F5 BIG-IP and Cisco Ace Migration (Beta)
Kemp have developed a Migration Tool which allows Cisco ACE and F5 customers to easily migrate to the Kemp LoadMaster, keeping their Cisco ACE/F5 Virtual Service and Real Server configuration settings.
This tool is currently in beta.
The purpose of this document is to explain how to install and use migration tool.
This document is intended to be used by anyone who is interested in finding out further information and step-by-step instructions on how to use the LoadMaster migration tool.
Published with LMOS version 7.2.54 LTS. This document has not required substantial changes since 7.2.54 LTS. However, the content is in sync with the latest LoadMaster LTS firmware.
Before running the LoadMaster migration tool, the following prerequisites must be in place:
A working and licensed LoadMaster. This can be a Free Virtual LoadMaster, a 30 Day Trial or a purchased product.
A backup of the ACE/F5 configuration. Refer to the Cisco ACE/F5 documentation for instructions on how to back up the existing configuration.
Refer to the sections below for information and instructions on using the LoadMaster Migration Tool.
The LoadMaster Migration Tool is currently in beta and will only migrate the following settings:
- Virtual Address
- Real Server health check (either ICMP or HTTP)
- Real Server Address
The tool comes in the form of an OVF file. To install the tool, simply deploy the OVF file in your chosen hypervisor. Apache Tomcat and the application .war file are pre-installed on the OVF file.
When the OVF file finishes deploying, power on the Virtual Machine. An IP address will be automatically obtained if a DHCP server is set up. There is no browser on the Virtual Machine, so the tool needs to be accessed from outside of the Virtual Machine. To access the tool, go to the following link (on a machine that has access to the network):
The Tomcat Server IP address is the IP address of the Virtual Machine. The IP address will be automatically obtained when the Virtual Machine is installed. To later retrieve the IP address, run the ifconfig command.
If prompted, to log in to the Virtual Machine, the default credentials are:
This password can be changed as needed.
Before using the tool, take a backup of the ACE/F5 configuration.
A number of files are contained in the ACE backup. The one that needs to be uploaded to the migration tool is called Admin_startup.
For F5, the .ucs backup file can be used. The Migration Tool does not currently support encrypted backups. This is something Kemp plan to add support for in the future. When creating a backup from an F5 machine there is an option to encrypt it (using a passphrase). In order to use the LoadMaster Migration Tool, an unencrypted backup file must be used.
When you have the required backup file, follow the steps below:
1. Go to the LoadMaster Migration Tool.
2. Click Choose File.
3. Browse to and select the backup file.
4. Click Convert File.
5. The tool will save a zip file containing three separate files:
- A LoadMaster backup file that can be used to restore the ACE/F5 settings onto a LoadMaster
- Two files containing API commands (one for PowerShell and one for RESTful API) which can be run to configure the relevant settings on the LoadMaster to make it consistent with the ACE/F5 setup
6. Unzip the file:
- If using Linux, in the terminal - go to the folder which contains the downloaded file and run the following command:
- If using Windows, unzip the file normally using a tool such as 7-Zip.
Refer to the sections below to find out how to apply the configuration settings to the LoadMaster from these files.
Logs are recorded during the conversion process. Various items are logged, such as:
An activity log itemizing what the tool is doing at each stage of the process
A list of items that are eligible for conversion
A list of items which are detectable by the tool but are not eligible for conversion
Any errors or issues that occur with processing eligible items
To access these logs, navigate to the following file in the Virtual Machine:
For assistance with transferring any settings that were not converted, please contact Kemp Support: https://kemptechnologies.com/support
The three different files (contained in a zip file) which are output from the LoadMaster migration tool provides three different options for applying the settings to the LoadMaster.
Refer to the relevant section below to find out how to apply the settings.
One of the files output from the LoadMaster migration tool is a LoadMaster backup file. This backup file can be restored on the LoadMaster. The steps below outline how to restore the backup file on the LoadMaster:
1. In the main menu of the LoadMaster Web User Interface (WUI), go to System Configuration > System Administration > Backup/Restore.
2. Click Choose File.
3. Browse to and select the backup file.
The backup file must be stored on the machine that you are using to access the LoadMaster migration tool interface.
4. Select the VS Configuration check box.
5. Click Restore Configuration.
6. Click OK.
Two files containing API commands are output from the migration tool - one containing RESTful API commands, and one containing PowerShell commands. Before either type of command can be run, the API interface must be enabled on the LoadMaster. To enable the API interface on the LoadMaster, follow the steps below:
1. In the main menu of the LoadMaster WUI, go to Certificates & Security > Remote Access.
2. Select the Enable API Interface check box.
Now that the API interface has been enabled on the LoadMaster, both PowerShell and RESTful API commands can be run. Depending on which method you would like to use, refer to the sections below for instructions on how to run the commands.
A screenshot of an example RESTful API output file is above. In order for this to work with the LoadMaster, some items in the commands need to be replaced:
1fourall will need to be changed to the bal password
The IP address (that appears before /access) needs to be replaced with the relevant LoadMaster IP address
These commands can be run by entering them in a web browser address bar or via a cURL command. The commands should be run individually in the same order they appear in the file.
In the file, all commands appear on the same line. In order to execute the commands successfully, the commands need to be run individually. Each command starts with https://.
For more information on the RESTful API interface, refer to the RESTful API, Interface Description document.
A screenshot of an example PowerShell API output file is above.
Before running the PowerShell commands to set up the Virtual Services, the customer will need to run the Initialize-LoadBalancer command:
Initialize-LoadBalancer -Address <LoadMasterIPAddress> -Credential bal
When this command is run, a pop-up window appears asking to enter the Password for the bal account. Enter the password and click OK.
After the Initialize-LoadBalancer command has been successfully run, the customer can run the PowerShell commands which are in the LoadMaster tool output file.
In the file, all commands appear on the same line. In order to execute the commands successfully, the commands must be run individually, in the same order as they appear in the file.
For more information on the PowerShell API interface, refer to the PowerShell API, Interface Description document.
This document was last updated on 16 July 2021.