Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Administrative Partitions

I have a client that wants to co-manage the F5. Their intent is to be able to add/remove VIPS, Pools, Members Irules and monitors.

The question that I have is this, is there a way that this partition can be done to ensure that there is nothing that the client can do as a co-manager to the F5 that would affect the other clients on the device.

The client has suggested a container type access, but I think that if they were to create a script and or Irule that pointed to something outside their partition and it was wrong it would affect the whole network.

Need some advice, Thank you

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Following are a few links about partitions on the bigip. Gives details about the object access across partitions.

http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos-concepts-11-4-0/8.html

http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos-concepts-11-2-0/tmos_partitions_and_folders.html

0
Comments on this Answer
Comment made 15-Apr-2014 by ShaneI 0
We would like to give external users who are a member of a specific AD remote group access (via the same or different roles) to two different partitions. How can this be done?
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

I would avoid giving admin rights to people who do not really understand how these devices work. A rogue "para-admin" could do things that will ruin the performance of the whole box easily. Also there is no locking to prevent administrative tasks from being carried out simultaneously. And just think how you can manage backing up of the conf in such a situation and know what has changed?

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Partitions are also a pain to deal with in general. If the client wants to manage the F5 get them a VE edition and give them access.

0