F5 BIG-IP Deployment with CUCM and Spectralink XML

Vocera Platform connects through the F5 ADC to interface with these external systems.

In the Third-Party ADC Deployment Model diagram, there are network elements which will connect to the ADC instead of directly connecting with Vocera Platform; instead the system connects through the ADC to interface with the external systems. For example, external systems such as ResponderSync, TAP, and HL7 will all need to communicate with Vocera Platform, but they will connect directly to the ADC. From a network perspective, when the Vocera Platform connects to the external system (i.e., ResponderSync), the system sees the IP address of the ADC, not the IP address of the external system.

In most cases, the external system communication can be relayed through the ADC where the ADC controlls the IP address without any problems. For some systems, however, the external system's IP address is required for Vocera Platform functionality. With both CUCM and SpectraLink XML external systems, for example, the Vocera Platform needs the external IP address to correlate the registration status of a device with the external system. Normally, the Vocera Platform cannot access the external IP address, as the ADC address is proxied instead. In these cases, there is a special requirement that the Vocera Platform will need knowledge of the remote IP address for those devices that the Vocera Platform connects to.

The requirement is to configure BIG-IP to carry in its data payload the information for the remote address for the device. This configuration means that even though the direct connection is with the ADC and not the device, inside the data payload, encoded in the data, is the remote address ADDR of the device. Using the configuration shown below, the Vocera Platform can find the IP address, extract it, and marry it to the CUCM exchange. That way, when the system needs to communicate with the device directly, to change the registration status or send something to the device, then using the exact IP address that was encoded in the data payload, the correct device can be accessed.

The following configuration is required on the F5 BIG-IP server for both CUCM and SpectraLink XML adapters. The HTTP proxy (VIP on BIG-IP) is required to include X-Forwarded-For in the header.

On the Vocera Platform, navigate to Authentication Settings (Security > Authentication). In the "Trusted Proxy" field, enter the SNAT address of the VIP.

In BIG-IP, first create the virtual server. Specify the Name, Type, Source Address, Destination Address, Service Port, Protocol, Protocol Profile and HTTP profile fields, and then click the Update button.

Next, configure an iRule in BIG-IP: Navigate to Local Traffic > iRules > iRules List, and then click Create.

Finally, the header insert, shown in line 3 in the Properties window, is used to configure BIG-IP to carry in its data payload the information for the remote address for the device. The HTTP proxy (VIP on BIG IP) is required to include X-Forwarded-For in the header.