Documentation update

   

To provide a better user experience, we have now created a separate documentation space for BMC Helix Automation Console (previously called BMC Helix Vulnerability Management).
Users of BMC Helix Automation Console can find the latest documentation at BMC Helix Automation Console. .

System requirements

Before you install the product, make sure that your environment meets the hardware and software requirements.

To get complete compatibility information for Automation Console, use the  BMC SOLUTION AND PRODUCT AVAILABILITY AND COMPATIBILITY UTILITY (SPAC)

Note

To access the product compatibility information on the Customer Support website, you must have a Support ID.

Endpoint manager requirements

The following tables list the compatible versions of these endpoint managers: TrueSight Server Automation and TrueSight Network Automation

Compatible TrueSight Server Automation versions

TrueSight Automation Console version

TrueSight Server Automation versions

Hotfix requiredNotes
21.02.01

21.02.01

Supports the following feature:

Creation of batch jobs

No


21.02

Supports the following feature:

Creation of batch jobs

Yes

Download and apply TSAC 21.02.P1_with_TSSA 21.02GA-Hotfix.zip.

For details, see Knowledge Article 000385439.

20.02.01

The following features are not supported with this version:

  • PKI authentication
  • Notice and consent banner
  • Risk management for Oracle Linux assets
Yes

Download and apply TSAC 21.02.P1_with_TSSA 20.02.01-Hotfix.zip.

For details, see Knowledge Article 000385439.

21.02

21.02

Yes

Download and apply DRBLG-126137_TSSA-rest.war_hotfix.

For details, see Knowledge Article 000382124.

20.02.01

The following features are not supported with this version:

  • PKI authentication
  • Notice and consent banner
  • Risk management for Oracle Linux assets
Yes

Download and apply TSAC2102_with_TSSA200201_HF.

For details, see Knowledge Article 000380374.

Compatible TrueSight Network Automation version

TrueSight Automation Console version

TrueSight Network Automation version

Notes
21.02.01

20.02.03

Automation Console supports only vulnerability management for the network devices and the following features are NOT supported:

  • Auto-import of scan files 
  • Exceptions
  • Change approval process for operations

Supported BMC product versions

The following table describes the supported versions required for integrating with BMC products:

ProductVersion

BMC Discovery (on-premises only)

  • 20.08 (12.1)

  • 20.02 (12.0)
BMC Remedy Single Sign-On
  • 21.02
  • 20.02
BMC Remedy IT Service Management (on-premises only)
  • 20.08
  • 19.08

TrueSight Orchestration Platform (Classic deployment only)

20.02

TrueSight Orchestration Content

  • 21.02
  • 20.19.02.003

Supported browsers

ComponentRequirement

Minimum supported resolution

1920*1080

Supported browsers

  • Google Chrome
  • Microsoft Edge
  • Mozilla Firefox

Best viewed in Google Chrome 64+ and Microsoft Edge 87+

Supported scanning systems

The following table describes the vulnerability scanning systems supported by Automation Console.

System nameVersion
Nessus8.10
Rapid76.6.51 
QualysCloud Platform

Third-party software

Automation Console is bundled with the following third-party software:

Product versionPostgreSQL versionJava versionApache Tomcat web server versionDocker container operating system
21.02/21.02.0112AdoptOpenJDK 11.0.7+109.0.41Alpine Linux 3.10.3

Docker requirements and supported operating systems

Automation Console is supported on Linux-enabled Docker, and it requires the following version of Docker:

UtilityVersion
docker18.09.7 or later (Docker CE)
17.06.2-ee-16 or later (Docker EE)
docker-compose1.19.0 or later

The following table lists the supported operating systems and Docker Editions:

Operating systemSupported Docker Edition
Red Hat Enterprise Linux 7.xDocker EE
CentOS 7.xDocker CE

Important

Docker CE is not supported on Red Hat Enterprise Linux.

Memory and disk space requirements

Minimum RAM

Minimum free storage for application at <installedLocation>

10 GB

10 GB

Minimum hardware requirements

The following table describes the minimum hardware requirements for a small deployment.

Requirement SmallMinimum space required for installation (GB)
Number of 
concurrent users
25-

Automation Console server requirements

Number of 
Automation Console servers

1-

CPUs per 
Automation Console
Server

8-

Automation Console
server memory (GB)

3210

Automation Console
server disk 
space (GB)

10010
Database server requirements
CPUs per 
database
server
8-
Database 
server 
memory (GB)
168
Database 
disk 
space (GB)
10025

For more information about sizing requirements based on deployment scenarios, see Deployment sizing requirements.

External database requirements

The following table describes the supported database and its versions.

DatabaseSupported versions

PostgreSQL

  • 12
  • 11.2

Verify whether the PostgresSQL contrib modules are also installed. These are optional utilities shipped with the standard package, which may not installed by default. To verify whether the contrib modules are installed, run the following commands based on your version:

For PostgreSQL 12
yum list installed | grep postgresql12-contrib


For PostgreSQL 11.2
yum list installed | grep postgresql11-contrib

You can install the database by using the executables provided on the BMC Electronic Product Distribution (EPD) site, or you can use an existing PostgreSQL installation.

The following table describes the recommendations for a PostgreSQL database that you can use for optimal performance.

ConfigurationRecommendation

Users, Roles

  • The first installation of the application automatically creates the users and roles needed by the Automation Console. The installer requests the credentials for the PostgreSQL privileged user (usually named postgres).
  • Default names are provided for users and roles but they can be customized during installation.
Schema and Tablespaces
  • Automation Console database schema uses multiple tablespaces, which are automatically created during installation.
  • Data directories for the containerized database installed by the Stack Manager are created at the following location:
    • /var/lib/postgresql/data (Data Directory location on the database container) 
    • /var/bmc/truesight/postgresql/data (Data Directory location is mapped to the host)
  • The /var filesystem must have at least 50 GB of storage space.
Client Authentication
  • Ensure that the Automation Console computer can access the database server by allowing access to the pg_hba.conf file. 
  • Recommended configuration in pg_hba.conf is to use MD5 encryption for passwords.
  • Ensure that you add at least the database IP address and the Automation Console host IP address in the allowed list of host records in the pg_hba.conf file.

    To allow all the hosts for incoming connections
    #Allows all host for incoming connection
    host     all             all             0.0.0.0/0               md5 

    OR

    To allow only TSAC host and DB host for incoming connections
    #Allows only TSAC and DB host (DB host IP is required even if 127.0.0.1/32 (localhost) is added
    host     all             all             TSAC_HOST_IP/32         md5
    host     all             all             DB_HOST_IP/32           md5
Instance parameters

BMC recommends adding or updating the following parameters in the configuration of the database server in the postgresql.conf or equivalent file:

listen_addresses = '*' 
max_connections = 500 
default_statistics_target = 50 
constraint_exclusion = on 
wal_buffers = 8MB 
min_wal_size = 1GB
max_wal_size = 2GB
checkpoint_timeout = 15min 
checkpoint_completion_target = 0.9 
log_min_messages = fatal 
log_min_error_statement = fatal 
#following parameters should be tuned according 
#to actual memory available to Database server machine
#example of configuration for 8GB RAM 
maintenance_work_mem = 512MB
effective_cache_size = 5GB
work_mem = 48MB
shared_buffers = 2GB

After changing these values, restart the database server.

External Redis Server requirement

If you want to configure Automation Console in a high availability environment, make sure that you have a non-cluster and non TLS 5.05 or later Redis Server.

Port requirements

The port on which the Automation Console communicates with an endpoint manager must be open, and the application and the endpoint manager must be able to communicate with each other.

The following table provides the port numbers that you must enable for the product. If you intend to use any custom ports during installation, ensure that you open the ports before installing the product.

Important

You cannot change the port numbers after the installation or upgrade. You can use port numbers of your choice only during installation.

Port

Protocol

Configured on

User can change the port number?

Firewall exception needed?

Description

10443TCPHost containing the Automation Console application installationYesYesSecure port used to access the Automation Console application.
5000TCP

Host containing the Automation Console application installation

Yes (at the time of installation)YesPort used for communication with the Docker repository
5432TCPHost containing the database installationNoYesPort used by the database (PostgreSQL) for communication
9843TCPHost containing the Automation Console applicationNoYes

Port used by the application to communicate with Server Automation


Was this page helpful? Yes No Submitting... Thank you

Comments

  1. Daniel Goetzman

    Link for Endpoint Manager for TrueSight Automation Server KB for HotFix info for 21.02 appears to be an invalid URL?

    May 19, 2021 09:49
    1. Bipin Inamdar

      Thanks for the feedback, Daniel. The link is fixed now.

      May 31, 2021 04:55