Hardware and Software Requirements
To ensure a successful installation of the latest version of CCC, please make sure that your system meets the following hardware and software requirements:
Hardware Requirements
| Component | Minimum Requirements |
|---|---|
| RAM | 8 GB |
| Free disk space | 50 GB Database space requirements depend on the number of HSM devices that CCC is monitoring. Each device can accumulate up to 850 MB of data over a three-month period. If you are using the Monitoring feature, you would need an additional 20 MB on each partition over a 90-day period. |
Operating System
| OS | Supported Versions |
|---|---|
| Linux | The compatibility of the CCC application with different Linux distributions is contingent upon the specific containerization mechanism being utilized (Podman, Kubernetes, or Helm). Both Podman and Kubernetes have some specific requirements regarding the version of the Linux kernel and other dependencies. Therefore, it is recommended to consult the official Podman documentation or the official Kubernetes documentation to ensure that all requirements are met and to identify any potential compatibility issues. |
Container Management Tools
| Tool | Supported Versions |
|---|---|
| Podman | 4.1.1 and above |
| Kubernetes | 1.26.0 and above |
| Helm | 3.11.1. and above |
Compatibility Matrix for Luna Network HSMs
This matrix provides the valid combinations of software and firmware versions for Luna Network HSMs when used with CCC. Ensuring compatibility between your HSM’s software and firmware versions is essential for properly configuring and managing devices as either a root of trust HSM or a managed HSM within CCC. To maintain optimal performance and security, always ensure your device is running compatible versions and apply any required patches. Regularly updating your HSM's firmware and software according to these guidelines will help ensure full access to CCC features and prevent compatibility issues.
| SW Version | FW Version | Remarks |
|---|---|---|
| 7.0.0 | 7.0.1, 7.0.2, 7.1.0, 7.2, 7.3, or 7.3.3 | |
| 7.1.0-380 | 7.0.1, 7.0.2, 7.1.0, 7.2, 7.3, or 7.3.3 | Requires specific patches to address known domain management issues. |
| 7.2.0-221 | 7.2.0 | Requires specific patches to address known domain management issues. |
| 7.3.0-166 | 7.3.0, 7.3.3 | Requires specific patches to address known domain management issues. |
| 7.4.0-228 | 7.4.0, 7.4.2 | Requires specific patches to address known domain management issues. |
| 7.7.0 | 7.7.0 | |
| 7.7.1 | 7.7.1 | |
| 7.8.1 | 7.7.1, 7.8.1 | |
| 7.8.3 | 7.7.1, 7.8.2 | |
| 7.8.4 | 7.7.1, 7.8.4 | Requires upgrading to build 7.8.4-350 to use CCC. |
| 7.8.5 | 7.7.1, 7.8.4, 7.8.7 | Requires upgrading to build 7.8.5-20 to use CCC. |
| 7.9.0 | 7.8.4, 7.8.9 | |
| 7.9.1 | 7.9.0 |
Devices must support REST API version 7 or higher to be compatible with CCC and to access all its features.
To fully utilize all features of CCC, ensure the device is in a non-FM state, FM-ready state, or FM-disabled state. In these states, the device can access all CCC features without restrictions. However, if the device is in an FM-enabled state, access will be limited to the device monitoring feature only. This restriction occurs because the active FM imposes certain operational constraints, limiting the availability of other CCC features for security and compliance reasons.
Devices can use either PED authentication or password-based authentication. Additionally, PED-authenticated devices must support remote PED functionality to enable remote operations without needing direct physical access to the PED.
CCC requires Luna Client version 7.1 or higher for compatibility with ccc_client.jar. However, for optimal performance and enhanced support, it is recommended to use Luna Client version 10.x or later.
For users running version 7.8.4, it is important not to regenerate the certificate, as the issue is resolved in the 7.8.4-350 REST API patch. You can verify your appliance version by running the hsm appliance-version command, and confirm that you are on version 7.8.4 with build number 350. If the build number is not 350, download and apply the 7.8.4-350 REST API patch from the support portal. Similarly, if you are on the 7.8.4-254 GA release, you should upgrade to the 7.8.4-350 build.
For users on version 7.8.5 and above, if you are on the 7.8.5-16 GA release, you should upgrade to the 7.8.5-20 build. After upgrading or applying the patch, ensure that the existing certificate is retained without regeneration.
CCC Feature-Specific Requirements
Some CCC features require a minimum HSM software and firmware version. Versions equal to or later than the ones listed below are supported.
| Feature | Minimum SW Version | Minimum FW Version |
|---|---|---|
| Device Monitoring | 7.3.0 | 7.3.0 |
| Apply SW Package | 7.3.0 | 7.3.0 |
| Update Firmware | 7.3.0 | 7.3.0 |
| Service Monitoring | 7.4.0 | 7.4.0 |
The versions listed are minimum requirements.
Ports
Below is the list of network ports required for CCC to operate correctly. These ports support communication between CCC, managed HSM devices, and internal CCC services such as authentication, clustering, and the database. All required ports must be reachable through your network and firewall rules for CCC to function properly.
| Port | Protocol | Service/Feature | Required | Direction/Flow |
|---|---|---|---|---|
| 22 | TCP | SSH – Secure Shell | Yes | CCC to HSM |
| 1792 | TCP | NTLS – Network Trust Link Service | Yes | CCC to HSM |
| 5656 | TCP | STC – Secure Trusted Channel | Yes | CCC to HSM |
| 8443 | TCP | REST API Web Server for HSM Management | Yes | CCC to HSM |
| 8180 | TCP | Keycloak Identity Server for Authentication | Yes | Users to CCC |
| 8181 | TCP | CCC Web Server for User Interface and API | Yes | Users to CCC |
| 5432 | TCP | PostgreSQL Database Server | Yes | CCC Application Server to CCC Database |
| 54321 | TCP | PostgreSQL Health Check Port for HA Deployments | Yes | CCC Application Server to CCC Database |
| 7800 | TCP | Keycloak Clustering for HA Deployments | Yes | Keycloak to Keycloak |
| 30036 | TCP | CCC Web Server* | Yes | Users to CCC |
| 30037 | TCP | Keycloak Identity Server* | Yes | Users to CCC |
*These ports are used only when CCC is deployed using Kubernetes with Helm.
Supported Browsers
CCC supports the following web browsers:
-
Microsoft Edge
-
Google Chrome
-
Mozilla Firefox
