Cloud-Scale HSM and Key Management for BIG-IP and NGINX TLS

Fortanix DSM enables F5 customers can provide a single integrated HSM and key management solution across all the BIG-IP and NGINX deployment architectures

Download Solution Brief

cloud hsm

The TLS Encryption Challenge

Nearly 90% of all internet traffic is encrypted with TLS. F5 solutions including BIG-IP and NGINX provide SSL orchestration using TLS encryption, which requires a hardware security module (HSM) and key management system (KMS) to execute and protect the cryptographic operations and keys. The security of the network traffic passing through the F5 systems is only as strong as the system protecting and managing the encryption keys.


Decrypting and re-encrypting traffic is computationally intensive, requiring a scalable and high-performance encryption solution. Any delay in processing cryptographic operations, means slowing down network traffic passing through the F5 systems.

At the same time, more and more customers want to migrate from on-premises systems to F5 Cloud Software such as BIG-IP Cloud Edition and NGINX Plus in public cloud environments. When migrating to public cloud or in hybrid environments, the HSM and key management either need to be able to support both environments or you need to implement new encryption systems. Maintaining multiple HSM and key management systems is costly, complex, and increases the risk of security incidents.


Having an HSM and KMS that scale to meet the performance challenges, provide military grade protection and support a variety of on-premises and cloud environments is essential to the successful operation of F5 SSL/TLS services. 

fortanix for big ip and nginx on premises and cloud

Fortanix For BIG-IP and NGINX On-Premises

The Fortanix Data Security Manager (DSM) provides both a key management and HSM solution available as a FIPS 140-2 Level 3 appliance that integrates with on-premises BIG-IP and Cloud based NGINX deployments. The Fortanix appliance stores and manages all the SSL keys and performs crypto opera-tions when called by the F5 platforms.

Fortanix Key Management and HSM for Multi-Cloud Environments

The Fortanix Data Security Manager (DSM) provides both a key management and HSM solution available as a FIPS 140-2 Level 3 appliance or a virtual appliance that can run in private,hybrid or public cloud environments. In either case, Fortanix Data Security Manager integrates with BIG-IP and NGINX deploy-ment across multiple environment to store and manage all the SSL keys and performs crypto operations when called by the F5 platform. Customers can also leverage our HSM GW functionality to easily migrate their Keys from Legacy HSM’s to Data Security Manager as they migrate their solution to cloud.

Fortanix Key Management and HSM for Multi-Cloud Environments
Fortanix for BIG-IP Cloud and NGINX Plus on Microsoft Azure

Fortanix for BIG-IP Cloud and NGINX Plus on Microsoft Azure

The Fortanix Data Security Manager (DSM) provides both a key management and. HSM solution available as a FIPS 140-2 Level 3 appliance or a virtual appliance running that can run in public cloud environments such as Microsoft Azure. In either case, Fortanix Data Security Manager integrates with BIG-IP and NGINX deployment across multiple cloud environment to store and manage all the SSL keys and performs crypto operations when called by the F5 platform.

quote icon

To address the above requirements, I turned to one of F5’s partners and deployed the Fortanix Data Security Manager (DSM). The Fortanix DSM system checks all the boxes…

Gregory Coward Solutions Architect – Public Cloud, F5

quote icon
Background image

Ready to test Fortanix Runtime Encryption?

request a demo
fortanix dsm dashboard