This article applies to vTM 9.2 and above.
The vTM software variant supports SSL hardware based on the RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki), such as the Thales e-Security nShield Connect and Oracle's SCA 6000 card. It also supports various Cavium PCI cards (CN 1000 and CN 2000 series) with a dedicated driver.
The Virtual Appliance supports the Thales e-Security nShield Connect and the nCipher netHSM network attached HSMs.
This arrangement offloads SSL computation (the RSA private key decryption) from the traffic manager system’s CPU onto the SSL cryptographic hardware. Some PKCS#11 devices also provide hardware key management, so that the private key is stored securely on the hardware device and cannot be accessed directly without the correct authentication.
Note: As RSA cryptographic operations being performed on the SSL cryptographic hardware are outside of the Stingray FIPS 140-2 Cryptographic Boundary, you should independently ensure that the SSL cryptographic hardware is sufficiently conformant to FIPS 140-2 for your requirements.