Setting up ConfigSync and failover addresses and adding device to a device trust

Hi, this is Andy from AskF5, and today
I’ll be showing you how to add configuration synchronization and
failover address to a device and how to add that device to a device trust. Before
you can create a device group, you need to setup your configuration
synchronization or ConfigSync addresse and the failover IP address for each
system that you want to include in your device group. Before setting up a device
group and adding devices, it’s a good idea to force the new BIG-IP devices offline. This prevents them from becoming active before they are properly synchronized. To
do so, on the new device, log in to the Configuration utility, go to Device
Management>Devices. Select the host name of the local device and select Force
Offline. Then select OK to confirm. Next, configure your ConfigSync and
failover addresses. Select the ConfigSync tab for local address, select the
self IP address you want to use for synchronization, then select Update. F5
recommends that you use a self IP address on a dedicated VLAN for device
group communication and the management address for high resiliency network
failover, so select the Failover Network tab and select Add for address. Select
the self IP address you want to use for failover. Select Repeat. Select the
management address for the device, then select Finished. After you’ve configured
your ConfigSync and failover addresses on all the devices you want to add to
your device group you need to add each one of them to the same device trust.
When you add a device to the device trust, you specify the device as a peer
or a subordinate. The difference between the two is that a peer can sign
certificates if the signing authority device is not available but a
subordinate device cannot. In a typical high availability configuration with two
BIG-IP devices in a device group, you’ll likely want both devices designated as
peers. To establish device trust, log in to the Configuration utility on one of the
devices in the device group and join the other members to that devices local
trust domaine so that the devices can exchange their properties and
connectivity information. After you log in to the Configuration utility,
go to Device Management>Device Trust>Local Domain, select the Device Trust
Members tab, and select Add. In the Device Type list, select Peer or Subordinate as
appropriate for configuration for this demonstration I’ll choose Peer. Type the
management IP address and the administrator username and the password for the remote device, and then select Retrieve Device Information. Verify the device
certificate for the remote device and select Device Certificate Matches. Then select Add Device. Repeat these
steps to add the other members of the local trust. Finally you need to
release any devices you forced offline earlier. To do this, go to Device
Management>Devices, select the host name of the local device, select Release
Offline, and select OK to confirm. That’s it! For steps on how to set up your
device group watch the Creating a device group video. If you have any other
questions you’d like to see answered on this channel, leave us a comment or send
us an email. Thanks for watching

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2019 Explore Mellieha. All rights reserved.