Manual Chapter : Device Discovery and Basic Device Management

Applies To:

Show Versions Show Versions
Manual Chapter

Device Discovery and Basic Device Management

 

How do I start managing BIG-IP devices from BIG-IQ?

To start managing a BIG-IP® device, you must add it to the BIG-IP Devices inventory list on the BIG-IQ® system.

Adding a device to the BIG-IP Devices inventory is a two-stage process.

Stage 1:

  • You enter the IP address, port (if other than default), and credentials of the BIG-IP device you're adding, and associate it with a cluster (if applicable).
  • BIG-IQ opens communication (establishes trust) with the BIG-IP device.
  • BIG-IQ discovers the current configuration for any selected services you specified are licensed on the BIG-IP system, like LTM® (optional).

Stage 2:

  • BIG-IQ imports the licensed services configuration you selected in stage 1 (optional).
Note: If you only want to do basic management tasks (like software upgrades, license management, and UCS backups) for a BIG-IP device, you do not have to discover and import service configurations.

Add BIG-IP devices to the BIG-IQ inventory

Before you can add BIG-IP devices to the BIG-IQ inventory:

  • The BIG-IP device must be located in your network and running a compatible software version. Refer to https://support.f5.com/csp/article/K14592 for more information.
  • The management address of the BIG-IP device must be open (typically this is port 22 and 443), or any alternative IP address used to add the BIG-IP device to the BIG-IQ inventory. Ports 22 and 443 and the management IP address are open by default on BIG-IQ.

If you are running BIG-IP versions earlier than version 11.6.0, you might need root user credentials to discover and add the device to the BIG-IP devices inventory. You don't need root user credentials for BIG-IP devices running versions 11.6.0 - 12.x.

Note: A BIG-IP device running versions 10.2.0 - 11.5.0 is considered a legacy device, and cannot be discovered from BIG-IQ version 5.2. If you were managing a legacy device in a previous version of BIG-IQ and upgraded to version 5.2, the legacy device displays as impaired with a yellow triangle next to it in the BIG-IP Devices inventory. To manage it, you must upgrade it to version 11.5.0 or later. For instructions, refer to the section titled, Upgrading a Legacy Device.
You add BIG-IP devices to the BIG-IQ system inventory as the first step to managing them.
Note: The ADC component is automatically included (first) any time you discover or import services for a device.
  1. At the top of the screen, click Devices.
  2. On the left, click BIG-IP DEVICES.
  3. Click the Add Device button.
  4. In the IP Address field, type the IPv4 or IPv6 address of the device.
  5. In the Port field, type the management port for this BIG-IP device.
    The port number must be between 4 and 65535. In many cases, it's the default port 443.
    Note: Chrome and Safari browsers don't allow access to web applications running on port 65535. So if you use port 65535 as the management port, you won't be able to access the BIG-IP device's interface from BIG-IQ when using Chrome or Safari. You can still discover and manage BIG-IP devices that are using port 65535.
  6. In the User Name field, type admin and provide the admin user name password for the device.
  7. If this device is part of a DSC pair, for the Cluster Display Name setting, specify how to handle it:
    • For an existing DSC pair, select Use Existing from the list, and then select the name of your DSC group from the next list.
    • To create a new DSC pair, select Create New from the list, and type a name in the field.
    For BIG-IQ to properly associate the two devices in the same DSC group, the Cluster Display Name must be the same for both members in a group.
    There can be only two members in a DSC group.
  8. If this device is configured in a DSC pair, for the Deployment Settings, specify how to handle it:
    • Initiate BIG-IP DSC sync when deploying configuration changes (Recommended): Select this option if this device is part of a DSC pair and you want this device to automatically synchronize configuration changes with the other member in the DSC group.
    • Ignore BIG-IP DSC sync when deploying configuration changes: Select this option if you want to manually synchronize configurations changes between the two members in the DSC group.
  9. Click the Add button at the bottom of the screen.
    The BIG-IQ system opens communication to the BIG-IP device, and checks the BIG-IP device framework.
    Note: The BIG-IQ system can properly manage a BIG-IP device only if the BIG-IP device is running a compatible version of the REST framework.
  10. If a framework upgrade is required, in the popup window, in the Root User Name and Root Password fields, type the root user name and password for the BIG-IP device, and click Continue.
  11. If, in addition to basic management tasks (like software upgrades, license management, and UCS backups), you also want to centrally manage this device's configurations for licensed services, select the check box next to each service you want to discover, and then click Continue.
    You can also select these service configurations after you add the BIG-IP device to the inventory.
  12. Click the Add button at the bottom of the screen.
BIG-IQ displays a discovering message in the Services column of the inventory list.
If you discovered service configurations to manage, you must import them.

Managing a device from the device properties screen

You can use a device's Properties screen to manage that device. You can log directly in to the device, remotely reboot it, and create an instant backup of its configuration. You can also view details about the managed device, such as:

  • Host name
  • Self IP Address
  • Build Number
  • Software Version
  • Status
  • Last Contact
  • Boot Location
  • Cluster Properties
From this screen you can also perform the following tasks:
  • Create an instant backup of the device's configuration.
  • Change the boot location of the device.
  • Edit cluster properties.
  • Log directly into the device from BIG-IQ.
  • Reboot the device from BIG-IQ.
  • Access details about the health of the device.
  • Access statistics for the device (if applicable).
  • Access services licensed for the device.
  1. At the top of the screen, click Devices.
  2. Click the name of the device you want to view.
    The device Properties screen opens.

How can I organize the way devices display in BIG-IQ so they're easier to find and manage?

To more easily manage a large number of BIG-IP® devices, you can organize them into groups. The types of groups you can use are:

  • Static groups
  • Dynamic groups

A static group contains specific devices that you add to it, and those devices stay in that group until you remove them. For example you might want to create a static group named, Seattle, and add all of the devices located in Seattle to it.

In contrast, a dynamic group is basically a saved query on a group. For example, if you created a static group that contained all of your managed devices located in Seattle and you wanted to view only those devices running a specific application, you could create a dynamic group with that filter. If one of the devices stops running the specified application, the device no longer appears in that dynamic group.

If you delete a managed BIG-IP device from the parent group, you see that change when you view the dynamic group.

Creating a static group of managed devices

You must license and discover BIG-IP devices before you can place them into a group.

To more easily manage a large number of devices, you can organize them into groups. For example, you could add devices to groups according to the running applications, geographical location, or department.

  1. At the top of the screen, click Devices.
  2. On the left, click DEVICE GROUPS.
  3. Near the top of the screen, click the Create button.
  4. In the Name field, type the name you want to use to identify this group.
    You can change this name at any time, after you save this group.
  5. In the Description field, type a description for this group.
    For example, BIG-IP devices located in Seattle.
    You can change this description at any time, after you save this group.
  6. For the Group Type setting, select Static.
  7. From the Parent Group list, select the source for the group you are creating.
  8. For the Available in Services setting, select the services licensed for this device.

    If this BIG-IP device is licensed for services you are not managing, you can reduce the number of devices displayed in the BIG-IP inventory by selecting the check box next to only the services you manage. If you are managing all aspects of BIG-IQ, select the check box next to each service running on this BIG-IP device.

  9. From the Hostname list, select the device you want included in this group.
    To add additional devices, click the + sign and select a device from the new list that is displayed.
  10. Click the Save & Close button.
If you want to further filter specific devices from within this group, you can create a dynamic group.

Creating a dynamic group of managed devices

You must create a static group before you can create a dynamic group.

To filter a static group on certain parameters, you can create a dynamic group. For example, if you have a static group for all devices located in a particular city, and you want to view only those running a specific version of software, you could create a dynamic group to filter on that version number.

  1. At the top of the screen, click Devices.
  2. On the left, click DEVICE GROUPS.
  3. Click the Add Group button.
  4. In the Name field, type the name you want to use to identify this group.
    You can change this name at any time, after you save this group.
  5. In the Description field, type a description for this group.
    For example, BIG-IP Devices running version 13.0
    You can change this description any time, after you save this group.
  6. For the Group Type setting, select Dynamic Group.
  7. From the Parent Group list, select the source for the group you are creating.
  8. In the Search Filter field, type a term on which you want to filter the group.
  9. For the Available in Services setting, select the services licensed for this device.

    If this BIG-IP device is licensed for services you are not managing, you can reduce the number of devices displayed in the BIG-IP inventory by selecting the check box next to only the services you manage. If you are managing all aspects of BIG-IQ, select the check box next to each service running on this BIG-IP device.

  10. Click the Save & Close button.
This dynamic group reflects any changes made to the static group. For example, if a device is removed from its parent group, it no longer appears in the associated static group. Also, if a device no longer contains the object you filtered on, the device no longer displays in the dynamic group.

Filtering the BIG-IP device inventory list for specific BIG-IP components

From each BIG-IQ screen that contains a list of objects, you can easily find specific objects. For example, after you discover several devices, you might want to find a specific device by its name or IP address. To do this, you start by filtering on certain configuration objects. Filtering on specific criteria saves you time because you can view only those objects associated with the criteria you specify.
  1. At the top of the screen, click Devices.
  2. To search for a specific object, in the Filter field at the top right of the screen, type all or part of an object's name and click the filter icon.
    BIG-IQ refreshes the screen to show only those devices that contain the object you filtered on.
  3. To remove the filter, click the X icon next to it.

Exporting device inventory details to a comma separated values (CSV) file

To export the BIG-IP Device inventory to a CSV file, your browser must be configured to allow popup screens.

Using BIG-IQ, you can quickly access and view the properties for all the devices you manage in your network. These properties include details about the device's IP addresses, platform type, license details, software version, and so forth. You (or another department in your company) can create custom reports containing this information to help manage these assets. To do this, you can export device properties to a CSV file and edit the data as required.

  1. At the top of the screen, click Devices.
  2. On the left, click BIG-IP DEVICES.
  3. Click the Export Inventory button.
BIG-IQ creates a CSV file and downloads it locally.

Change several BIG-IP passwords simultaneously

When you manage BIG-IP device from BIG-IQ Centralized Management, it is good practice to change the default admin and root passwords on a regular basis. From BIG-IQ, you can change the passwords for several BIG-IP devices at one time.
Note: You can change the passwords for several BIG-IP devices simultaneously only if they have the same password.
  1. At the top of the screen, click Devices.
  2. On the left, click PASSWORD MANAGEMENT > Change Device Passwords.
  3. Near the top of the screen, click the Create button.
  4. In the Name and Descriptions fields, type a name and optional description to help you identify this task.
  5. From the Available list, select devices and move them to the Selected list.
    Important: The passwords for the BIG-IP devices you select must all be identical.
  6. Select an option for the Change Password setting.
  7. Provide the old and new passwords, as required.
     
  8. Click the Run button at the bottom of the screen.
    BIG-IQ will apply the new password to all of the selected BIG-IP devices. You can view the status of this task from the Change Device Passwords screen.

Re-discover BIG-IP devices and re-import services

If you make a change directly on a managed BIG-IP device, you can re-discover and re-import services for that device so BIG-IQ Centralized Management has the most current configuration for that device.
  1. At the top of the screen, click Devices.
  2. Select the check box next to the device you want to rediscover and reimport services for.
  3. Click the More button and select Re-discover and Re-import.
  4. In the Name and Description fields, type a name and an optional description to identify this task.
  5. For the Conflict Resolution Policy setting, select Use BIG-IP to override the configuration settings stored on BIG-IQ with the settings from the BIG-IP device.
    Important: When you're importing more than one device at the same time keep in mind that they're re-imported in the order listed, from top to bottom. You can use the arrow keys to change the processing order. When you select Use BIG-IP to resolve conflicts, the BIG-IP device used to resolve those conflicts should appear last in the re-import list. If two or more BIG-IP devices contain the same object with different values, only the value in the last imported BIG-IP is used to resolve the conflict for all the BIG-IP devices.
  6. If you want to save a snapshot of the BIG-IP device's configuration before importing their services, select the Create a snapshot of the current configuration before importing check box.
  7. Click the Create button at the bottom of the screen.
 
 

What is a BIG-IP Device Service Clustering (DSC) group and how do I start managing it from BIG-IQ?

Device Service Clustering, or DSC®, is a BIG-IP® TMOS® feature that lets you organize BIG-IP devices in groups to share configurations. These groups are called device service clusters (also DSC). With BIG-IQ®, you can easily manage devices configured in a DSC from one centralized location.

Before you can manage BIG-IP systems configured in a DSC, you must:

  • Add the DSC device members to the BIG-IP Devices inventory.
  • Add the DSC group to the BIG-IP Clusters inventory.

When a device service cluster is in the BIG-IP Cluster inventory, you can view its properties and the devices within those groups, and synchronize their configurations, all without having to log in to each device individually.

Note: For specific information about BIG-IP DSC groups, refer to the BIG-IP® Device Service Clustering: Administration guide.

Discover BIG-IP Device Service Cluster groups

You must add the BIG-IP devices configured in a DSC to the BIG-IQ system's BIG-IP Device inventory before you can discover DSC groups.

All BIG-IP devices in a cluster must be running the same software version and the same settings for:

  • Pools
  • Traffic-groups
  • VLANs
  • Tunnels
  • Route domains

The BIG-IQ DSC Groups inventory screen shows you a centralized view specific to DSC clusters.

Note: The Cluster Display Name displays on this screen only for managed BIG-IP devices in a DSC.
Important: BIG-IQ supports only two BIG-IP system in a DSC.
  1. At the top of the screen, click Devices.
  2. On the left, click BIG-IP CLUSTERS > DSC groups.
  3. Click the Discover button.
  4. Select the devices in the Available list, and then click the right arrow to add them to the Selected list.
    This list is populated from the BIG-IP Device inventory list. If you can't see all of the available devices listed, left-click the right bottom corner of the list and use your cursor to expand the dialog box.
  5. Click the Discover button.
The DSC Groups list refreshes to display the discovered DSC group.

Viewing the BIG-IP Clusters inventory and the properties of a DSC cluster

You must add a BIG-IP device configured in a DSC to the BIG-IP Devices inventory list, and discover the cluster from the DSC Clusters inventory list before you can see the cluster listed on this screen.

From the DSC Groups inventory screen, you can see the following details about each existing DSC cluster, including:

  • synchronization status
  • name
  • cluster type
  • last refresh dates
  • devices in the DSC group
  1. At the top of the screen, click Devices.
  2. On the left, click BIG-IQ CLUSTERS > DSC Groups.
    The screen displays the list of DSC groups defined on this device.
To view the properties of a cluster, including the trust domain certificate associated with this DSC group, click the cluster's name.

Synchronizing configurations between BIG-IP devices in a DSC cluster

You must add a BIG-IP device configured in a DSC to the BIG-IP Devices inventory list and discover the DSC from the DSC Groups inventory list before you can synchronize BIG-IP devices configured in a DSC.

Synchronizing configuration between BIG-IP devices in a DSC cluster saves you time because you don't have to log on to each BIG-IP device in the cluster individually.

Important: Unmanaged BIG-IP devices in a DSC do not display the Sync button.
  1. At the top of the screen, click Devices.
  2. On the left, click BIG-IQ CLUSTERS > DSC Groups.
    The screen displays the list of DSC groups defined on this device.
  3. Click the name of the cluster you want to synchronize.
  4. Click the Refresh Status button to get the most current sync status for the devices in the DSC group.
  5. For the Sync Option setting, select one of the options:
    • Device to Group - Select this option to prompt the BIG-IP device to synchronize its configuration with other device(s) in the DSC group.
    • Group to Device - Select this option to prompt the DSC group to load its configuration onto the BIG-IP device.
  6. Click the Sync button.
  7. To close the screen, click the Close button.