cancel
Showing results for 
Search instead for 
Did you mean: 
KevinGallaugher
F5 Employee
F5 Employee

Introduction

This article is part of a series on implementing Orchestrated Infrastructure Security. It includes High Availability, Central Management with BIG-IQ, Application Visibility with Beacon and the protection of critical assets using F5 Advanced WAF and Protocol Inspection (IPS) with AFM. It is assumed that you have an active F5 Beacon account with Cloud Services.

If you need help setting up BIG-IQ for the first time, refer to the Dev/Central article series Implementing SSL Orchestrator here. That article covers SSL Orchestrator but the procedure to add Advanced WAF and AFM to BIG-IQ is the same.

This article focuses on configuring BIG-IQ with Beacon. 

Please forgive me for using SSL and TLS interchangeably in this article.

This article is divided into the following high level sections:

  • Initial setup of Beacon and BIG-IQ
  • Adding BIG-IQ to the Beacon Application Map

Initial Setup of Beacon and BIG-IQ

Login to the Cloud Services portal to configure Beacon for BIG-IQ here.

From Beacon select Application Landscape > Configuration. 

0EM1T000002JFdz.png

 

Select Integrations then Show Integration Details for F5 BIG-IQ.

0EM1T000002JC6X.png

 

In order to complete the next steps you will need access to the BIG-IQ CLI. Click the Copy button below.

0EM1T000002JFe0.png

 

Paste this into the BIG-IQ CLI and hit enter or return to begin the install.

0EM1T000002JC6Z.png

 

Next click the second Copy button as indicated below.

0EM1T000002JC6a.png

 

Open a text editor like Notepad and paste the contents of the Clipboard.

0EM1T000002JC6b.png

 

We need to replace <Beacon access token> with a legitimate access token. Back to Configuring BIG-IQ select Click here to generate a new token.

0EM1T000002JFe1.png

 

Select Create on the next screen.

0EM1T000002JFe2.png

 

Give it a name, BIGIQ in this example and select Create Token.

0EM1T000002JC6e.png

 

Click Show.

0EM1T000002JFe3.png

 

Select the entire Access Token and copy it to your Clipboard.

0EM1T000002JC6g.png

Go back to your text editor and replace <Beacon access token> with the one just created.

0EM1T000002JC6h.png

Select the entire CLI command and copy it to your Clipboard.

0EM1T000002JC6i.png

Paste the command into the BIG-IQ CLI and click enter or return.

0EM1T000002JC6j.png

Follow the prompts to finish:

Downloading https://beacon-integrations.s3.amazonaws.com/big-iq/beacon_integration.py to /shared/beacon/beacon_integration.py...

Beacon user/email: <your email>

Beacon password: <your password>

Enable auto-update of the Beacon integration script? [y/n] y

How frequently should the script run in minutes? [1-30] 1

Done.

Check the output of the cron job to verify it succeeded. It should look something like the following.

0EM1T000002JC6k.png

Adding BIG-IQ to the Beacon Application Map

Now that BIG-IQ is sending statistical data to Beacon you can add it to your Application. From F5 Beacon select Application Landscape. Select your Application from either Map View or List View.

0EM1T000002JFe4.png

 

Click on your App Name.

0EM1T000002JC6m.png

 

This will open your Application Map. Toggle to Edit Mode so we can add BIG-IQ.

0EM1T000002JGR0.png

 

You can add BIG-IQ to the map by selecting a Component then select Add Component.

0EM1T000002JGR1.png

 

This opens the Component Details screen. Give it a name, BIGIQ in this example, then select Save & Continue.

0EM1T000002JC6p.png

 

Select Add to add Metric Health Conditions.

0EM1T000002JGR2.png

 

Give the Metric a name, BIGIQ_CPU in this example. Click the down arrow next to Source Type and select bigiq-system.

0EM1T000002JC6r.png

 

Click the down arrow next to Metric and select systemCpuUsage.

0EM1T000002JC6s.png

 

Configure appropriate values for CRITICAL and WARNING then click Add.

0EM1T000002JC6t.png

 

Click Save on the next screen.

0EM1T000002JGR3.png

Your Application Map should look like the following. DO NOT forget to click Save!

0EM1T000002JC6v.png

Summary

In this article you learned how to configure BIG-IQ to send statistical data to Beacon. You also learned how to add that data to an Application Map.

Next Steps

Congratulations! Your configuration is now complete.

Version history
Last update:
‎13-Nov-2020 14:55
Updated by:
Contributors