What's new in BIG-IQ v8.4.1?

Key Concepts

• BIG-IQ 8.4.1: F5’s centralized management platform for BIG-IP devices.
• TAOS: Traffic Analysis Optimization System – a layer within BIG-IQ enhancing security.
• MCP: Multi-Cloud Placement – profiles for version 21, supported in BIG-IQ 8.4.1.
• SSO Orchestrator: Single Sign-On orchestrator, now generally supported up to version 13 in BIG-IQ.
• Venifi Trust Protection Platform: Platform for automating SSL certificate and key management.
• IMD SV2: Instance Metadata Service Version 2 – AWS security protocol support.
• AS3: Application Security Manager – templates supported in the latest version.
• F5OS: F5’s operating system, used on R series and Velance platforms.
• AFM: Adaptive Firewall Manager – component of network security firewall.
• LTM: Local Traffic Manager – component for traffic management.

BIG-IQ 8.4.1: New Features and Device Management Demonstration

This demonstration details the new features and functionalities available in BIG-IQ 8.4.1, focusing on device addition, software upgrades (both BIG-IQ itself and managed BIG-IP devices), and support for new platforms like the R series.

New Features in BIG-IQ 8.4.1

BIG-IQ 8.4.1 introduces several key enhancements:

• BIG-IP Version Support: Expanded support for BIG-IP versions 17.5 and 21.0.
• Enhanced Security: An updated TAOS layer improves both security efficacy and system resilience.
• MCP Profile Support: Inclusion of MCP profile support for version 21, enabling multi-cloud placement capabilities.
• Improved Visibility: Enhanced visibility and management capabilities for both BIG-IP devices and F5OS platforms.
• SSO Orchestrator Support: General support for SSO orchestrator version 13 is now included.
• Certificate Automation: Automated and centralized management of BIG-IP SSL device certificates and keys, with integration with the Venifi Trust Protection Platform.
• Cloud Integration: Alignment with AWS security protocols, specifically IMD SV2, facilitating secure partnerships with AWS.
• AS3 & Template Support: Support for the latest version of AS3 and associated templates.
• IPv6 Support: Full IPv6 support is implemented.

Adding BIG-IP Devices to BIG-IQ

The demonstration begins with adding two BIG-IP devices to the BIG-IQ management platform. The process involves:

1. IP Address & Credentials: Entering the IP address, username, and password for each BIG-IP device to establish a secure connection.
2. Trust Establishment: Initiating a trust relationship between BIG-IQ and the BIG-IP device.
3. Component Discovery: BIG-IQ automatically discovers the installed components on each device (e.g., LTM, SSL Orchestrator, Network Security Firewall, AFM).
4. Import Tasks: Performing import tasks, including creating a snapshot of the existing configuration.
5. Component Import: Importing specific components like LTM (Local Traffic Manager) and SSL, or Shared Security and AFM (Adaptive Firewall Manager), depending on the device’s configuration.
6. Managed Status: Once imported, the devices are displayed as “Managed by BIG-IQ.”

Backing Up Configuration

Following device addition, a backup is scheduled to ensure configuration preservation. This involves selecting the newly added devices, saving the selection, and initiating the backup process. The backup runs in the background.

Upgrading BIG-IQ Software

The demonstration then showcases upgrading the BIG-IQ software itself to version 8.4.1. This is performed via the CLI (Command Line Interface) to specify a different volume for installation. The upgrade process requires a reboot of the BIG-IQ system. Upon reboot, the system confirms successful upgrade to version 8.4.1.

Upgrading BIG-IP Devices

The process of upgrading managed BIG-IP devices is then demonstrated. This involves:

1. ISO Image Selection: Selecting the desired software version (in this case, 21.0) from pre-uploaded ISO images.
2. Device Selection: Adding the target BIG-IP device to the upgrade job.
3. Volume Specification: Specifying the new volume for the upgrade.
4. Installation Process: Initiating the upgrade process, which includes image copying, verification, and installation. This is a lengthy process, and the demonstration is fast-forwarded.
5. Verification: Confirming successful installation and verifying that the BIG-IP device is now running version 21.0.

Adding an R Series Device (F5OS)

The demonstration concludes with adding an R series device running F5OS to BIG-IQ. The process mirrors the BIG-IP addition:

1. IP Address & Credentials: Entering the IP address, friendly name, username, and password for the R series device.
2. Backup: Performing a quick backup of the R series device.
3. Scheduling Backup: Scheduling a backup for the newly added device.

Notable Quote

While no direct quotes were provided, the demonstrator emphasized the ease of specifying installation volumes via the CLI during the BIG-IQ upgrade, stating, “I’m going to load it from the CLI because it uh can easily specify a uh different volume to install it on.”

Logical Connections

The demonstration follows a logical progression: first establishing the foundation by adding and backing up devices, then upgrading the management platform itself, followed by upgrading the managed devices, and finally extending management to a new platform (R series). This highlights the centralized management capabilities of BIG-IQ 8.4.1.

Conclusion

BIG-IQ 8.4.1 delivers significant enhancements in security, automation, and platform support. The demonstration clearly illustrates the streamlined process for managing BIG-IP and F5OS devices, including software upgrades and configuration backups, all from a centralized interface. The new features, particularly those related to SSL certificate management and cloud integration, position BIG-IQ 8.4.1 as a powerful tool for modern network management.