Applies To:
Show VersionsBIG-IQ Centralized Management
- 5.1.0
Preliminary tips for putting an Access group together
As you start to think about how to group BIG-IP® devices into Access groups that share a configuration, there are a few things you might want to keep in mind. When you select the source device for an Access group, you are selecting the shared configuration for all of the devices in the group. (You can change the source device if needed.)
When you add BIG-IP devices to an Access group, Access evaluates the differences between the source device and the other devices in the group. Access reports the differences for your information. If you need to make configuration changes on any of the devices, Access lets you know which non-source device to change, and which object to update, delete, or add.
Things to know about machine accounts
Machine accounts support Microsoft Exchange clients that use NTLM authentication. An NTLM Auth Configuration object refers to a machine account. If the APM® configurations on the BIG-IP® systems include machine accounts, you might want to be aware of the following information.
In an Access group, the machine accounts on the source and non-source devices must each have been created with the same name. If this is not the case, the deployment fails. The deployment differences will include the names of the devices on which you must reconfigure the machine accounts before you can successfully deploy.
Things to know about bandwidth controller configurations
On a BIG-IP® device, bandwidth controller configuration objects (policies and priority groups) are configured at the system level. In APM ®, they are used to provide traffic shaping for Citrix clients that support MultiStream ICA. In an access policy, a BWC policy item refers to a bandwidth controller policy. If the APM configurations on the BIG-IP systems refer to bandwidth controller objects, you should be aware of the following information.
The bandwidth controller configuration objects on the source device are treated as if they were part of the Access shared configuration. That means when you import the APM service configuration from a source device, the bandwidth controller objects are imported and cannot be updated in the BIG-IQ® system. When you deploy the configuration, deployment creates the bandwidth controller objects on the non-source devices.
Access requirements for HA pairs and clusters
For BIG-IP® system high availability, APM ® supports two devices in a Sync-Failover group; these devices can also be referred to as an HA pair.
Access has these requirements for HA pairs on BIG-IQ® system configuration:
- If you import a device that is part of an HA pair, you must import the other device in the pair as well. Access must manage the configuration for both devices.
-
When you import the
devices that are
an HA pair,
you must place both devices in a cluster that contains only that pair.Note: This is not enforced when you add devices to a cluster. But when you try to deploy the configuration, Access reports errors and deployment fails.
- When you add devices to an Access group, you must add both members of a cluster to the same
Access group. (You can add all clusters to one Access group or add clusters to multiple Access
groups.)Note: Access enforces this requirement.
To avoid problems after you create Access configurations on the BIG-IQ system, you should know which devices constitute each HA pair.