This documentation supports an earlier version of BMC Helix IT Service Management on-premises deployment.

To view the documentation for the latest version, select 23.3.01 from the Product version picker.

Setting up a Harbor repository to synchronize container images

The container images required to deploy BMC Helix Innovation Suite are hosted on BMC Docker Trusted Registry (DTR). BMC DTR is available at

Synchronize the container images in BMC DTR to a local container Harbor repository and configure the deployment pipeline to use the container images from the local repository. This method allows you to perform a secure or air-gapped deployment that does not require a direct connection to the internet.


To synchronize the container images with BMC DTR, BMC validates using the open-source Harbor repository. You can choose any container repository solution that is compatible with the BMC Helix Service Management deployment. BMC does not anticipate any issues with alternative repositories. However, BMC does not provide support for alternative container repositories.

Repository content

The images required for BMC Helix Service Management installation are located in the following repositories in BMC DTR:

BMC RepositoryRepository content

BMC Helix Service Management images.

This repository includes all components of BMC Helix Service Management such as AR System server, BMC Helix Innovation Studio, Mid Tier, BMC Helix ITSM: Smart IT, BMC Digital Workplace, BMC Digital Workplace Catalog, and BMC Helix Innovation Suite applications.


Each component has a separate repository such as ars, midtier, cmdb, and virtualchat. These repositories contain the images for the respective component, such as the AR System images are located in the ars repository and the Mid Tier images are located in the midtier repository.
For example, and


BMC Helix Platform images.
The BMC Helix platform is required for all installations of BMC containerized software. This repository includes BMC Helix Platform services, data lake, BMC Helix Dashboards, AI Service Management, and other essential services.


Update your firewall policies to enable access to BMC DTR. Use the following fully qualified domain names:

Process to access container images from a local Harbor repository

Set up a Harbor repository and synchronize your Harbor repository with BMC DTR by using the access key. The following images shows the actions to synchronize your Harbor repository with BMC DTR.

Before you begin

These files contain the list of images that are synchronized from BMC DTR. You can use these files to verify your Harbor repository after you synchronize it with BMC DTR.

  • Make sure that you have downloaded the key to access the container images,, and files from the BMC Electronic Product Distribution (EPD) site.
    See Downloading the installation files.


    The, and files that are located in the file.

  • Make sure that you meet the Harbor repository requirements.

Task 1: To create a Harbor registry

  1. In your local system, download the latest version of Harbor by using the following command:



  2. Unzip the TAR file by using the following command:

    tar xvzf harbor-offline-installer*.tgz
  3. Navigate to the harbor directory by using the following command:

    cd harbor
  4. Copy the configuration template by using the following command:

    cp harbor.yml.tmpl harbor.yml
  5. Edit the harbor.yml file and add the values for the following parameters:

    Best practice

    We recommend that you use the HTTPS configuration and install Harbor by using self signed SSL certificates. See Configure HTTPS Access to Harbor Open link .



    Name of the host where you want to install Harbor.
    harbor_admin_passwordPassword for the Harbor application admin username.

    In the harbor.yml file, uncomment the https related config section, and add the values for parameters such as port, certificate, and  private_key.
    For example:

    # https related config
      # https port for harbor, default is 443
      port: 443
      # The path of cert and key files for nginx
      certificate: /data/cert/
      private_key: /data/cert/
  6. Run the following command:

     sudo ./
  7. Verify that you can access the Harbor registry by using the admin username and password to log in.

Task 2: To configure a Harbor registry endpoint

  1. In the Harbor admin UI, navigate to the Administration menu, and click Registries.
  2. Click NEW ENDPOINT, and specify the following field values:
    • ProviderDocker Registry

    • Endpoint URL

    • Access IDSupport user ID that you use to log in to EPD.

    • Access Secret—Container image access key specified in the container-token.bmc file that you downloaded from EPD.

    The following image shows an example configuration:
  3. To verify the connection, click TEST CONNECTION.
  4. Click OK.

    The configuration is saved and the configuration status is displayed as Healthy as shown in the following image:

  5. Navigate to the Administration menu, and click Projects.
  6. Create a new project and specify the project name as bmc.
    This project is used to synchronize the container images.

Task 3: To synchronize a Harbor repository with BMC DTR

You must synchronize your Harbor repository with BMC Helix Innovation Suite and BMC Helix Platform services container images in BMC DTR.

  1. Log in to a Linux system.
  2. Copy the,, 22106_ITSM_Platform_Images.txt, 22106_ITSM_Smartapps_Images.txt, 22106_ITSM_Pipeline_Images.txt, 23202_Helix_Platform_Images.txt, and 22106_Support_Assistant_Tool_Images.txt files to the system.
  3. Create a new file named all_images.txt.
  4. Synchronize the BMC Helix Service Management platform container images:
    1. Copy the 22106_ITSM_Platform_Images.txt to the all_images.txt file.
    2. Open the file and update the following parameter values:

      SOURCE_REGISTRY_HOSTSpecify the value as
      SOURCE_REGISTRY_USERSupport user ID that you use to login to EPD.
      SOURCE_REGISTRY_PASSWORDThe container image access key specified in the container-token.bmc file that you downloaded from EPD.
      IMAGE_REGISTRY_HOSTHost name of your local registry.

      Specify the user name to log in to your local registry.

      IMAGE_REGISTRY_PASSWORDSpecify the password to log in to your local registry.
      IMAGE_REGISTRY_PROJECTSpecify the value as bmc
    3. Run the file by using the following command:


      Before you run the file, make sure that you have installed the Docker Engine. For more information, see Harbor repository requirements.

  5. Synchronize the smart application, pipeline, BMC Helix Platform services, and Support Assistant tool container images by performing the following steps:
    1. Copy the file to the all_images.txt file.
    2. Run the file by using the following command:


To access images from an air-gapped environment

The following image describes the process to access the BMC Helix Innovation Suite platform and application container images from an air-gapped environment:

Perform the following steps to access images from an air-gapped environment:

  1. Create and configure a local Harbor registry in your network.
  2. Create and configure a Harbor registry in a demilitarized zone (DMZ).
  3. Set up a proxy to enable communication between the local Harbor registry in your network and the Harbor registry in a DMZ.
  4. Synchronize your local Harbor repository in your network with BMC DTR.
  5. Synchronize your Harbor repository in a DMZ with your local Harbor repository in your network.
    Perform the steps in To synchronize a Harbor repository with BMC DTR by modifying the following fields:
    • Source registry—Name of the DMZ Harbor registry that you configured to synchronize with your local Harbor repository.
    • Source resource filter: Name—Path of the image in your local Harbor repository that you want to synchronize to your DMZ Harbor repository.

Where to go from here

Next task

Proceed with preparing a database based on the database that you want to use:

Back to process

If you are finished preparing the database, return to the appropriate installation, update, or upgrade process:

Was this page helpful? Yes No Submitting... Thank you


  1. Supriya Gera

    please mention which privileges(sudo user or non root user) needed by "admin user" for Harbor setup

    Sep 01, 2023 05:51
    1. Poonam Morti

      Hi Supriya,

      The sudo user is used to install Harbor.
      The admin user specified in steps 5 and 7 in Task 1: To create a Harbor registry is the Harbor application administrator user.



      Sep 03, 2023 11:48
  2. Dmytro Shabeko

    How to fix "error invalid reference format" On Task3, step 4c?

    Sep 05, 2023 08:25
    1. Poonam Morti

      Hi Dmytro,

      The  Customer Support team can help you with this issue. To contact Customer Support to log a formal ticket on this issue, click here.



      Sep 14, 2023 01:54

      I had the same issue and I found that editing the file "" and replacing the line 58 which was originaly: IFS=$'\n' by IFS=$'\r\n' fixed the issue. Alternatively, you can edit all the .txt files downloaded from here above and modify them from the dos format (where carriage returns are "\r\n") into *nix format (where carriage returns are "\n"), but that would take longer.

      Jan 19, 2024 03:41
  3. Supriya Gera

    Please share replication rule details , what will be the source filter

    Sep 27, 2023 06:34
    1. Poonam Morti

      Hi Supriya,

      You do not need to add any replication rules. Perform the steps in Task 3: To synchronize a Harbor repository with BMC DTR section to synchronize the images.



      Sep 29, 2023 06:56
  4. Shirish Kamalapurkar

    Is Redhat 9 supported for Harbor Repo?

    Oct 04, 2023 10:32
    1. Poonam Morti

      Hi Shirish,

      Redhat 9 is not supported.

      Thanks, Poonam

      Oct 06, 2023 06:30
  5. henrique m ferreira

    Is there any tool to validate that the Harbor service is configured correctly, including remote access?

    I am getting the error when running helix-healthcheck preinstall.

    [231130-171707] INFO: Checking bmc docker registry Warning: failed to get default registry endpoint from daemon (Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?). Using system default: [231130-171707] ERROR: Unable to verify docker registry Error response from daemon: Get "https://harbor/v2/": tls: failed to verify certificate: x509: certificate is not valid for any names, but wanted to match harbor also using sudo. Please check permission failed to execute. Exiting.

    Dec 04, 2023 02:17
    1. Poonam Morti


      Please contact Customer Support on this issue.

      To log a ticket on this issue, click here Open link .



      Dec 26, 2023 03:54
  6. Balaji Kumbhar

    Hello Team,

    We are unable to pull the Smart reporting images which are motioned at Before you begin section - To perform update of BMC Helix ITSM: Smart Reporting, download the 210503HF10_SmartReporting_Images.txt and 21303006_ITSM_SmartReporting_Images.txt files.

    What permissions we required to download this repos.

    Additionally we are not using the smart reporting but still we have to download the images and install it as it is mandatory step while upgrading the smart apps.

    Please can you let us know how to exclude the smart reporting in smartapp upgrade. Also let us know what permissions are required to download the Smart reporting Repos.

    Thank You!

    Jan 31, 2024 02:42
    1. Poonam Morti

      Hi Balaji,

      It is not mandatory to download the Smart Reporting images if you are not using Smart Reporting.



      Jan 31, 2024 03:21