Is it advisable to deploy LTM & ASM on one Box?

I've been discussing this with my F5 sales team. Basically its a matter of resources. In order for ASM to look at https traffic the traffic needs to be decrypted. If you are already doing ssl termination as part of the LTM, there's a lot to be said for having ASM on the same box so it only has to be unencrypted and reencrypted once. However doing the LTM function and the ASM function on the same box obviously takes more CPU/memory etc than just LTM.

 

Thanks for your reply Mark.

 

 

So Assuming CPU/memory is not an issue and if LTM is already doing SSL termination , then u mean it doesnt harm to put ASM on same box as traffic is already un-encrypted and ASM can inspect it directly (maybe makes the whole process faster). correct ?

 

 

Nik

Yes that is correct. Put another way, there's no conflict in functionality having them both on the same box, in fact they complement each other, you just have to make sure there's enough resources to run both

Hi Nik,

 

It's a widely asked question and I am glad you asked it on the forum, Putting LTM and ASM on the same BOX will not harm you at all... you just need to take care of one thing which is the correct sizing of the LTM model which will take care of the Memory and CPU utilization as correctly mentioned above by Mark. Just take into consideration the total throughput of your Traffic and you are on the right track... :)..

 

 

Regards,