Applies To:
Show Versions
BIG-IQ Centralized Management
- 6.1.0, 6.0.1
AWS Setup for a Service Scaling Group
Setting up the AWS environment for a service scaling group
You need to set up an AWS environment with the specific characteristics required by a BIG-IQ service scaling group (SSG). This environment houses the resources that power the SSG.
Specify the AWS environment for a service scaling group
To operate a service scaling group (SSG) in an AWS cloud, you need a Virtual Private Cloud (VPC) to host the BIG-IP devices that run your applications. You also need secret keys and a security group to keep the environment safe.
This basic AWS environment is needed whether you house the BIG-IQ system and data collection devices (DCDs) in the AWS cloud, or in a private cloud or on-premises environment. To properly configure your environment, your account requires full access permissions for the following AWS resources: Auto Scale Groups, Instances, SQS, S3, CloudWatch, and CloudFormation. Additionally, you need list, create, and delete permissions for the IAM role/rolePolicy/InstanceProfile.
-
If you use the AWS cloud for all of your resources, you install the BIG-IQ devices and DCDs that manage the SSG in the AWS environment. When you use AWS for your BIG-IQ and DCDs, you most likely have already created an AWS environment and installed the BIG-IQ VE. If this is the case, be sure to review the AWS requirements here to insure proper support for your SSG.
-
If you install your BIG-IQ devices and DCDs in a private cloud or on-premises environment, after you create the AWS environment, configure a VPN to support the required communication between the SSG devices and the management components.Note: For the most current instructions for creating a VPC, refer to the VPC Documentation web site, https://docs.aws.amazon.com/AmazonVPC/latest/GettingStartedGuide/getting-started-ipv4.html.
- Navigate to the AWS marketplace.
- Search for the AMI that best fits your needs.
- When you find the AMI you want, select it and then click Continue to Subscribe and follow the prompts.
Configuration requirements for an AWS VPN
When you manage applications in a service scaling group in AWS and use a BIG-IQ and data collection devices that are housed in a private cloud or on-premises, you need a VPN to facilitate communication. Without a VPN, the devices cannot send the analytic information you need to manage your applications. Also, if you use the BYOL licensing option, when new devices are created they need the VPN so they can contact the BIQ-IQ acting as a license server.
| Requirement | For more information |
|---|---|
| Both ends of the VPN require a gateway. That is, you need a gateway between your BIG-IQ/data collection device cluster and the VPN; and, you need a virtual private gateway between the VPN and the AWS environment. | Refer to the vendor documentation for the gateway you use locally. For details on the AWS end, refer to AWS Managed VPN Connections on docs.aws.amazon.com. |
| You must use a VPN supported by AWS. | For details on the VPN types that AWS supports, refer to Amazon Virtual Private Cloud Documentation on docs.aws.amazon.com. |
| Subnets on your local network must use a different subnet than the subnet used by the VPC you create in the AWS environment. There can be no overlap. | For example, if the BIG-IQ and data collection devices in your local cloud use a subnet such as 172.16.0.0/16, you could use a subnet such as 10.1.0.0/16 on your AWS VPC. |
| There must be a route from your BIG-IQ/data collection device cluster to the AWS environment through your gateway. | Create this route by logging in to the BIG-IQ and DCD in your local cloud and running a
set of tmsh commands. For example, if your setup used the subnets listed
in the previous example (AWS network is 10.1.0.0/16 and your gateway
address is 172.16.0.9, you could run the following sequence of commands:
tmsh create /net route 10.1.10.0/16 gw 172.16.0.9
tmsh list net route
tmsh save /sys config
|
