System requirements

Refer to these system requirements to allow your Puppet Comply application to connect to Puppet Enterprise (PE).

Open port requirements

Comply is deployed on a Kubernetes cluster that requires the following ports:
Port Protocol Purpose Source Destination
PE ports
8140 TCP Preflight checks Comply Puppet primary server
8143 TCP PE integration Comply PE Orchestrator
8081 TCP PE integration Comply PuppetDB
4433 TCP PE integration Comply PE RBAC
Comply ports
443 TCP Comply access User browser Comply UI
443 TCP Sending reports Scan target node Comply server
30303 TCP Assessor downloads and sending reports Scan target node Comply
Tip: Port 30303 is not required if you bring your own ingress. You can also set a custom Comply port in the Comply port field on the Config tab in Puppet Application Manager if you do not want to use port 30303.

Supported Puppet Enterprise versions

The following versions of Puppet Enterprise (PE) are supported for use with Comply:

PE version
2019.8.4 and later

For more information about PE versions, see Puppet Enterprise lifecycle policy.

Java Runtime Environment requirements

If you install the Comply module with the default setting of true for the manage_java option, the correct version of Java Runtime Environment (JRE) is installed automatically, and no further action is required.

Restriction: You cannot use the manage_java option on some operating systems, such as Ubuntu 16.04 and Mac OS X.

If you are independently managing JRE, ensure that the appropriate version is installed on the host system where the CIS-CAT Pro Assessor resides. JRE v1.8 or later is required. For the latest information about JRE requirements, see the CIS-CAT Pro Assessor Configuration Guide.