Upgrading to BIG-IQ 5.2

Today F5 posted the latest release of BIG-IQ.  This release, v5.2.0 introduces some important new functionality.  Let’s take a look at what’s new – and what you will need to know to upgrade to the new release.

So how do you upgrade from 5.0 or 5.1 to 5.2?

Here are a few key points:

1. You need to be running at least BIG-IQ 5.0 – if you have earlier version, you will need to upgrade to 5.0 before moving on to 5.2
2. The upgrade process will retain your configuration and settings – but … you will need to re-import your BIG-IP devices. You can do this though the UI or through a script that F5 provides.  Be careful with that script – in fact, work with F5 support or one of our SEs before running it – with great power comes great responsibility.
3. Before you upgrade:
   1. Re-activate your BIG-IQ system license
   2. Remember to Create a backup of the BIG-IQ system's current compressed user configuration set (UCS) and store it on a remote server.
   3. Decide which disk volume you want to install the upgrade on. You must have at least two volumes to upgrade BIG-IQ.
4. You'll need to create a 16-character passphrase for the Master Key. You must use the same Master Key Passphrase for each BIG-IQ system in an HA pair and every device in a Logging Node cluster.
5. If your BIG-IQ is configured in an HA pair, you will need to remove the secondary system, upgrade the primary and secondary and re-establish the HA configuration

What about logging nodes?

BIG-IQ DCDs (formally known as logging nodes) are required for collecting BIG-IP statistics for Dashboards and Reports.  DCDs are free of charge – but you will need a zero-cost license key to install.

Users can preserve their logging node data when upgrading 5.x to 5.2. DCDs can be installed in clusters for increased availability.  If you use a Logging Node cluster to store and manage your alerts and events you will need to take the cluster off line before upgrading.  Be sure to do this during a maintenance window. 

F5 now has a sizing guide that will help you determine the number of DCD’s you will require.  See the link at the end to see the sizing guide.

The actual process is a bit more involved – here is a flow chart of upgrade steps.

Here is a helpful table for collecting the information you will need prior to upgrading.

Device	Information Needed	Information Recorded
Primary BIG-IQ Centralized Management device	Management IP address Admin user name and password Root access password
Secondary BIG-IQ device	Management IP address Root access password
Data Collection Devices	Management IP address Root access password
Storage Machine	IP-address Storage file path Read/Write permissions for the Storage file path Root access password

 

So what is new in BIG-IQ 5.2?  Let’s take a look

New User Interface

Previous versions of BIG-IQ were organized, in part, by BIG-IP module. While this made it easy for someone interested in LTM management to click on the ADC tab, it leads to duplication of functionality and lot of extra clicks before users found what they were interested in.

5.2, however, reorganizes the product by function.  It now has tabs including

• Monitoring - dashboards, reports, events/alerts and audit logs
• Configuration - managing policy for LTM, APM, AFM and ASM
• Deployment – Manage configurations that have been or will be deployed to BIG-IPs
• Device – Device inventory, back/restore configs and images, snapshot management, and license management
• System – configure and manage your BIG-IQs

Greater Scale

In BIG-IQ 5.2 we have also increased scale, now supporting up to 400 LTM devices and 300 AFM devices based on BIG-IQ running on a 64Gbit VM. For other scale targets, contact your F5 sales representative.

Statistics and Dashboards into your BIG-IP environment

You can now gain insight into your BIG-IP environment when enabling the statistics collection in BIG-IQ. Charts and data cover the following:

• BIG-IP Device Health
• BIG-IP Traffic
• Virtual Server
• Pool and Pool Members
• iRules
• DNS

For each area listed above, you'll find numerous charts and data, such as CPU, memory, swap, disk, interface traffic, throughput, connection, HTTP, and a plethora of DNS statistics. Controls allow you to view data live or view historical data. You can create comparison charts comparing collected metrics across devices, virtual servers, and so on.

The statistics requires deployment of at least on BIG-IQ console node and at least one BIG-IP Data Collection Device (DCD – previously called logging nodes). F5 recommends deploying the BIG-IQ console node in a virtual machine with a minimum of 4 CPUs and 16GB of memory allocated and the BIG-IQ DCD nodes in a virtual machine with 8 CPUs and 32GB of memory.

SSL Certificate Management

Enchants certificate management allows you to track and alert on expiration of SSL certificates and upload keys and certificates to managed devices in your network.

APM Centralized Policy Management

Configure access policies using the Visual Policy Editor

For Access Policy Manager, you can now also use BIG-IQ to centrally manage your security policies. You can compare, edit, verify, stage, and audit policies, as well as deploying policies to multiple devices.

BIG-IQ 5.2 provides extensive reporting and dashboards for tracking your APM infrastructure, your applications and users.  Access reports and SWG reports provide the following features.

• Reports on any combination of discovered devices, Access groups, and clusters
• Graphs for typical areas of concern and interest, such as cross-geographical comparisons or top 10 issues
• Tabular data to support the graphs
• Ability in some screens to drill down from summarized data to details
• Ability to save data to CSV files

BIG-IQ includes Access dashboards for:

• Application use
• Users and their sessions
• Sessions (sessions can be denied from the Dashboard)

ASM

• Central event tracking
• Support for layered policies in F5 ASM 13.0

Global Search

You can use the new global search feature to perform a deep search across all managed devices for objects, users, tasks, profiles, and more. From the search window, you can then filter your results, see related resources, or find user activities. You can even create advanced queries and save your favorite searches.

Partial Deployment

You can evaluate and deploy partial configurations to all managed devices (except APM).

Alert Logging

A new alert dashboard provides you a catalog of alerts raised by the BIG-IQ system.

API Documentation

Select API documentation for critical workflows can help you create your own automated solutions. Documentation for

DoS configuration management

You can discover, import, modify and then deploy back the DoS Device configuration to each managed BIG-IP device for which you have provisioned Advanced Firewall Management.

Logging profile configuration management

You can deploy, edit, and create logging profiles on virtual servers on managed devices.

Hopefully this gave you a taste for BIG-IQ.  To learn more

Upgrade Links:

• F5 BIG-IQ Centralized Management: Data Collection Device Sizing Guide
• F5 BIG-IQ Centralized Management: Upgrading Logging Nodes to Version 5.2 While Preserving Existing Data
• F5 BIG-IQ Centralized Management: Upgrading Logging Nodes to Version 5.2 Without Preserving Existing Data
• F5 BIG-IQ Centralized Management: Upgrading Version 5.x to Version 5.2

Other Useful links:

• BIG-IQ 5.2 Overview Video
• Certificate Management with BIG-IQ 5.2 Video