Software upgrade Host Hypervisor and VCMP's planning
Hi All, I am working for a company which asked me to plan a software upgrade of their Big-IP Platform 10250v (D113) which is a cluster of 2 devices in Active/Passive mode. They have the Host running on release of v13.1.0 (released 19/12/2017) and their VCMP's (5 in total) in a mix of v13.1.0.8 (released 26/06/2018) and v14.1.2.2 (released 14/11/2019). I looked up the details and at this moment their platform is as of 21st of April 2020 in EoNSS State which means no upgrade to v16x anymore in the near future but v15.1.x is supported. So far not a problem and I proposed to bring the full cluster to the latest release of v14.1.x first and in a next phase to v15.1.x so they can benefit of the latest security stuff and on long term support release to be compatible as long as possible on this platform (they wan't to look for a replacement in 2022 but not sooner). Now their remark was that the HostHypervisoris not parsing any traffic and only hosting the VCMP's so they don't see the need on upgrading that platform and only want to focus on the VCMP's. In the documentation I found it's perfectly OK to do this as long as you're running anything from v11.4.1 HF3 - v15.1.0.11.3.0 on the Host and same for the Guest. F5 however recommends running the most recent version on both Host and VCMP. So my question is now is if anyone has an ideahow I could"convince/proof"that the Host upgrade is preferred as well? In the release notes there is the huge list of improvements but nothing specific in regards Host vs VCMP. For now I plan to do the VCMP's only but would like to do the Host as well.
F5 VCMP Security
Hi, We are trying to deploy 5250 in our DMZ network and make use of VCMP feature to host both internal and external applications as two different guests (internal as one instance and external as another instance). I would like to know how secured is VCMP from the hypervisor perspective?if external instance gets compromised, how does F5 provide security on this? Please shed some light on this. Thanks, Sekhar
