Introduction
This article is part of a series on implementing Orchestrated Infrastructure Security. It includes High Availability, Central Management with BIG-IQ, Application Visibility with Beacon and the protection of critical assets using F5 Advanced WAF and Protocol Inspection (IPS) with AFM. It is assumed that you have an active F5 Beacon account with Cloud Services.
If you need help setting up BIG-IQ for the first time, refer to the Dev/Central article series Implementing SSL Orchestrator here. That article covers SSL Orchestrator but the procedure to add Advanced WAF and AFM to BIG-IQ is the same.
This article focuses on configuring BIG-IQ with Beacon.
Please forgive me for using SSL and TLS interchangeably in this article.
This article is divided into the following high level sections:
- Initial setup of Beacon and BIG-IQ
- Adding BIG-IQ to the Beacon Application Map
Initial Setup of Beacon and BIG-IQ
Login to the Cloud Services portal to configure Beacon for BIG-IQ here.
From Beacon select Application Landscape > Configuration.
Select Integrations then Show Integration Details for F5 BIG-IQ.
In order to complete the next steps you will need access to the BIG-IQ CLI. Click the Copy button below.
Paste this into the BIG-IQ CLI and hit enter or return to begin the install.
Next click the second Copy button as indicated below.
Open a text editor like Notepad and paste the contents of the Clipboard.
We need to replace <Beacon access token> with a legitimate access token. Back to Configuring BIG-IQ select Click here to generate a new token.
Select Create on the next screen.
Give it a name, BIGIQ in this example and select Create Token.
Click Show.
Select the entire Access Token and copy it to your Clipboard.
Go back to your text editor and replace <Beacon access token> with the one just created.
Select the entire CLI command and copy it to your Clipboard.
Paste the command into the BIG-IQ CLI and click enter or return.
Follow the prompts to finish:
Downloading https://beacon-integrations.s3.amazonaws.com/big-iq/beacon_integration.py to /shared/beacon/beacon_integration.py...
Beacon user/email: <your email>
Beacon password: <your password>
Enable auto-update of the Beacon integration script? [y/n] y
How frequently should the script run in minutes? [1-30] 1
Done.
Check the output of the cron job to verify it succeeded. It should look something like the following.
Adding BIG-IQ to the Beacon Application Map
Now that BIG-IQ is sending statistical data to Beacon you can add it to your Application. From F5 Beacon select Application Landscape. Select your Application from either Map View or List View.
Click on your App Name.
This will open your Application Map. Toggle to Edit Mode so we can add BIG-IQ.
You can add BIG-IQ to the map by selecting a Component then select Add Component.
This opens the Component Details screen. Give it a name, BIGIQ in this example, then select Save & Continue.
Select Add to add Metric Health Conditions.
Give the Metric a name, BIGIQ_CPU in this example. Click the down arrow next to Source Type and select bigiq-system.
Click the down arrow next to Metric and select systemCpuUsage.
Configure appropriate values for CRITICAL and WARNING then click Add.
Click Save on the next screen.
Your Application Map should look like the following. DO NOT forget to click Save!
Summary
In this article you learned how to configure BIG-IQ to send statistical data to Beacon. You also learned how to add that data to an Application Map.
Next Steps
Congratulations! Your configuration is now complete.