F5 BIGIP Management Pack

Community Management Pack for F5 BIGIP monitoring
Read More...

Introduction

Monitoring F5 BIGIP (the term 'firewall appliance' is used interchangeability) with OpsMgr is out of the box not possible. A few 3rd party companies offer professional Management Packs equip OpsMgr with this capability.

As F5 BIGIP offers REST and SNMP interfaces, self-authoring a Management Pack seemed to be a possible task.

Design

A Windows Server, taking the role of ‘F5 Monitoring Server’ queries firewall appliances via SNMP and REST.
A Scheduled Task is launching PowerShell scripts which perform the queries and storing the result in JSON files locally.
Discoveries and Monitoring scripts in the F5 MP are interpreting the JSON files to provide OpsMgr Topology and Health information.

F5 BIGIP Design Overview Diagram

Usage

Alert Views show details current breaches of configured threshold breaches:

F5 BIGIP Alert Views

State Views show the state of a particular item:

F5 BIGIP State Views

See the whole system by opening the Diagram View on "system":

F5 BIGIP Diagram View

Setup Guide

Settings on F5 BIGIP

In order to allow SNMP access, change to the SNMP Agent configuration and maintain the Client Allow List and specify the community settings (add F5 Monitoring Server IP Address):

Querying via REST is made possible by creating an user account and assigning it Auditor permissions to all Partitions.

Settings on F5 Monitoring Server

PowerShell version >= 5 on the ‘F5 Monitoring Server’ and on the OpsMgr Management Servers is required.
Install the 64 Bit toolset from net-snmp. Available as free and open source software through http://www.net-snmp.org. Current used version is: net-snmp-5.5-2.x64.exe
Set the following registry key on ‘F5 Monitoring Server’.
- The directory ‘FilePath’ needs to be created and be changed.
  - [HKEY_LOCAL_MACHINE\SOFTWARE\ABCIT\F5BigIPMonitoringServer]
    - "FilePath"="C:\\TEMP\\F5Monitoring"
- Set the RESTUsr and RESTPwd according to the values configured above for the access.
  - [HKEY_LOCAL_MACHINE\SOFTWARE\ABCIT\F5BigIPMonitoringServer]
    - "RESTUsr"="qryUsr"
    - "RESTPwd"="Passw0rd"
Maintain the Names and IP addresses of the F5 appliances in a CSV file name ‘F5-BigIP-Hosts.csv’ which must be placed in the path which is configured as ‘FilePath’, keep the header-row, e.g.:
- HostName,IPAddress
- vmva486,10.1.20.163
- vmva487,10.1.20.164
Create scheduled tasks on the ‘F5 Monitoring Server’ to launch both PowerShell scripts.
The more often the scripts are executed the earlier information is visible in OpsMgr; e.g. every 15 minutes
- F5-Discovery-rest.ps1
- F5-Discovery-snmp.ps1
Note: The directory specified in “FilePath” will be shared as a hidden share and made readable for Everyone. NTFS permissions are inherited. Ensure that the OpsMgr Management Server can access the file remotely.

Management Packs

Management Pack	Version
ABC.F5.BIGIP	1.0.0.115

Elements

TypeDefinitions

EntityTypes

ModuleTypes

UnitMonitorType (2)

Categories

Category (12)

Monitoring

Discovery (19)
Monitors

Presentation

Resources

Image (12)