1.5. Selecting an SSL Orchestrator Version¶
The F5 SSL Orchestrator is a feature module deployed on the industry-leading BIG-IP application delivery controller (ADC) platform. It can be provisioned on any F5 BIG-IP platform, including hardware appliances, VIPRION chassis, and Virtual Edition. There are two licensing options for SSL Orchestrator:
Standalone - the base functionality of the platform is the SSL Orchestrator. Standalone provides the additional add-on options:
- Access Policy Manager (APM) - for forward proxy authentication
- URL Category (subscription) - for URL-based TLS intercept/bypass decisions
- IP Intelligence (subscription) - for IP reputation-based classification
- Network HSM - for additional hardware-protected storage of private keys
LTM add-on - the base functionality of the platform is Local Traffic Manager (LTM) with SSL Orchestrator module added. The LTM base option provides all of the module configurations possible for LTM, including all of the above additional add-ons.
SSL Orchestrator functions the same in either license version on all platforms, with the following caveats:
SSL Orchestrator standalone is limited to the set of listed add-on options, and to the following platforms. If a platform is required that is not in this list, or module add-ons needed that are not allowed on SSL Orchestrator standalone, consider deploying the SSL Orchestrator add-on license with base LTM.
Platform Name Platform Type Platform ID i2800 Appliance C120 i4800 Appliance C115 i5800 Appliance C121 i7800 Appliance C118 i10800 Appliance C122 i11800 Appliance C123 i15800 Appliance D116 HP VE 8 CPU Virtual Edition Z100 HP VE 16 CPU Virtual Edition Z100
Chassis C2100 Chassis Blade C2200 Chassis Blade D114 C4400 Chassis Blade J100
Table 4: SSL Orchestrator standalone platforms
SSL Orchestrator standalone employs a limited set of LTM features, specifically:
- Security service pools are limited to 5 load balanced devices
- LTM limited provides a subset of advanced monitoring options
Layer 2 topology modes are limited to i5800 appliances and above, and B2250 and B4450 VIPRION blades. Layer 2 topology modes are not available on the following platforms:
- Virtual Edition
- Any vCMP deployment
Please see https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-virtual-wire-layer2-transparency-13-1-0/2.html for the complete list of supported layer 2 “virtual wire” platforms.
Existing Application topology mode is limited to the LTM add-on version of SSL Orchestrator.
Inline layer 2 services on VIPRION The following VIPRION chassis/blade combinations do not support inline layer 2 services:
- B2250 blade on 2400 chassis
- B4300 blade on 4800 chassis
- B4450 blade on 4480 chassis
This is due to a limitation in the number of MAC addresses provided to guests. Please see https://support.f5.com/csp/article/K14513 for additional information.
For additional information on installation, upgrade, licensing and provisioning, please refer to the following: