To ensure proper operation of the Sensor Collector, your system must meet the following specifications:
Container Runtime
Sensor Collector requires a container runtime on a Linux host.
| Requirement | Detail |
|---|---|
| Runtime | Docker Engine (dockerd / containerd) or any OCI-compliant container runtime |
| Minimum Version | Docker Engine 24.0.4 or later, Kubernetes 1.31, 1.32 or 1.33, helm version 3 |
| Architecture | AMD64 (x86-64) |
| Orchestration | Docker CLI or Kubernetes with Helm |
Note: The Podman container environment is not supported.
Resource Consumption
Disk Space: 100 GB
CPU: 4 cores
RAM: 2 GB
Docker: Version 24.0.4 or later, installed from Docker software repositories (not a Snap package). Refer to this guide for docker installation instructions.
Supported Kubernetes environments: Kubernetes version 1.31, 1.32, 1.33 and helm version 3. Validated on Kubernetes OpenShift and K0s as the recommended cluster options.
Network Services
The following host services are not strictly required but are recommended for reliable operation:
DNS resolver — Required if endpoints are configured using FQDNs to connect to PCA Analytics, OCSP servers, or monitored network devices. If DNSSEC validation is enabled in the.env configuration file (RR_DNSSEC_ENABLE=true), Sensor Collector runs a local Unbound resolver that performs cryptographic validation of DNS responses. In VPN or corporate network environments, explicitly configure upstream nameservers via RR_DNSSEC_NAMESERVERS since containers cannot automatically detect host VPN DNS settings. Without DNSSEC enabled, the container uses standard DNS resolution from the host machine's /etc/resolv.conf.
NTP client — Sensor Collector timestamps all collected metrics using the container's system clock, which inherits from the host. Clock accuracy affects the validity of time-series data and correlation with other data sources. Use any standard NTP client on the host (chrony recommended).
HTTP/HTTPS proxy — In environments without direct internet access, pass proxy settings to the container via the .env configuration file with options: HTTP_PROXY, HTTPS_PROXY, NO_PROXY. The proxy is used for outbound connections to PCA Analytics APIs and certificate validation endpoints (OCSP/CRL).
Firewall Rules
If a firewall is active on the host or in the network path, ensure the following traffic is permitted:
| Direction | Protocol | Port | Destination | Purpose | Required? |
|---|---|---|---|---|---|
| Inbound | TCP | 55777 (can be configured) | Sensor Collector Host | Management of connected sensor agents | When in Gateway mode |
| Inbound | TCP | 55888 (can be configured) | Sensor Collector Host | Performance data via sensor agents | When in Gateway mode |
| Outbound | TCP | 53 | DNS Server | Name Resolution | If using FQDNs |
| Outbound | TCP | 123 | NTP server | Time synchronization | Recommended |
| Inbound | TCP | 7070 | Sensor Collector Host | Debugging with pprof | No |
| Inbound | TCP | 7071 | Sensor Collector Host | Collecting tech support reports | Recommended |
© 2026 Cisco and/or its affiliates. All rights reserved.
For more information about trademarks, please visit: Cisco trademarks
For more information about legal terms, please visit: Cisco legal terms