Enterprise Manager
96 TopicsAMQP Cleartext Authentication
Description The remote Advanced Message Queuing Protocol (AMQP) service supports one or more authentication mechanisms that allow credentials to be sent in the clear. Solution Disable cleartext authentication mechanisms in the AMQP configuration in ubuntu or centos machines disable unencrypted access in the configuration file. >> unencrypted" here refers to client connections. https://www.rabbitmq.com/ssl.html Steps of disabling the AMQP: https://liquidwarelabs.zendesk.com/hc/en-us/articles/360019562832-Disable-cleartext-authentication-option-in-RabbitMQ The above link used for windows vulnerability. Please help in getting resolution for Centos or Ubuntu configuration file.11KViews0likes0CommentsWhat is BIG-IQ?
tl;dr - BIG-IQ centralizes management, licensing, monitoring, and analytics for your dispersed BIG-IP infrastructure. If you have more than a few F5 BIG-IP's within your organization, managing devices as separate entities will become an administrative bottleneck and slow application deployments. Deploying cloud applications, you're potentially managing thousands of systems and having to deal with traditionallymonolithic administrative functions is a simple no-go. Enter BIG-IQ. BIG-IQ enables administrators to centrally manage BIG-IP infrastructure across the IT landscape. BIG-IQ discovers, tracks, manages, and monitors physical and virtual BIG-IP devices - in the cloud, on premise, or co-located at your preferred datacenter. BIG-IQ is a stand alone product available from F5 partners, or available through the AWS Marketplace. BIG-IQ consolidates common management requirements including but not limited to: Device discovery and monitoring: You can discovery, track, and monitor BIG-IP devices - including key metrics including CPU/memory, disk usage, and availability status Centralized Software Upgrades: Centrally manage BIG-IP upgrades (TMOS v10.20 and up) by uploading the release images to BIG-IQ and orchestrating the process for managed BIG-IPs. License Management: Manage BIG-IP virtual edition licenses, granting and revoking as you spin up/down resources. You can create license pools for applications or tenants for provisioning. BIG-IP Configuration Backup/Restore: Use BIG-IQ as a central repository of BIG-IP config files through ad-hoc or scheduled processes. Archive config to long term storage via automated SFTP/SCP. BIG-IP Device Cluster Support: Monitor high availability statuses and BIG-IP Device clusters. Integration to F5 iHealth Support Features: Upload and read detailed health reports of your BIG-IP's under management. Change Management: Evaluate, stage, and deploy configuration changes to BIG-IP. Create snapshots and config restore points and audit historical changes so you know who to blame. 😉 Certificate Management: Deploy, renew, or change SSL certs. Alerts allow you to plan ahead before certificates expire. Role-Based Access Control (RBAC): BIG-IQ controls access to it's managed services with role-based access controls (RBAC). You can create granular controls to create view, edit, and deploy provisioned services. Prebuilt roles within BIG-IQ easily allow multiple IT disciplines access to the areas of expertise they need without over provisioning permissions. Fig. 1 BIG-IQ 5.2 - Device Health Management BIG-IQ centralizes statistics and analytics visibility, extending BIG-IP's AVR engine. BIG-IQ collects and aggregates statistics from BIG-IP devices, locally and in the cloud. View metrics such as transactions per second, client latency, response throughput. You can create RBAC roles so security teams have private access to view DDoS attack mitigations, firewall rules triggered, or WebSafe and MobileSafe management dashboards. The reporting extends across all modules BIG-IQ manages, drastically easing the pane-of-glass view we all appreciate from management applications. For further reading on BIG-IQ please check out the following links: BIG-IQ Centralized Management @ F5.com Getting Started with BIG-IQ @ F5 University DevCentral BIG-IQ BIG-IQ @ Amazon Marketplace8.1KViews1like1CommentHow to make outbound traffic to flow through an F5
Hello, We have an F5 LTM that front our backend middleware server-pair in a HA setup. So F5 serves as a LB that forward incoming traffic to the active one. But we also need the backend server initiated outbound communication session to go through the F5 and carries F5's address as the origin IP. This is needed because we are replacing an existing standalone middleware server with this above F5-HA infrastructure. But we're experiencing some difficulty. What do we need to do to make this above configuration possible?4.6KViews1like11CommentsEmail Notification of Certificate Expiration
Hi All, Hope you are doing well! Can you please help me in getting email notification for certificate expiry using BIG -IQ. I have enable the certificate expiration and gave threshold as 30 Days. But it is triggering email for those certificate as well who are having 200+ , 300+ , etc .. days left to expire. Can you please help me to fix this. Regards, ShashankS700Views0likes3CommentsProblem with HA configuration
Hello everybody, My company system now is located at one Datacenter and now my boss want to split it to two different Datacenters to achieve full redundancy ability for the system (hardware and netwoking)and we can share workload between two Datacenter as well. I have deceiced to extend our VLAN at old Datacenter to new Datacenter via VXLAN with Multicast protocol. I did a LAB with my idea but i have some problems with F5 devices in HA mode(without mirroring state). Please kindly give me some advise. My Lab is look like "topology" attachment. - I run VXLAN via a GRE Tunnel to make it transparent to ISPs and it up and running. - I use VLAN 50 (172.16.1.0/24) for HA purpose to achieve Active/Active mode for a pair of HA devices and also VLAN 200 for Management purpose. You can see the latency on VLAN50, VLAN200 between 2 F5 before config-sync occur as my ping result attachments. https://drive.google.com/open?id=0B1jVb3_KazOfLTVQMU5KaThVV1U https://drive.google.com/open?id=0B1jVb3_KazOfYnpqTV8yWHgzckE https://drive.google.com/open?id=0B1jVb3_KazOfR1huLW93MFJPdEU https://drive.google.com/open?id=0B1jVb3_KazOfSF9VSzBIelczSU0 The problem appear after i create a peer list, device group for two F5s, they never completely perform neighbor. One F5 is always in disconnected mode, the other is always in trust-only mode, please see my "state" attachments. https://drive.google.com/open?id=0B1jVb3_KazOfTTF4b0tuNkIxb0k https://drive.google.com/open?id=0B1jVb3_KazOfSlRtM1dTS0xuV1E When every time i access device management => overview F5 is be hangout and even affect to all the networking performance between to my Switches (network behavior like being flood packet). When i show /var/log/ltm i can see the CMI connection was being flapping may be due to TMM can't perform connect with peer device. I cann't understand what make it happen. https://drive.google.com/open?id=0B1jVb3_KazOfNGhZU0YtWlpYN2s Anyway, my two ASAs can work perfectly on active/active mode. Any advise for me is much appreciated.603Views0likes4CommentsWhat are differences in personality of Bigiq Centralized Management (cm) & Data collection Device (DCD) ?
Hi All, While I was reading about Bigiq, there was mention I have to select one of below mention personality at then time of licensing. Big IQ- Centralized Management (CM) Big IQ Data collection Device (DCD) Can you please refer any documents or kindly describe the major differences?599Views0likes4CommentsDevCentral community platform status update
Another Update (Jun 19) I just finished validating some changes you have asked for: logging in from any particular page will now <gasp> bring you back to that page after login. we auto-expanded the "show more" links in Questions and Article comments with an idea from one of our MVP's @Kai Wilke we fixed a handful of broken navigation links we resolved issues with the Print and Download buttons we fixed some remaining Mobile experience issues with some static pages. we made some changes to the way articles are created (code style bugs and attachments) ---and there is still more to come in the form of updates to the way search results behave and login procedures. Thanks for all the constructive feedback; Quick update (Jun 13) Last night we pushed several front/back-end fixes and features. The team has been consuming all community feedback, arranging and prioritizing actions, specifying changes, and doing what we can to make meaningful improvements. Our updates are iterative;there is more to come. Last night we fixedissues some members were facing around Posting questions, uploading Codeshare files, dead links in Notifications, Asking questions from Topic pages, formatting new and old article components (bold/images), and partial data migrations during account merges. Outside of that we made a raft of updates to the mobile experience on several pages including the home page, topics, and most of the remaining secondary pages. (Search results remain a notable exception; on it's way). Still to come Updates to the registration and login process, link-redirect after login, search-results enhancements (mobile UX and open-in-new-tab functionality), and backing off the persistent “show more” button in Questions are coming in the next few days and weeks. We continue to dedicate ourselves to improving stability, features, and communication related to your community site. Thanks for the continuing feedback; the positive and the negative continues to inform our days/weeks/months. Look for another update mid-late next week when we have more news.560Views3likes3Comments