What hardware do I need?

Hardware requirements depend on various factors related to the Application(s) you are analyzing and these must be considered:

  • Number of lines of code (LOC)
  • Number of objects after analysis
  • Number of violations after analysis
  • Technologies used
  • Number of users accessing results

Due to these different factors, it is difficult to make precise hardware recommendations, therefore what we provide in this page is indicative only. We provide these figures as a guide to the absolute minimum required to run CAST Imaging and your own configuration will likely require better hardware. Installations on machines with resources that are lower than the minimum required or that barely meet the minimum requirements will have the following limitations:

  • analysis runtime and SQL operations will be sub-optimal
  • you cannot run more than one application in parallel
  • disk space can be quickly overloaded
  • in some cases installers may be blocked from running

General

  • Physical or virtual machine(s)
  • CPU
    • Minimum 1 CPU / 2 cores:
      • Intel Core i5, 2.6 GHz
      • Intel Xeon, 2.2 GHz
    • Recommended 1 CPU / 4 cores:
      • Intel Core i7, 2.8 GHz
      • Intel Xeon, 2.6 GHz
  • 16GB RAM minimum (32GB RAM recommended) - note that the com.castsoftware.securityforjava extension requires a minimum of 32GB RAM
  • 256GB minimum free disk space (SSD or equivalent - using storage/disk with high IOPS values (i.e. SSD disks or SANs configured with SSD) will achieve better performance) - see also File storage for more detailed information.
  • Machines with fixed IP address / hostname recommended

See Example on-premises hardware configuration below

TCP ports

The following TCP ports are required:

CAST Imaging Console:

  • 2281: CAST Imaging Control Panel
  • 8090: CAST Imaging Gateway Service
  • 8091: CAST Imaging Console Service
  • 8092: CAST Imaging Authentication service
  • 8096: CAST Imaging SSO Service
  • 8098: CAST Imaging Control Panel

Node(s):

  • 8099: CAST Imaging Analysis Node

CAST Imaging Viewer:

  • 5000: Neo4j
  • 6372: Neo4j
  • 7483: Neo4j
  • 7484: Neo4j
  • 7697: Neo4j
  • 8093: CAST Imaging Viewer Frontend
  • 9010: CAST Imaging Viewer Backend
  • 9011: CAST Imaging Viewer ETL
  • 2285: PostgreSQL Database
  • 8083: PORT_IMAGING
  • 8090: PORT_GATEWAY
  • 8091: PORT_CONSOLE
  • 8092: PORT_AUTH_SERVICE
  • 8096: PORT_KEYCLOAK
  • 8098: PORT_CONTROL_PANEL

Note that for Microsoft Windows, when distributing components across multiple machines in Enterprise mode, not all ports will be required on all machines.

Example on-premises hardware configuration

Managing multiple applications

If you are managing a large number of applications, we recommend installing multiple nodes to spread the load. The disk space allocated to a single node obviously depends on the size and the number of applications that will be analyzed by the node. In a situation where all the nodes are running analyses, some nodes may need to run more than one analysis in parallel. To avoid overloading the node where more than one analysis is running at the same time, we strongly recommend deploying machines with sufficient resources.

Therefore, to analyze up to 50 applications and to run up to 5 analyses in parallel on one single node with one associated CAST Storage Service/PostgreSQL instance, CAST recommends increasing RAM and DISK resources as follows:

Component RAM DISK
Node 32GB min 2TB (SSD recommended)
CAST Storage Service / PostgreSQL 64GB min 3TB (SSD recommended)

Analyzing complex applications

While 90% of JEE, .NET or Mainframe applications can be analyzed with the minimum requirements, some specific (very large or not well balanced) applications require more memory than the minimum recommendations. The following configurations are examples of sizing required for very large applications. The requirements are not a linear function that are based purely on the number of files or lines of code (LoC), instead it is more complex and there is no specific formula to use.

In general, a lack of memory will cause slowness (machines will resort to the use of virtual memory) in the best case, and a crash in the worst case. The numbers presented in the table below are purely indicative and depict the varying memory requirements:

Application Node CPU Peak RAM Node - RAM (recommended minimum) Disk space
JEE application with 13,000 java files and 6,300 JSP files 2 processors, 4 cores 22 GB 32 GB 256 GB
JEE application with 21,000 java files, 14 JSP files, 2,800 projects As above 10 GB 16 GB As above
JEE application with 30,000 java files and 1,200 JSP files As above 12 GB 16 GB As above
.NET application with 18,785 C# files As above 12 GB 16 GB As above
.NET application with 23,000 C# files and 4,100 cshtml files As above 20 GB 32 GB As above
Mainframe application with 10,000 COBOL programs As above 2 GB 8 GB As above

For JEE, the above does not include the com.castsoftware.securityforjava extension, which requires a minimum of 32GB RAM.

Cloud Services

The following requirements are based on CAST’s own testing for the analysis of a single “large Application”, using Amazon EC2 R5 Instances:

Component Minimum instance type Volume Size Volume Type Minimum IOPS
CAST Imaging (Console/node/Viewer) r5.large 256GB General purpose SSD (gp2) or Provisioned IOPS SSD (io1) 400
Additional node As above 256GB As above As above
CAST Storage Service / PostgreSQL As above 512GB As above As above
CAST Extend local server (optional) As above 128GB As above As above