Introduction:
The document will walk you through the setup of a custom F5 BIG-IP Health Monitor for use with VMware Identity Manager appliances when acting as nodes in a cluster.
Background:
In previous versions of documentation from VMware and F5 which discussed clustering of VMware Identity Manager with F5 BIG-IP load balancers, it was suggested to use the `http_head_f5` health monitor. However, due to security updates within VMware Identity Manager 2.8 and higher, the use of the aforementioned F5 BIG-IP health monitor is no longer a viable option. Because of this, many customers were using the `gateway_icmp` F5 health monitor as a temporary workaround. Unfortunately, this would allow the F5 BIG-IP to see a node as good even though it may only be responding to a ping, resulting in traffic failures and web pages failing to load for end users. Therefore, a better health monitor needed to be used.
Solution:
Working together, VMware and F5 come up with a validated custom health monitor using built-in VMware Identity Manager APIs to determine if the node (or appliance) in question is properly responding.
The basic F5 health monitor information is as follows:
Send String:
GET /SAAS/API/1.0/REST/system/health/heartbeat HTTP/1.1\r\nHost: <LB_FQDN>\r\nConnection: Close\r\n\r\n
NOTE: Remove the "<>" if you copy/paste into your health monitor.
Receive String:
ok$
Receive Disable String:
404
Creation Procedure:
Here is how to create this within the F5 BIG-IP.
GET /SAAS/API/1.0/REST/system/health/heartbeat HTTP/1.1\r\nHost: <LB_FQDN>\r\nConnection: Close\r\n\r\n
ok$
404
Now you need to assign this to the VMware Identity Manager Pool for the F5 BIG-IP virtual server to utilize.
NOTE: Make sure you do this part during off-hours or scheduled down time.
Conclusion:
Now you can rest assured the F5 BIG-IP is properly monitoring your VMware Identity Manager cluster to determine which nodes are live and which are not!
Acknowledgements:
Big thanks to F5's Matt Mabis for helping us work through these settings and to VMware's Michael Almond and Karen Zelenko for guidance and support in testing this.
Document was edited by Dean Flaming April 26th, 2017 to correct the Receive String when heartbeat is not showing "ok" and correct the Receive Disable String when appliance is showing 404.
Document was edited by Dean Flaming November 6th, 2018 to correct the steps not showing correctly due to format issues.