Ability to configure SSL on Data Aggregator so that all end-user and administrator desktop access to port 8581 is SSL encrypted.
I agree. Typically, users don't interact with the DA. However, RESTful administration actions would be performed from an admin's workstation and it's not unreasonable to expect restrictions between the two subnets. A good option is to allow existence of HTTP and HTTPS at that interface; network admins can require HTTPS for requests from the admin subnet, while traffic between DA and PC can continue unencrypted.