Professional Documents
Culture Documents
f5 Enterprise Manager
f5 Enterprise Manager
The f5 Enterprise Manager is a tool which can be used for the following:
The f5 Enterprise Manager can be installed as a single unit or in a redundant HA setup with 2 Enterprise
Managers. It can be a standalone unit, or installed as a VMWare virtual device.
Overview:
https://f5.com/products/modules/enterprise-manager
Manual:
http://support.f5.com/kb/en-us/products/em/versions.3-1-1.html?nocache
EHI could utilize the f5 Enterprise Manager (EM) for the following:
The EM can be used to perform searches on any of the current SLB Authority variables with the
exception of Application Owner. Normally the Application Owner is not used as search criteria. The EM
search results can then be filter further for a more defined result, which is a feature that SLB Authority
does not have. Quite often once SLB Authority results are displayed, each result needs to be reviewed in
order to find the desired search criteria.
Since SLB Authority is a data base with manual entries, the information can be outdated and incorrect.
With EM, the actual configuration of the devices is searched and displayed, and the device hostname
along with the specific configuration of the search criteria are displayed.
The EM can search on all devices which it is querying, or it can be used to look at configurations on a
specific device.
SLB Authority has a configuration generator with the output based on the information entered into the
information fields. A similar template/configuration could be set up using the EM.
The above functions are supported on all of the current OS versions that are in use on the network.
Deploying and installing OS upgrades and licenses
The EM can be used as a central point to store and deploy new OS and hotfix files to the devices, and the
EM can also be used to manage the installation of OS and hotfixes to the devices. This function is
supported on the OS version 10 and above.
We do have some non-INET f5’s that are running a version 9 OS, and the EM does not support a version
9 to 10 upgrade, so the devise on version 9 would need to be manually upgraded to version 10.
The EM supports a staged configuration deployment. A configuration can be created and saved as a
stage change, and the configuration can be pushed immediately, or manually initiated at a later time.
For changes involving f5’s, Network Administration could create the configuration, and the NOC could
deploy the configuration using the EM. The implementer would need to access the EM, go to the staged
change, and then deploy the configuration.
The staged change also features a verification function, which tests and verifies the configuration
without implementing it. The verification can be done as a separate step prior to the implementation
deployment, or as a part of the deployment, or it can be skipped.
Device certificates can be monitored so that certificate approaching expiration can be identified
The EM displays the active / standby status of devices if they are in an HA pair
Reports can be generated that display conditions such as flapping pools and nodes
A devices inventory report can be generated and loaded as an excel spreadsheet with information on
each devices being monitored by the EM
Configuration Archives
The EM can create, compare, and store devices configuration archives (config.ucs), and can also restore
archives to a device.
Custom Lists
The device inventory of the EM can be grouped into specific custom lists (groups), such as SIT, POC,
INET, and the custom list used to narrow down results when identifying devices for upgrades, search for
configurations, and other functions.
A possible option for the SMWeb Load Balancer Manager (LBM) functions for teams such as Windows
The SMWeb LBM is used as a tool for the Windows team to view the status of specific pools, and also
enable and disable pool members of specific pools on specific devices. EM may be able to be used for
similar functions as well.
Network requirements
The EM uses a standard VLAN 250 management connection. A dedicated TTM connection is
recommended for connection to the remote devices.
The EM can communicate with the non-IET devices with little setup required. The EM is used to add
devices to the EM device inventory.
A data collection agent update is required on the remote devices, and this can be done using the EM.
This updated is not service affecting
Firewall ACL updates will be needed for the EM to communicate to the f5’s in the INET space.
All EM testing was performed using the VLAN 250 management interface on lab, SIT and POC devices.
You incorporate Enterprise Manager™ into your network as you would any F5 Networks device.
However, because it requires bilateral communication with each device for successful management,
Enterprise Manager must have open communication with your devices and be able to translate a device's
IP address into an address it can use. The most common network configurations for address translation
are:
For Enterprise Manager™ to properly manage devices, the following ports are open by default to allow for
the required two-way communication.
OPEN PURPOSE
PORT
443 For communication between managed devices and the Enterprise Manager system, for the purpose of device
management.
4353 For communication between Enterprise Manager and a managed device's big3d agent, for the purpose of
statistics collection.
3306 For communication between Enterprise Manager and a remote statistics database, for the purpose of storing
and reporting statistics.
Tip: Place the Enterprise Manager system on a management subnet that is separate from traffic
management to keep device management and communication independent from traffic management
activities.