This is a simple single-NIC, single IP deployment, which means that both management traffic and data traffic are going through the same NIC and are accessible with the same IP address.
Before you can create this deployment, you need a license from F5. You can also get a trial license here. Also, we’re using BIG-IP VE version 13.0.0 HF2 EHF3 for this example.
Alright, let’s get started.
Open the console, go to Cloud Launcher and search for F5.
Pick the version you want.
Now click Launch on Compute Engine.
I’m going to change the name so the VM is easier to find… For everything else, I’ll leave the defaults.
And then down under firewall, if these ports aren’t already open on your network, you can open 22, which you need so you can use SSH to connect to the instance, and 8443, so you can use the BIG-IP Configuration utility—the web tool that you use to manage the BIG-IP.
Now click Deploy. It takes just a few minutes to deploy.
When you’re done, you can connect straight from the Google console. This screen cap shows SSH but if you use the browser window, you need to change the Linux username to admin in order to connect.
Once done, you’ll get that command line.
If you choose the gcloud command line option and then run in the gcloud shell, you need to put admin@ in front of the instance name in order to connect.
We like using putty so first we need to go get the external IP address of the instance. So I look at the instance and copy the external IP.
Then we go into Metadata > SSH keys to confirm that the keys are there. (Added earlier), Whichever keys you want to use to connect, you should put them here.
BIG-IP VE grabs these keys every minute or so, so any of the non-expired keys in this list can access the instance. If you remove keys from this list, they’ll be removed from BIG-IP and will no longer have access. You do have the option to edit the VM instance and block project-wide keys if you’d like.
Because my keys are already in this list I can open Putty now, and then specify my keys in order to connect.
The reason that we’re using ssh to connect is that you need to set an admin password that’s used to connect to the BIG-IP Config utility.
So I’m going to set the admin password here… (and again, you can do these same steps, no matter how you connect to the instance)
tmsh Command is: modify auth modify auth password admin
And then: save sys config to save the change.
Now we can connect and log in to the BIG-IP Config utility by using https, the external IP and port 8443. Now type admin and the password we just set.
Then we can proceed with licensing and provisioning BIG-IP VE.
A few other notes:
- If you’re used to creating a self IP and VLAN, you don’t need to do that. In this single NIC deployment, those things are taken care of for you.
- If you want to start sending traffic, just set up your pool and virtual server the way you normally would. Just make sure if your app is using port 443, for example, that you add that firewall rule to your network or your instance.
- And finally, you most likely want to make your external IP address one that is static, and you can do that in the UI by choosing Networking, then External IP addresses, then Type).
- If you need any help, here’s the Google Cloud Platform/BIG-IP VE Setup Guide and/or watch the full video.
This is a Security Bloggers Network syndicated blog post authored by psilva. Read the original post at: psilva's prophecies