What is BIG-IQ?

tl;dr - BIG-IQ centralizes management, licensing, monitoring, and analytics for your dispersed BIG-IP infrastructure.

If you have more than a few F5 BIG-IP's within your organization, managing devices as separate entities will become an administrative bottleneck and slow application deployments.  Deploying cloud applications, you're potentially managing thousands of systems and having to deal with traditionally monolithic administrative functions is a simple no-go.  Enter BIG-IQ.

BIG-IQ enables administrators to centrally manage BIG-IP infrastructure across the IT landscape.  BIG-IQ discovers, tracks, manages, and monitors physical and virtual BIG-IP devices - in the cloud, on premise, or co-located at your preferred datacenter.  BIG-IQ is a stand alone product available from F5 partners, or available through the AWS Marketplace.

BIG-IQ consolidates common management requirements including but not limited to:

  • Device discovery and monitoring: You can discovery, track, and monitor BIG-IP devices - including key metrics including CPU/memory, disk usage, and availability status
  • Centralized Software Upgrades: Centrally manage BIG-IP upgrades (TMOS v10.20 and up) by uploading the release images to BIG-IQ and orchestrating the process for managed BIG-IPs.
  • License Management: Manage BIG-IP virtual edition licenses, granting and revoking as you spin up/down resources.  You can create license pools for applications or tenants for provisioning.
  • BIG-IP Configuration Backup/Restore: Use BIG-IQ as a central repository of BIG-IP config files through ad-hoc or scheduled processes.  Archive config to long term storage via automated SFTP/SCP.
  • BIG-IP Device Cluster Support: Monitor high availability statuses and BIG-IP Device clusters.
  • Integration to F5 iHealth Support Features: Upload and read detailed health reports of your BIG-IP's under management.
  • Change Management: Evaluate, stage, and deploy configuration changes to BIG-IP.  Create snapshots and config restore points and audit historical changes so you know who to blame. 😉
  • Certificate Management:  Deploy, renew, or change SSL certs.  Alerts allow you to plan ahead before certificates expire.
  • Role-Based Access Control (RBAC):  BIG-IQ controls access to it's managed services with role-based access controls (RBAC).  You can create granular controls to create view, edit, and deploy provisioned services.  Prebuilt roles within BIG-IQ easily allow multiple IT disciplines access to the areas of expertise they need without over provisioning permissions.

 

Fig. 1 BIG-IQ 5.2 - Device Health Management

BIG-IQ centralizes statistics and analytics visibility, extending BIG-IP's AVR engine.  BIG-IQ collects and aggregates statistics from BIG-IP devices, locally and in the cloud.  View metrics such as transactions per second, client latency, response throughput.  You can create RBAC roles so security teams have private access to view DDoS attack mitigations, firewall rules triggered, or WebSafe and MobileSafe management dashboards.  The reporting extends across all modules BIG-IQ manages, drastically easing the pane-of-glass view we all appreciate from management applications.

For further reading on BIG-IQ please check out the following links:

Updated May 20, 2022
Version 2.0
  • I read your article and it's very interesting as very useful for me. Many thanks.

     

    Giuseppe