Updated: 7/22/09 3:07 PM
Note: This Solution only applies to BIG-IP platforms that contain a switch card control processor (SCCP). The BIG-IP platforms affected include the 1500, 3400, 4100, 6400, 6800, 8400, and 8800 platforms.
When deploying devices remotely, F5 Networks recommends the following remote administrative practices:
- Configuring serial console access to the unit
- Configuring the management port on a separate secure management network
- Configuring the SCCP with an additional IP address on the same network as the management port
- Configuring a PXE server on the management network
Configuring serial console access to the unit
Serial console access provides the most highly available method of access to the device. In the event that network access is impaired, the serial console may be the only way to access the device. F5 Networks recommends that you perform all installations and upgrades using the serial console. These procedures require reboots; therefore, network connectivity will be temporarily lost. Performing upgrades and installations using the console allows you to accurately track the progress of the installation, and help prevent interruptions. Additionally, the serial console is the most robust method to secure access during configuration lockout situations.
Note: For diagnostic purposes, F5 Networks may request serial console output. Some system events that do not log to the file system may log to the serial console.
Console access is provided by a terminal server, which usually contains several serial interfaces used to connect to the serial console outputs of devices. These devices typically consist of a PC with a single or multi-port serial interface card, or specialized hardware made for this specific purpose. Consult your Solution's documentation for assistance with the configuration.
Note: For more information about which settings are required for accessing the serial console, refer to SOL7683: Connecting a serial terminal to a BIG-IP system.
A null modem cable is required to connect to the serial console.
Note: For more information about the serial terminal cable requirements, refer to SOL587: Pinouts for serial terminal cables used to connect to F5 products.
Important: The failover cable provided with redundant BIG-IP systems has custom pinouts and cannot be used for connecting to the serial terminal on a BIG-IP system.
Configuring the management port on a separate secure management network
F5 Networks recommends configuring the management on a secure management network. The management port is the only port that is PXE enabled; therefore, it is vital to any recovery attempts. In addition, access to the management port is completely separate, and is not reliant on the Traffic Management Microkernel (TMM) or the main switchboard, which can be useful in certain troubleshooting situations.
Note: For more information, refer to SOL7312: Overview of the management port.
Configuring the SCCP with an additional IP address on the same network as the management port
F5 Networks recommends that you allocate an additional IP address on the same network as the management port for the SCCP. If providing serial console access through a console server is unattainable, F5 Networks recommends configuring an IP address for the SCCP. In the event that the host system becomes unreachable, but network connectivity using the management network is still available, you may gain partial access to the unit using the SCCP. At this point, you can perform a number of important recovery actions using the hostconsh command.
Note: For more information, refer to SOL3454: Overview of the SCCP and SOL3753: Configuring the switch card control processor so that it can be accessed over the network.
Note: For more information, refer to the BIG-IP Network and System Management Guide for your platform.
Configuring a PXE server on the management network
In the event of an unrecoverable file system or image corruption, F5 Networks may request a clean installation of the operating system. If the device is located remotely and someone is not readily available with a USB device, a PXE installation is a fast, reliable way to provide installation services.
Important: F5 Networks does not support the setup or use of any commercial PXE solutions. Consult your Solution's documentation and test thoroughly before deploying.
Note: The PXE installation requires a second machine other than the BIG-IP device to perform the installation. The second machine boots off of a CD created using the BIG-IP ISO image to provide an installation server for the BIG-IP device to access. Usually, this second machine is a laptop or other device on the network, but if the BIG-IP device is remotely located, you may use a generic VMWare Linux host image. The VMWare Linux host image’s interface is bridged to the management network, which can then be dynamically brought up and down as needed. Using a VMware host also allows you to mount and boot from the ISO images directly without having to burning a CD first.
Note: For detailed information about performing a clean installation, refer to the BIG-IP LTM, ASM, GTM, Link Controller, or WebAccelerator Release Notes for the version you are installing.
Note: For more information, refer to SOL3525: Configuring the BIG-IP LTM, GTM, or ASM to boot from a network boot server and SOL3359: Network interface cards supported by the F5 Networks PXE network boot server.
For additional questions about providing the types of services described in this Solution, contact F5 Networks Professional Services.
沒有留言:
張貼留言