Should F5 deprecate Device-Groups "device_trust_group" and "datasync-global-dg"?
Looking to gather some ideas and peer opinion before submitting a RFE. If you agree or disagree, or have a better proposal, please let me know below or just upvote/downvote this post.
Problem/Scope:
In newer versions of BigIP, HA configuration is polluted by 2 stationary vendor Device-Groups.
(since 11.6 it's visible in GUI, but has been around since 11.0 LTM)device_trust_group
(has been around since 11.6 ASM).datasync-global-dg
Both Device-Groups are essential for one or more HA-related functions. Functions of those Device-Groups can't be modified, those groups cannot be renamed or deleted; they are deployed without any user consent.
In v11.6 or later, a basic BigIP deployment that provisions LTM and ASM module with Network Failover enabled requires by minimum 3 separate Device-Groups. HA configuration is arguably one thing that has gotten needlessly troublesome in recent versions. In regards to day-to-day management, Config Sync for junior specialists has gotten more confusing (to which group I sync?)
Solution:
Clean and permanent removal. Hiding these Device-Groups under the carpet, away from user view is not a good workaround - ideally both are eliminated for good. Any functions they serve (no matter how essential) can also be offered as configuration options in user-defined Device Groups.
Regards,