BIG-IQ 4.4

BIG-IQ 4.4 was recently released. This new release includes enhancements to BIG-IQ components for Cloud, Security and Device management.

BIG-IQ is an intelligent framework for managing and orchestrating F5 security and application delivery solutions. A key part of F5’s innovative Synthesis architecture, BIG-IQ manages BIG-IP devices, F5’s ASM and AFM security solutions and orchestrates the delivery of Software Defined Application Services (SDAS) both locally and in the cloud. BIG-IQ is application centric and provides Role-Based Access Control (RBAC) to simplify management and orchestration.

BIG-IQ has an innovative UI and is built on an open and comprehensive set of RESTful APIs that allows networking professionals’ access to every feature and function of the solution. BIG-IQ also creates a library of iApp templates – allowing cloud providers to offer cloud tenants easy access to application specific network services.

Product/Feature Release Highlights:

Intelligent Services Orchestration

This new release includes dozens of new and enhanced features in 5 primary areas of focus:

Enhanced connectivity with support for VMware NSX, OpenStack (Havana) and Microsoft Hyper-V Network Virtualization(HNV – i.e. the NVGRE protocol)
Improved management of F5 BIG-IP devices with an upgrade advisor, support for utility licensing and management of clusters of BIG-IP devices
Improved management infrastructure with enhanced authentication, RBAC on device groups and bulk device import
Scalability with distributed data center high availability (HA) and support for scalable N-Way HA
Enhanced firewall management with efficient bulk firewall policy editing

Enhanced Connectivity with VMware NSX and OpenStack

BIG-IQ 4.4’s support for NSX 6.1 fulfills F5’s promise of interoperability between F5’s BIG-IQ® management platform and the VMware NSX™ network virtualization platform for rapid orchestration of layer 2–7 network and application services in the software-defined data center (SDDC). This marks the latest in a series of collaborative efforts between the companies to bring compelling IT benefits to their mutual data center customers.

The F5 and VMware NSX technologies interoperate with management plane-level REST-based APIs that are used by F5 BIG-IP to register and deploy application services that can be consumed by F5 users in their software-defined data center. The NSX traffic steering capability enables traffic to be redirected to the F5 service. This combination allows F5 iApps® to be leveraged by NSX, and to be consumed as vendor templates that F5 customers can instantiate with application-specific parameters.

BIG-IQ 4.4 also provides enhanced connectivity to OpenStack based environments. BIG-IQ 4.4 will ship with both a dedicated connector for OpenStack and an LBaaS plug-in. The LBaaS plug-in allows organizations to manage their physical and virtual F5 BIG-IP® devices in OpenStack environments through OpenStack’s Horizon dashboard. BIG-IQ’s OpenStack connector allows BIG-IQ to orchestrate the delivery Software Defined Application Services (SDAS) utilizing F5’s powerful iApp technology. Together, these new offerings from F5 extend the F5 Synthesis™ architecture into the world of OpenStack.

What’s new in BIG-IQ?

BIG-IQ Security

With the Network Security module, BIG-IQ provides central firewall management for multiple BIG-IP systems that have Advanced Firewall Manager (AFM) installed and provisioned. BIG-IQ also provides application management for multiple BIG-IP systems that have Application Security Manager (ASM) installed and provisioned.

The following features are new to release 4.4.0.

Support BIG-IP v11.4.1 interoperability using iControl SOAP.
Efficient firewall policy editing through the user interface.
Support upgrade from v4.3 to v4.4 for BIG-IQ Security module
Transition from iControl SOAP to iControl REST for BIG-IP system firewall management. BIG-IP system builds are now available for v11.6 and 11.5.1.
Release version 4.4 uses the iControl REST interface with newer BIG-IP software releases. This interface enables faster device interaction and better error-reporting.
User-defined device grouping and the ability to deploy to a group.
You can now group managed devices, and you are able to deploy to the whole group.
BIG-IP system support for geo-location.
Version 11.5.0 and above. In this release, BIG-IQ Network Security broadens its support for critical AFM features such as geo-location.
BIG-IP system support for iRule actions,
Version 11.5.0 and above. In this release, BIG-IQ Network Security broadens its support for critical AFM features such as iRule actions.
Event-Logging interface for BIG-IQ Web Application Security
This is a new screen for managing Web-Application events from multiple BIG-IP devices.

BIG-IQ Cloud

Enhanced Connectivity with VMware NSX, Microsoft and OpenStack

BIG-IQ 4.4 also provides enhanced connectivity to OpenStack based environments. BIG-IQ 4.4 will ship with both a dedicated connector for OpenStack and an LBaaS plug-in. The LBaaS plug-in allows organizations to manage their physical and virtual F5 BIG-IP® devices in OpenStack environments through OpenStack’s Horizon dashboard. BIG-IQ’s OpenStack connector allows BIG-IQ to orchestrate the delivery Software Defined Application Services (SDAS) utilizing F5’s powerful iApp technology. Both RedHat and Ubuntu packages are included. Together, these new offerings from F5 extend the F5 Synthesis™ architecture into the world of OpenStack.

New in BIG-IQ 4.4 - Microsoft SCVMM plugin

A new System Center Virtual Machine Manager (SCVMM) plugin that uses NVGRE allows a BIG-IP VE to act as a gateway in a Hyper-V network.

BIG-IQ Device

BIG-IP Upgrades

You can use BIG-IQ Device to centrally upgrade BIG-IP devices running version 10.2.0 and later.

BIG-IP Image Deployment

From BIG-IQ Device, you can centrally deploy BIG-IP system configurations to hardware or virtual machines located in your local network or in VMware, OpenStack, or Amazon cloud environments.

BIG-IP License Management

BIG-IQ Device now includes utility licensing features. This include support for various billing options, support for license grants, or seat licenses, in addition to usage reporting.

BIG-IP Cluster Display

You can now view clustering information for managed devices. This includes trust domains, sync groups, and failover groups.

3rd-Party Authentication Support

BIG-IQ Device now supports RADIUS and LDAP authentication.

Role-Based Access Control

Administrators can now control access to managed device functionality through BIG-IQ Device based on specific roles.

Bulk Discovery

You can configure BIG-IQ Device to discover multiple BIG-IP devices in one task, as opposed to discovering them individually.

BIG-IQ Active-Active Configuration

You can configure BIG-IQ systems in an active-active, high availability (HA) configuration, ensuring immediate configuration synchronization on peer devices. This provides failover protection in the event that if a BIG-IQ system in an active-active HA configuration fails, a peer BIG-IQ system takes over the device management.

For more information about this release, refer to:

BIG-IQ Product Information

https://f5.com/products/big-iq

F5 alliance with VMware

https://f5.com/partners/product-technology-alliances/vmware

F5 alliance with OpenStack

https://f5.com/partners/product-technology-alliances/openstack

Documentation:

http://support.f5.com/kb/en-us.html

API Documentation

https://devcentral.f5.com/s/d/tag/big-iq

Software lifecycle policy: