Hardware and Software Requirements
For setting up a CCC server, you must have root level access to a Linux machine that meets the following hardware and software requirements:
Hardware Requirements
| CPU | Quad Core, 2 GHz+ |
| RAM | 4 GB+ |
| Free Disk Space |
30 GB, if you are using a local PostgreSQL database NOTE Database space requirements are dependent on the number of HSM devices that CCC server is monitoring. Each device can accumulate up to 850 MB of data over a three-month period. If you are using the Monitoring feature, you would need an additional 20 MB on each partition over a 90-day period. |
Operating System
| 64-bit CentOS | 7, 8 |
| 64-bit RHEL | 7, 8 |
NOTE If you are using CentOS 8 or RHEL 8, ensure that the SELinux status is set to permissive or disabled. For this you need to open the /etc/selinux/config file and set the SELinux status to permissive or disabled. Reboot your system after saving the file.
JDK
During installation, JDK will be automatically installed on your machine. In case you want to use JDK that is already installed on your machine, you'll be asked to provide the installation path.
NOTE CCC can use any version of Oracle JDK 1.8 or Open JDK 1.8, except 1.8-b144.
Database
|
PostgreSQL 9.5 PostgreSQL 9.6 PostgreSQL 10 |
CCC installer detects the presence of PostgreSQL irrespective of the version and if does not find any database on the machine, then it prompts for installation of PostgreSQL 10. |
|
Oracle 11g Oracle 12c Release 1 (12.1) Oracle 12c Release 2 (12.2) |
It is recommended that your organization employ a trained Oracle Database Administrator (DBA) to configure a CCC Oracle database. To complete the configuration, the DBA needs to follow the instructions contained in the Installing Oracle Database section. |
Root of Trust HSM
CCC supports the following HSM devices:
| Thales Luna Network HSM |
6.2.2 with firmware 6.24.9, 6.24.3, and 6.24.7 (recommended for FIPS compliance) 6.3 with firmware 6.24.7 (recommended for FIPS compliance) and 6.27.0 7.0 and 7.1 with firmware 7.0.1, 7.0.2, 7.1.0, 7.2, 7.3, and 7.3.3 (recommended for FIPS compliance) |
Managed Devices
The HSM devices managed by CCC must meet the following requirements:
| Model | Thales Luna Network HSM |
| Appliance Software |
6.2.2, 6.3 Up to 7.3, 7.4 (FM disabled for full CCC features), 7.4 (FM enabled for device monitoring only) NOTE Devices require REST API. |
| REST API for 6.x and 7.0 devices |
7.1.0 - 7.1.0-380 7.2.0 - 7.2.0-221 7.3.0 - 7.3.0-166 7.4.0 - 7.4.0-228 NOTE REST API 7.0 is required for PUM and Apply/Support catalog features. |
| REST API for 7.1 devices | REST API is pre-installed on 7.1 devices and requires configuration |
| Firmware |
6.24.7 or higher for 6.x devices Up to 7.3-165 |
| Backup | Cloning or Key Export |
| Authentication | PED-authenticated or password authenticated. PED-authenticated devices must support remote PED |
Luna HSM Clients
Luna HSM client version 6.2.2, 6.3, 7.0, 7.1, 7.2, 7.3, and 7.4 including the LunaJCPROV software. The root-of-trust HSM you use determines the type of Luna HSM client you require.
NOTE Luna HSM client version 7.4 is backward compatible with only 7.x devices.
Requirements for CCC Features
| CCC Feature |
Requires Monitoring License |
Minimum SA Version | Minimum SA Firmware | Lunaclient |
| Service Provisioning |
|
6.x | 6.10.9 | 7.x |
| Security Officer Per Partition (PPSO) |
|
6.x | 6.10.9 | 7.x |
| Secure Trusted Channel (STC) | 6.2.1 | 6.10.9 | 7.x | |
| Device & Service Reports | 6.x | - | 7.x | |
| Import Services | 6.x | - | 7.x | |
| Device Monitoring, Dashboard & Notifications | Yes | 6.x | 6.10.9 | 7.x |
| Device Monitoring (Full) | Yes | 6.x | 6.20.0 | 7.x |
| Service Monitoring | Yes | 7.3 | 7.3.0 | 7.x |
| Device Logs | Yes | 6.x | 7.x | |
| Key Export | 6.x | 6.10.9 | 7.1 or above | |
| Active Directory Support | NA | NA | ||
| Apply SW Package | 7.3 | N/A | 7.x | |
| Update Firmware | 7.3 | N/A | 7.x |
Supported Browsers
CCC supports the latest versions of the following web browsers:
>Microsoft Edge
>Google Chrome
>Mozilla Firefox
When you are ready with a Linux machine that meets the hardware and software requirements for CCC, the next step involves Creating a Root of Trust.
