Hardware and Software Requirements
For setting up a CCC 3.8.1 server, you must have root level access to a Linux machine that meets the following hardware and software requirements:
Hardware Requirements
CPU | Quad Core, 2 GHz+ |
RAM | 4 GB+ |
Free Disk Space |
30 GB, if you are using a local PostgreSQL database Database space requirements are dependent on the number of HSM devices that CCC server is monitoring. Each device can accumulate up to 850 MB of data over a three-month period. If you are using the Monitoring feature, you would need an additional 20 MB on each partition over a 90-day period. |
Operating System
64-bit CentOS |
CentOS 7.0 and above (CentOS 7.9 is recommended) CentOS 8.0 and above (CentOS 8.4 is recommended) CentOS should be configured for English language before starting the CCC installation process. |
64-bit RHEL |
RHEL 7.0 and above (RHEL 7.9 is recommended) RHEL 8.0 and above (RHEL 8.4 is recommended) RHEL should be configured for English language before starting the CCC installation process. |
If you are using CentOS 8.0 and above or RHEL 8.0 and above, ensure that the SELinux status is set to permissive or disabled. For this, you need to open the /etc/selinux/config file and set the SELinux status to permissive or disabled. Reboot your system after saving the file.
JDK
During installation, JDK will be automatically installed on your machine. In case you want to use JDK that is already installed on your machine, you'll be asked to provide the installation path.
CCC can use any version of Oracle JDK 1.8 or Open JDK 1.8, except 1.8-b144.
Database
PostgreSQL 9.5 PostgreSQL 9.6 PostgreSQL 10 |
CCC installer detects the presence of PostgreSQL irrespective of the version and if does not find any database on the machine, then it prompts for installation of PostgreSQL 10. |
Oracle 12c Release 1 (12.1) Oracle 12c Release 2 (12.2) Oracle 19c |
It is recommended that your organization employ a trained Oracle Database Administrator (DBA) to configure a CCC Oracle database. |
Root of Trust HSM
CCC supports the following HSM devices:
Thales Luna Network HSM |
6.2.2 with firmware 6.24.9, 6.24.3, or 6.24.7 (recommended for FIPS compliance) 6.3 with firmware 6.24.7 (recommended for FIPS compliance) or 6.27.0 7.0 with firmware 7.0.1, 7.0.2, 7.1.0, 7.2, 7.3, or 7.3.3 (recommended for FIPS compliance) 7.1 with firmware 7.0.1, 7.0.2, 7.1.0, 7.2, 7.3, or 7.3.3 (recommended for FIPS compliance) 7.7.0 with firmware 7.7.0 7.7.1 with firmware 7.7.1 |
Managed Devices
The HSM devices managed by CCC must meet the following requirements:
Model | Thales Luna Network HSM |
Appliance Software |
6.2.2, 6.3 Up to 7.3 7.4 (FM disabled for full CCC features), 7.4 (FM enabled for device monitoring only) 7.7.0 or 7.7.1 (FM disabled for full CCC features), 7.7.0 or 7.7.1 (FM enabled for device monitoring only) Devices require REST API. FM-enabled refers to devices that either have HSM policy 50 enabled at present, or had HSM policy 50 enabled in the past. FM-disabled refers to devices that neither have HSM policy 50 enabled at present, nor had HSM policy 50 enabled in the past. |
REST API for 6.x and 7.0 devices |
7.1.0 - 7.1.0-380 7.2.0 - 7.2.0-221 7.3.0 - 7.3.0-166 7.4.0 - 7.4.0-228 REST API 7.0 is required for PUM and Apply/Support catalog features. |
REST API for 7.1 and above devices | REST API is pre-installed on 7.1 and above devices and requires configuration |
Firmware |
6.24.7 or higher for 6.x devices Up to 7.3-165 7.7.0, 7.7.1 |
Backup | Cloning or Key Export |
Authentication | PED-authenticated or password authenticated. PED-authenticated devices must support remote PED |
Luna HSM Clients
-
Luna HSM client version 6.2.2, 6.3, 7.0, 7.1, 7.2, 7.3, and 7.4 including the LunaJCPROV software. The root-of-trust HSM you use determines the type of Luna HSM client you require.
Luna HSM client version 7.4 is backward compatible with only 7.x devices.
-
Luna HSM Universal Client version 10.3
To apply the latest Luna HSM Universal Client version 10.3 patch, CCC service must be restarted using the service ccc restart command.
Requirements for CCC Features
CCC Feature | Requires Monitoring License | Minimum SA Version | Minimum SA Firmware | Lunaclient |
Service Provisioning |
|
6.x | 6.10.9 | 7.x |
Security Officer Per Partition (PPSO) |
|
6.x | 6.10.9 | 7.x |
Secure Trusted Channel (STC) | 6.2.1 | 6.10.9 | 7.x | |
Device & Service Reports | 6.x | - | 7.x | |
Import Services | 6.x | - | 7.x | |
Device Monitoring, Dashboard & Notifications | Yes | 6.x | 6.10.9 | 7.x |
Device Monitoring (Full) | Yes | 6.x | 6.20.0 | 7.x |
Service Monitoring | Yes | 7.3 | 7.3.0 | 7.x |
Device Logs | Yes | 6.x | 7.x | |
Key Export | 6.x | 6.10.9 | 7.1 or above | |
Active Directory Support | NA | NA | ||
Apply SW Package | 7.3 | N/A | 7.x | |
Update Firmware | 7.3 | N/A | 7.x | |
Migrate Service | No | 6.2.2 | 6.24.3 | 7.2 or above |
Supported Browsers
CCC supports the following web browsers:
-
Microsoft Edge
-
Google Chrome
-
Mozilla Firefox
When you are ready with a Linux machine that meets the hardware and software requirements for CCC, the next step involves Creating a Root of Trust.