your Microsoft Azure environment.

  1. From the Microsoft Azure PowerShell command line interface, locate and run the custom PowerShell script that you have prepared.
    The script prompts you for your Microsoft Azure account credentials.
  2. Type the Microsoft Azure account credentials and then click OK.
    The script prompts you for the credentials that you want to specify for first time access to the BIG-IQ VE you are creating.
  3. Type the first time access credentials and then click OK.
    The rest of the script runs and begins creating the VE image without further prompts. When you see the name of the virtual machine ($vmName = $bigiqInstance + '-vm') specified in the PowerShell script appear in the list of objects in the Microsoft Azure portal, that means that you can move on to the next step. Add your management interface to the security group that controls access to your Azure instances.

Add the management interface to your security group

Before you can log in and set up your BIG-IQ VE, you must make it accessible. To do this, you add the management interface to the security group that controls access to your Microsoft Azure cloud.

  1. On the Microsoft Azure Portal All services screen, click the Resource groups icon to display the resource groups defined on your portal.
  2. Click the name of the resource group specified in your PowerShell script.
  3. Click the name of the management interface specified in your PowerShell script and note a couple of things:
    • There is no security group specified for this interface.
    • The Public IP address value. You will need this address to access the BIG-IQ VE.
    Tip: You can use the filters at the top of the list to show only selected object types. If you filter on Network interface, it is much easier to find the name you are looking for.
  4. On the left, click the Network Security group icon.
  5. At the top of the screen, click the Edit icon, and then click the right arrow to view the list of security groups defined on your portal.
  6. From the list of security groups, click the name of the security group you plan to use for your BIG-IQ VE, and then click the Save icon.

Set the admin and root passwords

To perform this task, you must first:
  • Run a PowerShell script to create a BIG-IQ VE.
  • Use a security group to make the virtual machine management port accessible through the Internet.
  • Know the public IP address assigned to the BIG-IQ VE.

To access your BIG-IQ instance with a browser and an admin password, you must create an admin user password. You can specify an admin password using an SSH session and a set of tmsh commands.

To access your BIG-IQ instance with root credentials, you must first enable root access and then specify a root password. You can enable and specify a root password using an SSH session and a set of tmsh commands.
Important: If you plan to establish a high availability peer for this BIG-IQ VE, both devices must have root access enabled.
Note: If you decide to create an admin or root password, choose the password wisely, bearing in mind that, depending on your Security Group policies, this login might provide external SSH access.
With the credentials you specified when you ran the PowerShell script, you do not need a password to gain admin access to this instance using SSH.
  1. Use the credentials that you specified for first time access, and the public IP address of your BIG-IQ VE to log in to the new BIG-IQ that you just launched using a command line interface.
    For example:
    $ ssh <nameoffirstimeaccessuser>@<publicipofbigiq>
    Then, when prompted, type the first time access password that you specified when prompted by the PowerShell script.
    Tip: You can also use a terminal emulator such as PuTTY to test your connectivity.
  2. At the tmsh command prompt, type modify auth password admin.
    Warning: Because this login is visible externally, make sure to use a strong, secure password.
    The terminal window displays the message: changing password for admin, and then prompts: new password.
  3. Type your new password and then press Enter.
    The terminal window displays the message: confirm password.
  4. Re-type the new password and press Enter.
  5. At the tmsh command prompt, type tmsh modify /sys db systemauth.disablerootlogin value false.
    If the terminal window does not display an error message, then root access is now enabled.
  6. At the tmsh command prompt, type modify auth password root.
    Warning: Because this login is visible externally, make sure to use a strong, secure password.
    The terminal window displays the message: changing password for root, and then prompts: new password.
  7. Type your new password and press Enter.
    The terminal window displays the message: confirm password.
  8. Re-type the new password and press Enter.
  9. To ensure that the system retains the password changes, at the tmsh command prompt, type save sys config, and then press Enter.
The admin and root passwords are now changed.
Before you can use this new BIG-IQ you must license it. Refer to How do I license and do the basic setup to start using BIG-IQ in the Planning and Implementing an F5 BIG-IQ Centralized Management Deployment guide for step by step instruction. You can find this guide on support.F5.com.
Important: The last step in the setup and licensing process prompts you to change the admin and root passwords. When you reach that step, do not type in a password. No entry that you provide will be processed successfully. Instead, just click Next to complete the process.