Deploying F5 Insight Services on VMware ESXi / vSphere

This guide walks you through the process of deploying an F5 Insight Services virtual machine instance from a pre-built OVA image on VMware ESXi 7.x+ or vSphere.

Overview

F5 Insight Services is a comprehensive monitoring and analytics platform designed specifically for F5 BIG-IP devices. It delivers powerful capabilities to help you manage and optimize your infrastructure:

Benefits and Key Features

• Real-time Device Monitoring: Continuously monitors F5 BIG-IP devices at configurable intervals
• AI-Powered Insights: Leverages artificial intelligence to analyze metrics and provide intelligent recommendations
• Advanced Data Pipeline: Built on OpenTelemetry with Prometheus for metrics collection and ClickHouse for high-performance data storage
• Modern UI: Features a React-based dashboard with customizable visualizations
• External Grafana Integration: Seamlessly integrates with external Grafana instances for advanced dashboards and analytics

By following this guide, you will successfully deploy F5 Insight Services as a virtual machine on your VMware infrastructure using the pre-built OVA image, giving you immediate access to powerful monitoring and analytics capabilities for your F5 BIG-IP environment.

Prerequisites

Before you begin, ensure you have the following requirements in place:

VMware Environment Specifications

Your VMware infrastructure must meet these specifications:

Specification	Requirement
Platform Version	VMware ESXi 7.0+ or vCenter Server / vSphere Client 7.0+
Administrative Access	Administrative access to the ESXi host or vCenter
Storage	Datastore with at least 600GB of available space (thick provisioned)
Networking	Network port group configured with connectivity to BIG-IP devices

Minimum Hardware Requirements (F5 Insight VM)

Resource	Minimum Requirement	Notes
CPU	8 vCPUs	Dedicated analysis engines vary by workload; monitor and scale vCPUs as necessary.
Memory	16 GB RAM	Standard minimum for F5 Insight operations.
Disk Space	600 GB Total	Includes 500GB for initial installation and 100GB for OS and updates. The specified 500GB allocation for the initial installation supports approximately 50 BIG-IP instances. For every additional 50 BIG-IP instances, plan to add an incremental 500GB of storage.

Network Requirements

Ensure the following network connectivity:

Category	Requirement / Rule	Direction
External Access	Connectivity from F5 Insight to product.apis.f5.com:443 for “connected” license activation and updates. (optional if using Disconnected Mode Licensing) See Licensing and Entitlement for Disconnected Mode Licensing for environments that do not allow outbound internet access.	Outbound
External Access	Connectivity from F5 Insight to us.edge.df.f5.com:443 for F5 AI Data Fabric (AIDF) (optional)	Outbound
External Access	Connectivity from F5 Insight to OpenAI compatible/Anthropic server for LLM Insights (optional)	Outbound
Internal Access	Connectivity from F5 Insight to BIG-IP devices	Outbound
Internal Access	Connectivity from F5 Insight to OpenAI compatible server for LLM Insights (optional)	Outbound
Firewall (SSH)	Port 22	Inbound to F5 Insight
Firewall (HTTPS)	Port 443	Inbound to F5 Insight
Firewall (Mgmt)	Port 443	Outbound to BIG-IP Management Port

Access Requirements

• Valid my.f5.com credentials
• Admin credentials for your BIG-IP

Architecture Overview

F5 Insight Services operates as a collection of containerized microservices orchestrated by K3s, a lightweight Kubernetes distribution designed for resource-efficient deployments.

Key Components

Kubernetes Platform:

• K3s: Lightweight Kubernetes distribution (automatically installed)
• Helm: Package manager for Kubernetes (pre-installed)

Application Services:

• Container Images: All service images are pre-loaded during image build
• Persistent Storage: F5 Insight stores data in persistent storage

Download the F5 Insight OVA Image

Steps to obtain the OVA:

1. Navigate to my.f5.com credentials
2. Scroll down to the bottom of the page and choose f5insight-<version>.ova
3. Save the file to a location accessible from your browser or workstation

Deploy the OVA on vSphere / ESXi

Using the vSphere Client (Web UI - HTML5 GUI)

1. Open the vSphere Client

   1. Navigate to your vSphere or ESXi web interface:

   # vCenter: https://<VCENTER_HOST>/ui
   # ESXi: https://<ESXI_HOST>/ui
   

   2. Log in using your administrator credentials.

2. Start the OVF/OVA Deployment Wizard

   1. In vCenter: Right-click a host, cluster, or resource pool and select Deploy OVF Template
   2. In ESXi standalone: Click Create / Register VM, then select Deploy a virtual machine from an OVF or OVA file
   3. Click Next to proceed.

3. Select the OVA File

   1. Click Choose Files or drag-and-drop the OVA file into the wizard
   2. Browse to and select your f5insight-<VERSION>.ova file
   3. The wizard will parse the OVF descriptor and display the VM name
   4. Click Next

4. Name and Location

   1. Enter the VM name: f5-insight-01 (or your preferred name)
   2. Select the target datacenter or folder (vCenter only)
   3. Click Next

5. Select Compute Resource

   1. Select the ESXi host, cluster, or resource pool where the VM will run
   2. Click Next

6. Review Details

   1. Verify the OVA details: disk size, network, CPU, and memory
   2. Click Next

7. Select Storage

   1. Select the target datastore with at least 600GB of available space
   2. Set Virtual disk format to Thick Provision Lazy Zeroed (recommended for performance)
   3. Click Next

   Note

   Thick Provision Eager Zeroed offers slightly better write performance but takes longer during deployment as it zeroes all allocated blocks. Thick Provision Lazy Zeroed is a good balance for most deployments.

8. Select Networks

   1. Map the VM Network in the OVA to the appropriate port group on your ESXi host
   2. Select the port group that provides connectivity to both your management network and BIG-IP devices
   3. Click Next

   Note

   Choose the network port group that provides connectivity to your BIG-IP devices. Consult your network or vSphere administrator if unsure which port group to select.

9. Ready to Complete

   1. Review all deployment settings
   2. Do NOT check “Power on after deployment” - we need to adjust settings and set cloud-init guestinfo parameters first
   3. Click Finish

   Wait for the deployment task to complete. This may take several minutes depending on network speed and datastore performance.

Adjust VM Settings After Import

After the OVA deployment completes, review and adjust the VM settings to ensure they meet F5 Insight requirements.

1. Edit VM Settings
   1. Right-click the VM and select Edit Settings
2. Verify CPU
   1. Confirm CPU is set to 8 vCPUs
   2. If your host supports it, you can increase vCPUs for heavier workloads
3. Verify Memory
   1. Confirm Memory is set to 16 GB
   2. Uncheck Reserve all guest memory unless you want guaranteed memory allocation
4. Verify Disk Size
   1. Under Hard disk 1, confirm the disk size is 600 GB
   2. If the disk imported at a smaller size, increase it to 600GB
   3. Ensure Disk Provisioning shows Thick Provision
5. Verify Network Adapter
   1. Confirm the network adapter type is VMXNET3
   2. Confirm it is connected to the correct port group
   3. Ensure Connect At Power On is checked
6. Enable VMware Tools (Optional)
   1. Under VM Options > VMware Tools, check Sync guest time with host
   2. Click OK to save all changes

Configure Cloud-Init

F5 Insight uses cloud-init for initial user provisioning. On VMware ESXi / vSphere, you can pass cloud-init directly through VMware advanced VM parameters using guestinfo.userdata.

Prepare cloud-config and Base64 Encode

1. Create a local cloud-config.yml file:

   #cloud-config
   chpasswd:
     expire: false
     users:
       - name: admin
         # Change the password below to your desired password
         password: "F5ChangeM3"
         type: text
   

   Important

   Do not remove #cloud-config from the top of the file. This line is required for cloud-init to recognize the payload.

2. Base64-encode the file contents.

   Use one of the following options based on your platform:

   Warning

   Ensure the Base64 output is a single line with no extra spaces or line breaks, as it will be pasted directly into the vSphere advanced configuration.

   Windows uses unique newline characters (CRLF), so the encoding commands below normalize newlines to ensure compatibility with cloud-init’s expected format.

   # macOS (BSD base64)
   base64 -i cloud-config.yml | tr -d '\n'
   
   # Linux (GNU coreutils base64)
   base64 -w 0 cloud-config.yml
   

   # Windows PowerShell / PowerShell 7+
   [Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes(((Get-Content -Raw .\cloud-config.yml) -replace "`r`n?", "`n")))
   

   # Portable option (Python 3 on macOS/Linux/Windows)
   python -c "import base64,pathlib;d=pathlib.Path('cloud-config.yml').read_bytes().replace(b'\r\n',b'\n').replace(b'\r',b'\n');print(base64.b64encode(d).decode())"
   

   Optional browser helper:

   Download the cloud-config Base64 helper (HTML)

   Right-click the link above and select Save link as… to download the standalone helper page.

   Copy the single-line Base64 output; you will paste it into vSphere in the next step.

Configure guestinfo in vSphere UI

1. Open VM settings:

   1. In the vSphere Client, right-click the F5 Insight VM and select Edit Settings

2. Add VMware advanced configuration parameters:

   1. Select the VM Options tab

   2. Expand Advanced and click Edit Configuration

   3. Add:

      • guestinfo.userdata.encoding = base64
      • guestinfo.userdata = <PASTE_BASE64_FROM_PREVIOUS_STEP>

   4. Click OK to save

      Ensure the guestinfo.userdata value is a single line with no extra spaces or line breaks.

Start the VM

Once the VM settings are verified and guestinfo parameters are set:

1. Right-click the VM and select Power > Power On
2. Open the Console tab (or launch the web console / VMRC) to monitor the boot process

The VM will boot into F5 Insight and begin its first-boot initialization.

Initial VM Configuration

1. Wait for First Boot to Complete

   The F5 Insight VM runs an automated first-boot setup script that:

   • Initializes K3s cluster
   • Deploys all services via Helm
   • Configures persistent storage
   • Sets up secrets and certificates

   This takes approximately 5-10 minutes.

   Monitor the first boot progress:

   # SSH into the VM (use the IP address shown in the console or vSphere summary)
   ssh admin@<VM_IP_ADDRESS>
   
   # Watch the first boot logs
   sudo tail -f /opt/f5insight/logs/f5insight-startup.log
   
   # Check systemd service status
   sudo systemctl status f5insight-first-boot.service
   
   # When complete, you should see:
   # f5insight-first-boot.service - F5 Insight First Boot Setup
   # Loaded: loaded (/etc/systemd/system/f5insight-first-boot.service; enabled)
   #  Active: inactive (dead) since ...
   

   Note

   You can find the VM’s IP address in the vSphere Client under the VM’s Summary tab, or from the Console tab after boot.

2. Verify Services are Running

   # Check K3s status
   sudo systemctl status k3s
   
   # Check all pods in f5-insight namespace
   sudo kubectl get pods -n f5-insight
   
   # Expected output (all pods should be Running or Completed):
   # NAME                              READY   STATUS      RESTARTS   AGE
   # backend-xxxx                      2/2     Running     0          45s
   # cacher-xxxx                       2/2     Running     0          45s
   # clickhouse-0                      2/2     Running     0          44s
   # f5-insight-node-exporter-xxxx     2/2     Running     0          45s
   # f5-insight-postgres-0             2/2     Running     0          44s
   # f5-insight-postgres-init-xxxx     0/1     Completed   0          44s
   # f5-insight-vault-0                3/3     Running     0          44s
   # frontend-xxxx                     2/2     Running     0          45s
   # otel-collector-xxxx               2/2     Running     0          45s
   # system-manager-xxxx               2/2     Running     0          45s
   # victoriametrics-0                 2/2     Running     0          44s
   # vmagent-xxxx                      2/2     Running     0          45s
   # vmalert-xxxx                      2/2     Running     0          45s
   
   # Check services
   sudo kubectl get svc -n f5-insight
   

3. Verify Network Connectivity

   # Test external connectivity
   curl -I https://www.google.com
   
   # Check if VM can reach your BIG-IP devices
   ping <BIGIP_IP_ADDRESS>
   telnet <BIGIP_IP_ADDRESS> 443
   

Accessing F5 Insight Services

Once the VM is fully initialized, you can access the services:

Web Interface

Service	URL	Default Credentials
F5 Insight UI	https://<VM_IP>	Credentials provisioned via cloud-init

First Time Access

1. Open F5 Insight UI: https://<VM_IP>:443
2. Login with the credentials you configured in cloud-init

Post-Installation Configuration and Licensing

1. Login with your credentials to F5 Insight at https://<VM_IP>:443
2. Once you login, click “Get Started”
3. Input your JWT and click “Validate & Activate License”

Configure AI Provider API Keys

1. Select your LLM provider and fill in the corresponding credentials, then click “Save & Continue”
2. Insert your AIDF credentials. You can get the credentials from your account team. However, for now during beta, please click “Skip for Now”

Add BIG-IP Devices to F5 Insight

Once you press “Skip for Now” you will be greeted with a page to “Start Fresh” or “Import configuration from Existing Application Study Tool Instance.”

If you choose to “Start Fresh” you will have the option to add a CA, add devices via YAML, or add individual devices manually. In addition, you must choose which module or data you would like to see populated.

Note

We recommend using a CA when adding devices, but that configuration is optional.

Note

In addition, we are going to ask that you sort your BIG-IP devices by datacenter. Tagging of devices to a specific datacenter is crucial in providing timely alerts, cross comparison of performance, and much more.

If you choose to go the YAML route, please paste the appropriate configuration files when prompted.

Once done, you will be sent to the homepage.

Configure BIG-IP for Additional Application Logs/Telemetry

F5 Insight’s OTEL Syslog receiver will be listening on port 30514 for SSLO logs and iRule telemetry.

On BIG-IP (via TMSH or GUI):

# Create a pool for F5 Insight (replace <VM_IP> with your F5 Insight VM IP address)
tmsh create ltm pool f5insight_hsl_pool \
members add { <VM_IP>:514 } \
monitor tcp

# Create remote high-speed log destination
tmsh create sys log-config destination remote-high-speed-log f5insight_hsl \
pool-name f5insight_hsl_pool \
protocol tcp

# Create log destination for formatted messages
tmsh create sys log-config destination splunk f5insight_splunk \
forward-to f5insight_hsl

# Create log publisher to send logs to the destination
tmsh create sys log-config publisher f5insight_publisher \
destinations add { f5insight_splunk }

# Save the configuration changes
tmsh save sys config

Appendix: CLI-Only Deployment with ovftool

For administrators who prefer the command line, VMware’s ovftool can deploy an OVA directly to ESXi or vCenter without the GUI.

Install ovftool

Download ovftool from VMware’s developer portal (requires a Broadcom account):

# https://developer.broadcom.com/tools/open-virtualization-format-ovf-tool/latest

# Install per VMware's instructions for your platform

# Verify installation
ovftool --version

Deploy the OVA

# Variables - Customize these values

OVA="f5insight-<VERSION>.ova"
VM_NAME="f5-insight-01"
ESXI_HOST="<ESXI_HOST>"
ESXI_USER="root"
DATASTORE="<DATASTORE_NAME>"
NETWORK="VM Network"  # Your port group name
CLOUD_CONFIG_FILE="cloud-config.yml"

# Encode user-data as a single-line Base64 string for guestinfo.userdata
USERDATA="$(base64 < "$CLOUD_CONFIG_FILE" | tr -d '\n')"

# Option 1: Deploy directly to ESXi host

ovftool \
--name="$VM_NAME" \
--datastore="$DATASTORE" \
--network="$NETWORK" \
--diskMode=thick \
--powerOffTarget \
--allowExtraConfig \
--extraConfig:guestinfo.userdata.encoding="base64" \
--extraConfig:guestinfo.userdata="$USERDATA" \
--acceptAllEulas \
"$OVA" \
"vi://${ESXI_USER}@${ESXI_HOST}/"


# Option 2: Deploy via vCenter

VCENTER="<VCENTER_HOST>"
DATACENTER="<DATACENTER_NAME>"
CLUSTER="<CLUSTER_NAME>"

ovftool \
--name="$VM_NAME" \
--datastore="$DATASTORE" \
--network="$NETWORK" \
--diskMode=thick \
--powerOffTarget \
--allowExtraConfig \
--extraConfig:guestinfo.userdata.encoding="base64" \
--extraConfig:guestinfo.userdata="$USERDATA" \
--acceptAllEulas \
"$OVA" \
"vi://${ESXI_USER}@${VCENTER}/${DATACENTER}/host/${CLUSTER}/"

Note

You will be prompted for the ESXi or vCenter password. Add --password=<PASS> to skip the prompt (not recommended for shared scripts).

Post-Deploy CLI Steps

After deploying via ovftool, you still need to set cloud-init guestinfo parameters and adjust VM settings. The vSphere Client GUI is the most straightforward way to do this:

• Generate a Base64 cloud-config payload and set guestinfo.userdata and guestinfo.userdata.encoding (see the Configure Cloud-Init section above)
• Verify CPU, memory, disk, and network settings
• Power on the VM

Alternatively, if you have SSH access to the ESXi host:

# Find the VM ID
vim-cmd vmsvc/getallvms | grep f5-insight

# Power on the VM (after setting guestinfo via GUI)
vim-cmd vmsvc/power.on <VMID>

# Check power state
vim-cmd vmsvc/power.getstate <VMID>

# Get the VM IP (requires VMware Tools)
vim-cmd vmsvc/get.guest <VMID> | grep ipAddress

Note

For most post-deploy adjustments (CPU, memory, disk resize, guestinfo parameters), the vSphere Client GUI is more straightforward than CLI. The ovftool CLI is most useful for automating the initial OVA deployment step.