The TLS Encryption Challenge
Nearly 90% of all internet traffic is encrypted with TLS. F5 solutions including BIG-IP and NGINX provide SSL orchestration using TLS encryption, which requires a hardware security module (HSM) and key management system (KMS) to execute and protect the cryptographic operations and keys. The security of the network traffic passing through the F5 systems is only as strong as the system protecting and managing the encryption keys.
Decrypting and re-encrypting traffic is computationally intensive, requiring a scalable and high-performance encryption solution. Any delay in processing cryptographic operations, means slowing down network traffic passing through the F5 systems.
At the same time, more and more customers want to migrate from on-premises systems to F5 Cloud Software such as BIG-IP Cloud Edition and NGINX Plus in public cloud environments. When migrating to public cloud or in hybrid environments, the HSM and key management either need to be able to support both environments or you need to implement new encryption systems. Maintaining multiple HSM and key management systems is costly, complex, and increases the risk of security incidents.
Having an HSM and KMS that scale to meet the performance challenges, provide military grade protection and support a variety of on-premises and cloud environments is essential to the successful operation of F5 SSL/TLS services.
Fortanix For BIG-IP and NGINX On-Premises
The Fortanix Data Security Manager (DSM) provides both a key management and HSM solution available as a FIPS 140-2 Level 3 appliance that integrates with on-premises BIG-IP and Cloud based NGINX deployments. The Fortanix appliance stores and manages all the SSL keys and performs crypto opera-tions when called by the F5 platforms.
Fortanix for BIG-IP Cloud and NGINX Plus on Microsoft Azure
The Fortanix Data Security Manager (DSM) provides both a key management and. HSM solution available as a FIPS 140-2 Level 3 appliance or a virtual appliance running that can run in public cloud environments such as Microsoft Azure. In either case, Fortanix Data Security Manager integrates with BIG-IP and NGINX deployment across multiple cloud environment to store and manage all the SSL keys and performs crypto operations when called by the F5 platform.
To address the above requirements, I turned to one of F5’s partners and deployed the Fortanix Data Security Manager (DSM). The Fortanix DSM system checks all the boxes…
Gregory Coward Solutions Architect – Public Cloud, F5