Hardware and Software Requirements
To ensure a successful installation of the latest version of CCC, please make sure that your system meets the following hardware and software requirements:
Hardware Requirements
| Component | Minimum Requirements |
|---|---|
| RAM | 8 GB |
| Free disk space | 50 GB Database space requirements depend on the number of HSM devices that CCC is monitoring. Each device can accumulate up to 850 MB of data over a three-month period. If you are using the Monitoring feature, you would need an additional 20 MB on each partition over a 90-day period. |
Operating System
| OS | Supported Versions |
|---|---|
| Linux | The compatibility of the CCC application with different Linux distributions is contingent upon the specific containerization mechanism being utilized (Podman, Kubernetes, or Helm). Both Podman and Kubernetes have some specific requirements regarding the version of the Linux kernel and other dependencies. Therefore, it is recommended to consult the official Podman documentation or the official Kubernetes documentation to ensure that all requirements are met and to identify any potential compatibility issues. |
Container Management Tools
| Tool | Supported Versions |
|---|---|
| Podman | 4.1.1 and above |
| Podman-Compose | 1.0.3 and above |
| Kubernetes | 1.26.0 and above |
| Helm | 3.11.1. and above |
Compatibility Matrix for Luna Network HSMs
This matrix provides the valid combinations of software and firmware versions for Luna Network HSMs when used with CCC. Ensuring compatibility between your HSM’s software and firmware versions is essential for properly configuring and managing devices as either a root of trust HSM or a managed HSM within CCC. To maintain optimal performance and security, always ensure your device is running compatible versions and apply any required patches. Regularly updating your HSM's firmware and software according to these guidelines will help ensure full access to CCC features and prevent compatibility issues.
| SW Version | FW Version | Remarks |
|---|---|---|
| 7.0.0 | 7.0.1, 7.0.2, 7.1.0, 7.2, 7.3, or 7.3.3 | |
| 7.1.0-380 | 7.0.1, 7.0.2, 7.1.0, 7.2, 7.3, or 7.3.3 | Specific patches are required for these versions to resolve known domain management issues. |
| 7.2.0-221 | 7.2.0 | Specific patches are required for these versions to resolve known domain management issues. |
| 7.3.0-166 | 7.3.0, 7.3.3 | Specific patches are required for these versions to resolve known domain management issues. |
| 7.4.0-228 | 7.4.0, 7.4.2 | Specific patches are required for these versions to resolve known domain management issues. |
| 7.7.0 | 7.7.0 | |
| 7.7.1 | 7.7.1 | |
| 7.8.1 | 7.7.1, 7.8.1 | |
| 7.8.3 | 7.7.1, 7.8.2 | |
| 7.8.4 | 7.7.1, 7.8.4 | To use CCC, it is essential to upgrade to the 7.8.4-350 build. |
| 7.8.5 | 7.7.1, 7.8.4, 7.8.7 | To use CCC, it is essential to upgrade to the 7.8.5-20 build. |
Devices must support REST API version 7 or higher to be compatible with CCC and to access all its features.
To fully utilize all features of CCC, ensure the device is in a non-FM state, FM-ready state, or FM-disabled state. In these states, the device can access all CCC features without restrictions. However, if the device is in an FM-enabled state, access will be limited to the device monitoring feature only. This restriction occurs because the active FM imposes certain operational constraints, limiting the availability of other CCC features for security and compliance reasons.
Devices can use either PED authentication or password-based authentication. Additionally, PED-authenticated devices must support remote PED functionality to enable remote operations without needing direct physical access to the PED.
CCC requires Luna Client version 7.1 or higher for compatibility with ccc_client.jar. However, for optimal performance and enhanced support, it is recommended to use Luna Client version 10.x or later.
For users running version 7.8.4, it is important not to regenerate the certificate, as the issue is resolved in the 7.8.4-350 REST API patch. You can verify your appliance version by running the hsm appliance-version command, and confirm that you are on version 7.8.4 with build number 350. If the build number is not 350, download and apply the 7.8.4-350 REST API patch from the support portal. Similarly, if you are on the 7.8.4-254 GA release, you should upgrade to the 7.8.4-350 build.
For users on version 7.8.5, if you are on the 7.8.5-16 GA release, you should upgrade to the 7.8.5-20 build. After upgrading or applying the patch, ensure that the existing certificate is retained without regeneration.
CCC Feature-Specific Requirements
Some features within the CCC require specific versions of the HSM software and firmware:
| Feature | SW Version | FW Version |
|---|---|---|
| Device Monitoring | 7.3.0 | 7.3.0 |
| Apply SW Package | 7.3.0 | 7.3.0 |
| Update Firmware | 7.3.0 | 7.3.0 |
| Service Monitoring | 7.4.0 | 7.4.0 |
Ports
Below is a list of essential ports for CCC deployment, each serving a specific purpose. It is crucial that these ports are accessible, ideally opened by default, to ensure seamless operation and connectivity within the CCC environment.
| Port | Protocol | Feature | Configurable | Session Initiated |
|---|---|---|---|---|
| 22 | TCP | Secure Shell (SSH) | Yes | Outbound |
| 1792 | TCP | NTLS (Network Trust Link Service) | No | Outbound |
| 5656 | TCP | Secure Trusted Channel (STC) | No | Outbound |
| 8443 | TCP | REST API Webserver | Yes | Outbound |
| 5432 | TCP | Postgres Server | Yes | Inbound |
| 8181 | TCP | CCC Webserver | Yes | Inbound |
Supported Browsers
CCC supports the following web browsers:
-
Microsoft Edge
-
Google Chrome
-
Mozilla Firefox
