Thales integration

Question

I'm trying to understand how F5 uses the Thales HSM. It would appear to me that the F5 &nbsp;
(a) generates a key pair without using the HSM, storing locally (b) imports the private key only into the Thales HSM Security World&nbsp;
Given this understanding, I'm trying to understand the benefit derived from using the Thales HSM?&nbsp;
(a) The HSM hardware isn't being used for random number generation! (b) The private key exists out with the HSM Security World!&nbsp;
Seems less than ideal to me? or am I missing something?&nbsp;

kevin_stewart · Answer

An incorrect assumption.&nbsp;
The integration allows the BIG-IP to access key functions of the Thales, so key generation is actually happening on the Thales itself, and the "key" in the BIG-IP keystore is simply a pointer to the Thales protected key. Here's more information:&nbsp;
https://support.f5.com/content/kb/en-us/products/big-ip_ltm/manuals/product/bigip-fips-thales-12-0-0/_jcr_content/pdfAttach/download/file.res/BIG-IP_System_and_Thales_HSM__Implementation.pdf&nbsp;

Forum Discussion

Thales integration

1 Reply

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

F5 Software Downgrade from version 17.x.x to 15.x.x

Error diskmonitor

CPU utilization of F5OS on r2600

sslprovide (--f5 ssl) does not generate CLIENT/SERVER_TRAFFIC_SECRET on server-side TLS traffic

Hardware replacement i2800 to r2600

Related Content

Identity-centric F5 ADSP Integration Walkthrough

Making Mobile SDK Integration Ridiculously Easy with F5 XC Mobile SDK Integrator

F5 Distributed Cloud Kubernetes Integration: Securing Services with Direct Pod Connectivity

F5 BIG-IP SSL Orchestrator and ReversingLabs Integration Guide

Integrating the F5 BIGIP with Azure Sentinel

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS