This blog post will provide a high-level overview of the steps required for adding a new F5 BIG-IP device to an existing device group and syncing the group configuration to the new device. The steps listed below assume each BIG-IP device is of the same series and model, running the same software version, and therefore fully compatible.
It is possible to add a device of a different series and/or model to the device group and sync the configuration between them. However, if you use the embedded HSM to store your digital certificates and keys, the new BIG-IP device must be of the same series as the current device to sync that information. Otherwise, you will have to add your certificates and keys manually to the new device upon initial configuration, and each time you renew or add new certificates and/or keys. Therefore, any attempt to deploy such a configuration may not be possible and is not advisable.
The information provided below is intended for educational purposes only and is in no way intended to supplant official guidance from F5 Support. Any use of the information contained herein should be followed at your own risk.
Before getting started, several configuration tasks need to be completed. Each environment is different, and the following list may not be exhaustive.
Upon first boot, login to the command line via the console and change the boot location to the version closest to, but not higher than, the version running on your existing BIG-IP device. In many cases, you will have to update the software from there to match your existing device exactly.
After rebooting into the boot location with the software version nearest your existing device, use the screen on the front panel of the device to configure the management interface IP information and confirm access to the Configuration Utility GUI via the web browser. The default login credentials are below:
The next step will be the initial BIG-IP setup, during which you will configure basic device settings. Again, this list may not be exhaustive and there may be some sections you can skip and configure later.
The final preparation step is to update the BIG-IP device software version to the same version running on your existing device(s). You can download the BIG-IP software from downloads.f5.com and then upload it to your device to perform the update.
Before we can add the new device to the device group, a few more configuration items need to be addressed on the new BIG-IP. All of the below configuration settings can be accessed in the Device Management and Network areas of the Configuration Utility located in the navigation bar down the left side of the screen.
After making the above configurations to the new device, make sure the device is in the “Forced Offline” state to avoid any potential network problems until after the initial syncing of the configuration is complete.
Lastly, you are ready to sync the configuration between the devices. Be sure to do this from the existing device.
Login to the new device and confirm the configuration has been successfully synced over. The best way to do this is to pull up the Network Map on both the existing and new devices and compare. From this screen, you will be able to see objects such as Virtual Servers, Pools, Pool Members, Nodes, iRules, etc.
If you make use of the ASM module, be sure to check the Application Security Policies. In my experience, while the policies do sync over, the Enforcement Mode was set to “Blocking” for every policy. This may not be the desired configuration, and you will need to change the Enforcement Mode manually on a per-policy basis to meet the needs of your environment.
Once you have confirmed that everything is as desired configuration-wise between your devices, you are ready to bring the new BIG-IP device online and failover to it. At this point, you can monitor traffic from the Statistics tab to ensure that the Virtual Servers are processing traffic as expected. If you notice any issues or receive reports of issues from users, you can always failover back to the original device while troubleshooting.
This blog post will provide a high-level overview of the steps required for adding a new F5 BIG-IP device to an existing device group and syncing the group configuration to the new device. The steps listed below assume each BIG-IP device is of the same series and model, running the same software version, and therefore fully compatible.
It is possible to add a device of a different series and/or model to the device group and sync the configuration between them. However, if you use the embedded HSM to store your digital certificates and keys, the new BIG-IP device must be of the same series as the current device to sync that information. Otherwise, you will have to add your certificates and keys manually to the new device upon initial configuration, and each time you renew or add new certificates and/or keys. Therefore, any attempt to deploy such a configuration may not be possible and is not advisable.
Oracle Access Management (OAM) is Oracle’s solution for user management. The software is part of the Fusion Middleware Infrastructure family and can be integrated with both Oracle and non-Oracle software. OAM provides an enterprise-level platform that delivers user authentication and single sign-on (SSO) capabilities in a simple web-based console. Access Manager SSO allows for entities to access multiple applications after authentication and reduces the need for multiple logins.
This is the second blog post in a two-part series examining test automation software. This blog post focuses on lessons learned for finding the right software product for your organization. We recommend you also read our first post, which is dedicated to understanding the process for moving from manual to automated testing.