Forum Discussion
NimbostratusShould F5 deprecate Device-Groups "device_trust_group" and "datasync-global-dg"?
Looking to gather some ideas and peer opinion before submitting a RFE. If you agree or disagree, or have a better proposal, please let me know below or just upvote/downvote this post.
Problem/Scope:
In newer versions of BigIP, HA configuration is polluted by 2 stationary vendor Device-Groups.
(since 11.6 it's visible in GUI, but has been around since 11.0 LTM)device_trust_group
(has been around since 11.6 ASM).datasync-global-dg
Both Device-Groups are essential for one or more HA-related functions. Functions of those Device-Groups can't be modified, those groups cannot be renamed or deleted; they are deployed without any user consent.
In v11.6 or later, a basic BigIP deployment that provisions LTM and ASM module with Network Failover enabled requires by minimum 3 separate Device-Groups. HA configuration is arguably one thing that has gotten needlessly troublesome in recent versions. In regards to day-to-day management, Config Sync for junior specialists has gotten more confusing (to which group I sync?)
Solution:
Clean and permanent removal. Hiding these Device-Groups under the carpet, away from user view is not a good workaround - ideally both are eliminated for good. Any functions they serve (no matter how essential) can also be offered as configuration options in user-defined Device Groups.
Regards,
Stanislas_Piro2Cumulonimbus
Hannes,
is required to sync peer configuration.device_trust_groupIf you change the ha config sync interface, the master key, or other base config element, this device group share the change to group automatically. This device group requires to be set in auto mode.
display a warning message when we try to sync that service may restart. It should be in manual sync!datasync-global-dg