Cloud is all the rage these days as it has matured into a bona fide, viable option to deploy your applications. While attractive, you may also want to apply, mimic or sync your traditional data center policies like high availability, scalability and predictability in the cloud.
Here we’ll walk through how to create a simple single NIC (sometimes called “one ARM”) instance of BIG-IP VE in the Amazon Web Services console.
Open the AWS management console and click VPC (Virtual Private Cloud) to dive right into the VPC wizard and create a simple, single public subnet VPC.
Give it a name, accept the other defaults and click Create VPC. When it creates a VPC, it also creates a security group for the VPC. There we’ll want to check some of the rules associated with the security group.
You may also want to update the Name tag field so you can more easily find your group going forward.
The source can be the security group itself or you can replace with a specific IP range. While not the safest, here we’re allowing all traffic. You can also edit the outbound rules if needed.
Next, for our application server, we’ll want to create an EC2 instance of a Microsoft Windows machine with a webpage on it in the VPC. The location of your application server is up to you. For this article, you can see we’ve created an application server with a private IP address along with a corresponding public IP address. You don’t need the public address unless you need to connect directly to the app server.
Next we’ll want to deploy an instance of BIG-IP in the VPC. We’ll search the Marketplace for BIG-IP hourly but you can also use your current BIG-IP license in a Bring Your Own License scenario. There are various throughput limits and BIG-IP module bundles so choose what’s appropriate for your situation. (See this doc for more info on recommended instances)
We’ll choose our region and click continue and then Launch.
We’ll then want to select an instance type and when we get to the Instance Details screen, we’ll choose the VPC and subnet we created earlier. You can make more adjustments here or simply accept the auto-assign defaults.
We’ll move through the Storage step and hit the Add Tags spot and give it a name value, like BIG-IP VE1. Often it is just a simple name so you can find it in the list of instances.
Next we select the existing security group we created or we can create a new one. Since the one we created was wide open, you could create one that allows only port 22 (for SSH), port 443 (for web application/virtual server traffic), and 8443 (for management/Config utility access).
Once that’s done we’ll click launch and select our key pair. You’ll use the key pair when you use SSH to connect to BIG-IP VE.
We get the status page as it launches. The one thing to remember is to allocate an elastic public IP so the BIG-IP instance can hit the license server for verification. You can also use that public IP to connect to the config utility and as the Virtual server address. Once the BIG-IP instance is up and running, you can’t access it until you’ve connected and set a strong admin password. You can do this with PuTTy and the key (Connection > SSH >Auth).
Once we’ve locked it down with a strong password, we’ll use the public IP and take a look at the Config utility which allows us to manage our BIG-IP. Using the new password, now we’re able to start the BIG-IP setup wizard like you would any other BIG-IP. That public IP will be the target to serve traffic to the application through BIG-IP.
From here, you can also update management ports, provision modules, and of course, create the virtual server(s) and pools for your application.
Go back to the AWS console, get the private address of the webserver and that becomes the resource address for your pool.
Same thing for the virtual server. Go to AWS, grab the BIG-IP private address (as opposed to the webserver above) and that is what you enter for the virtual server.
Finish the other resource settings, including the appropriate pool and the virtual server is live and visitors can now enjoy the application. We can add whatever services and profiles we need for a fast, available and secure application.