Product Compatibility Matrix for KTS and Key HSM

Learn about the recommended hardware and supported distributions for Key Trustee Server and Navigator Key HSM.

Key Trustee Server

Because of a change in the ports used by Key Trustee Server, Navigator Encrypt versions lower than 3.7 and Ranger KMS versions lower than 5.4 are not supported in Key Trustee Server 5.4 and higher.

Recommended Hardware and Supported Distributions

Key Trustee Server must be installed on a dedicated server or virtual machine (VM) that is not used for any other purpose. The backing PostgreSQL database must be installed on the same host as the Key Trustee Server, and must not be shared with any other services. For high availability, the active and passive Key Trustee Servers must not share physical resources.

The recommended minimum hardware specifications are as follows:

  • Processor: 1 GHz 64-bit quad core
  • Memory: 8 GB RAM
  • Storage: 20 GB on moderate- to high-performance disk drives
Table 1. Cloudera Navigator Key Trustee Server Compatibility Matrix
Cloudera Navigator Key Trustee Server Version Supported Operating Systems Lowest Supported Cloudera Manager Version Lowest Supported Cloudera Navigator Key HSM Versions Supported Ranger KMS Versions Supported Cloudera Navigator Encrypt Versions
7.1.9
  • RHEL and CentOS: 8.8, 8.8 with FIPS, 8.6, 8.4, 8.2, 7.9, 7.8, 7.7, 7.6, 7.5, 7.4, 7.3, 7.2, 6.10, 6.9, 6.8
  • Oracle Linux: 7.5, 7.4, 7.3, 7.2, 6.10, 6.9, 6.8
7.x 7.x 7.x 7.x
7.x
  • RHEL and CentOS: 8.6*, 8.4**, 8.2**, 7.9, 7.8, 7.7, 7.6, 7.5, 7.4, 7.3, 7.2, 6.10, 6.9, 6.8 (* RHEL and CentOS 8.6 is supported only for 7.1.8) (** RHEL and CentOS 8.4 , 8.2 are supported only for versions 7.1.7 and higher.)
  • Oracle Linux: 7.5, 7.4, 7.3, 7.2, 6.10, 6.9, 6.8
7.x 7.x 7.x 7.x

Cloudera Navigator Key HSM

Cloudera Navigator Key HSM must be installed on the same host as Key Trustee Server. Although Key HSM is compatible across all versions of Key Trustee Server, Cloudera strongly recommends also upgrading Key HSM after you upgrade Key Trustee Server. See Installing Cloudera Navigator Key HSM and Upgrading Cloudera Navigator Key HSM for more information.

Recommended Hardware and Supported Distributions

The following are prerequisites for installing Navigator Key HSM:

  • Oracle Java Runtime Environment (JRE) 8 or higher with Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files:
    • JCE for Java SE 8
    • OpenJDK 11
  • A supported HSM device:
    • Thales (formerly Safenet) Luna
      • v6
        • HSM firmware version: 6.2.1
        • HSM software version: 5.2.3-1
      • v7
        • HSM firmware version: 7.0.3
        • HSM software version: 7.2.0
    • SafeNet KeySecure
      • HSM firmware version: 6.2.1
      • HSM software version: 8.0.1, 8.1.0, 8.7.0
    • Thales nSolo, nConnect
      • HSM firmware version: 11.4.0
      • Client software version: 2.28.9cam136
    • AWS CloudHSM
      • Client software version: 1.1.1
  • Key Trustee Server 3.8 or higher

Root access is required to install Navigator Key HSM.

Table 2. Cloudera Navigator Key HSM Compatibility Matrix
Cloudera Navigator Key HSM Version Supported Operating Systems Lowest Supported Key Trustee Server Version
7.x
  • RHEL and CentOS: 8.6*, 8.4**, 8.2**, 7.9, 7.6, 7.5, 7.4, 7.3, 7.2, 6.10, 6.9, 6.8 (* RHEL and CentOS 8.6 is supported only for 7.1.8) (** RHEL and CentOS 8.4 , 8.2 are supported only for versions 7.1.7 and higher.)
7.x