This documentation supports an earlier version of BMC Helix IT Service Management on-premises deployment.

To view the documentation for the latest version, select 23.3.01 from the Product version picker.

System requirements

Before you deploy the product, make sure that your environment meets the hardware and software requirements.

System requirements

Make sure that your environment meets the following requirements:

ComponentSupported Versions

Orchestration platforms

Orchestration platforms
  • Kubernetes 1.23 – 1.28
  • OpenShift 4.10 – 4.14


  • If you are using BMC Helix Service Management in Kubernetes version 1.25, 1.26, 1.27, or 1.28 make sure that you use the baseline pod security standard for the namespace where it is being deployed.
  • If you are performing a fresh installation of BMC Helix Service Management on Kubernetes 1.27 or OpenShift 4.13, we recommend that you use BMC Helix Platform Common Services 23.4.00. Do not use the BMC Helix Platform Common Services version 23.2.02.

Supported Kubernetes and OpenShift platforms

The following Kubernetes and OpenShift based platforms are supported with the underlying Kubernetes or OpenShift versions as listed in the previous row.

  • Kubernetes management tools
    • VMware Tanzu 
    • Rancher Kubernetes
    • Nutanix Karbon

  • OKD (Community Edition OpenShift)
  • Public Cloud Managed Kubernetes
    • Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE) with underlying Kubernetes 1.24.x – 1.28.x 
    • Amazon Elastic Kubernetes Service (EKS) with underlying Kubernetes 1.24.x – 1.28.x
    • Google Kubernetes Engine (GKE) with underlying Kubernetes 1.24.x – 1.28.x
    • Microsoft Azure Kubernetes Service (AKS) with underlying Kubernetes 1.24.x – 1.28.x

Important: Kubernetes clusters that use only the Internet Protocol version 4 (IPv4) are supported.

Ingress controller

NGINX Ingress Controller1

 1.6.4, 1.7.0, 1.9.3, 1.9.5

Important: BMC has certified using the Nginx Ingress Controller version 1.6.4 with Kubernetes version 1.23.

BMC has certified using the Nginx Ingress Controller version 1.7.0 with Kubernetes versions 1.24, 1.25, and 1.26.

BMC has certified using the Nginx Ingress Controller version 1.9.3 with Kubernetes versions 1.27.

BMC has certified using the Nginx Ingress Controller version 1.9.5 with Kubernetes versions 1.28.


NGINX Ingress Controller is installed by default in the ingress-nginx namespace. Review the following parameter value requirements in the nginx-configuration configmap:

  • enable-underscores-in-headers: "true"
  • proxy-body-size: 250m
  • server-name-hash-bucket-size: "1024"
  • ssl-redirect: "false"
  • use-forwarded-headers: "true"
  • proxy-connect-timeout: "300"
  • proxy-read-timeout: "600"
  • proxy-send-timeout: "600"

You can use the following command to view the parameters in the nginx-configuration configmap:

kubectl describe cm nginx-configuration -n ingress-nginx
Package Manager
  • Helm 3.11 for Kubernetes 1.23 – 1.25
  • Helm 3.12 for Kubernetes version 1.26
  • Helm 3.13 for Kubernetes version 1.27
  • Helm 3.14 for Kubernetes version 1.28

Load Balancer

Load Balancer

F5 Load Balancer or other Load Balancer.

The following load balancer SSL methods are supported:

  • SSL Offloading at the load balancer
  • SSL Passthrough to offload at the Ingress Controller
  • SSL Full Proxy
  • Allow X-Forwarded- Headers Upstream of Ingress
  • Reverse Proxy http back to https

Important: Make sure that you configure the following headers for SSL Offloading at the load balancer:

  • X-Forwarded-Protohttps
  • X-Forwarded-Host
  • X-Forwarded-Port443

Storage and security certificates

Persistent or Elastic Storage

BMC supports a Bring-Your-Own-Storage-Class model, for any block storage supporting high performance IOPS.

CephRBD is certified by BMC

Security Certificates

DigiCert and R3 certificates.

Custom CA signed certificates and self-signed certificates are supported.

Important: If you are using a self-signed or custom CA certificate, make sure that you use the same custom certificate during BMC Helix Platform and BMC Helix Service Management installation.

Other system requirements

JavaJava 11 and later for AR System clients, such as Developer Studio, and AI.
Container Host OS

BMC Helix Innovation Suite has no specific dependencies on the underlying Linux OS or release running on your Worker Nodes.

You can use any x86_64 GNU/Linux OS supported by your Kubernetes or OpenShift platform and release version.

Host OS Bash ShellBash Shell 4.2 or later
Docker Registry
  • Direct access to BMC's Docker Trusted Registry (DTR) at
    Latest version of Harbor synchronized with BMC’s Docker Trusted Registry
  • A docker client is required.
DB Support
  • Oracle Database 19.16 
  • Microsoft SQL Server 2019
  • Microsoft SQL Server 2017
  • Microsoft SQL Server 2016 (SP2)
  • PostgreSQL 13


  • You must set up the database server outside the Kubernetes clusters on a physical or virtual machine.
  • In general, BMC recommends running on the latest Service Pack, Maintenance Level, or other such update to listed databases.
  • AR System server and BMC Helix CMDB support 'AlwaysOn' for Microsoft SQL Server.
  • Remedy AR System and BMC Helix CMDB server support Oracle Real Application Clusters (Oracle RAC) feature of Oracle Database.
  • Oracle database pluggable/un-pluggable are supported.
  • PostgreSQL supported configuration includes case sensitive and Unicode implementation.
Email Engine

Microsoft Exchange Server 2016 (64-bit) and Microsoft Office 365 Exchange


  • BMC internally certifies Email Engine with Microsoft Exchange Server and Microsoft Office 365 Exchange. Because Email Engine makes use of JavaMail API that is capable of working with other SMTP servers, SMTP servers that are not listed in this table might still operate correctly with AR System. You might be able to run AR System in a configuration not listed as supported. However, BMC has not certified the integration of Email Engine with such SMTP servers in their labs.
  • Microsoft has discontinued MAPI support in Microsoft Exchange Server 2016; Support for EWS (exchange web service) is available for Microsoft Exchange Server 2016 only.
  • OAuth 2.0 based authentication is required for Microsoft Office 365 Exchange starting with 20.02.01 and later
  • Starting with AR System 20.02.01 (also known as 20.02 Patch 1), Email Engine supports OAuth 2.0 based authentication for the Exchange Web Services (EWS) protocol to access Microsoft Office 365 Exchange.
    For more information, see AR System 20.08 enhancements Open link in the AR System online documentation.
BMC Helix Platform

BMC Helix Platform 23.2.02

BMC Helix Platform 23.4.00

BMC Helix Platform 24.1.00

BMC Helix Service Management installation uses the following services provided by BMC Helix Platform:

  • Foundational services such as user management, tenant management, and BMC Helix Single Sign-On
  • Data lake such as Elasticsearch, PostgreSQL, and MinIO
Metrics Server

BMC Helix uses the HorizontalPodAutoscaler (HPA) for its services so that the product can scale based on the customer usage. For the HPA to function, Kubernetes must expose metrics that are used to trigger scaling activities, for which a Metrics Server is required.

For information about the HPA, see this page in the Kubernetes documentation Open link .

For information about the Metrics Server, see this page in the Kubernetes documentation Open link

The supported Ingress and Helm versions with the Kubernetes orchestration platforms are as follows:

Orchestration platformIngress
Kubernetes 1.28
Kubernetes 1.26

The supported Ingress and Helm versions with the OpenShift orchestration platforms are as follows:

Orchestration platformIngress
OpenShift 4.14 

Network port requirements

Review the following components and the ports used:

Source componentDestinationPortDirection

Local image registry (Harbor) with internet access

BMC Docker Trusted Registry (DTR)




Kubernetes cluster (Worker nodes)

Local image registry (Harbor) with internet access

443, 80
The default Harbor port is 80 if Secure Socket Layer (SSL) is not enabled.


End user traffic

Load balancer or HA proxy



Load balancer

Ingress controller

Ingress controller service port
The port varies based on your Kubernetes platform and Ingress controller service.


Kubernetes cluster (Worker nodes)

Database server

Database port

The port varies based on your database type and service.


AR Clients (Developer Studio)

BMC Helix Innovation Suite server Admin service


You can expose this port through EXTERNAL-IP or Nodeport for the platform-admin-ext service.


Kubernetes cluster (Worker nodes)

SMTP server

SMTP server port


BMC Deployment Engine

Kubernetes cluster

Kubernetes API server port


HDM virtual machine

Staging database server

Database port

The port varies based on your database type and service.


Ports used by BMC Helix Service Management services 

You might use the following ports to set your network policy:


All service types are ClusterIP unless specified otherwise.

Service name                    Port and protocol                                                                       
atriumwebsvc              8080/TCP                                                                      
catalog-itsm-plugin       9822/TCP                                                                      
clamav                    3310/TCP                                                                      
dwp-tomcat               9000/TCP                                                                      
midtier-int               8080/TCP                                                                      
midtier-int-dns-lookup    5701/TCP                                                                      
midtier-user              8080/TCP                                                                      
midtier-user-dns-lookup   5701/TCP                                                                      
openfire                  5222/TCP                                                                      
openfire-dns-lookup       5701/TCP                                                                      
openfire-ext              7001/TCP,7070/TCP                                                             
platform-admin            46262/TCP,8008/TCP,20000/TCP,61617/TCP,7319/TCP,40001/TCP                     


 This service requires either EXTERNAL-IP, Nodeport, or Load balancer to access external clients like the Developer Studio.

platform-fts              46262/TCP,8008/TCP,20000/TCP,61617/TCP,7319/TCP,40001/TCP,9977/TCP            
platform-fts-ext          46262/TCP,8008/TCP,20000/TCP,61617/TCP,7319/TCP,40001/TCP,9977/TCP            
platform-int              46262/TCP,8008/TCP,20000/TCP,61617/TCP,7319/TCP,40001/TCP                     
platform-int-ext          46262/TCP,8008/TCP,20000/TCP,61617/TCP,7319/TCP,40001/TCP                     
platform-sr               46262/TCP,8008/TCP,20000/TCP,61617/TCP,7319/TCP,40001/TCP                     
platform-sr-ext           46262/TCP,8008/TCP,20000/TCP,61617/TCP,7319/TCP,40001/TCP                     
platform-user             46262/TCP,8008/TCP,20000/TCP,61617/TCP,7319/TCP,40001/TCP                     
platform-user-ext         46262/TCP,8008/TCP,20000/TCP,61617/TCP,7319/TCP,40001/TCP                     
smartit                   9000/TCP                                                                      
smartit-dns-lookup        5701/TCP                                                                      
smartreporting            8080/TCP                                                                      
virtualchatplugin         9822/TCP                                                                      
virtualchatserver         8080/TCP,6226/TCP,6225/TCP                                                    
virtualchatserver-ext     8080/TCP,6226/TCP,6225/TCP                       

To get more information about the ports used by the BMC Helix Service Management services, run the following command:
kubectl get svc -n <Innovation suite namespace>

Ports used by BMC Helix Platform Common Services 

You might use the following ports to set your network policy:


All service types are ClusterIP unless specified otherwise.

Service name                                                Ports and protocol                                                  
adeauthsvc                                            8000/TCP                                                   
adereporting                                          8080/TCP,8000/TCP                                          
adereporting-apiservice                               8080/TCP                                                   
adereporting-renderer-service                         8081/TCP                                                   
adereporting-report-generator-service                 3002/TCP,3003/TCP                                          
aif-api-service                                       50197/TCP,60197/TCP,8094/TCP,9094/TCP,11000/TCP            
aif-clustering-ingestion-service                      50220/TCP,60220/TCP,11000/TCP                              
aif-clustering-query-service                          50219/TCP,60219/TCP,11000/TCP                              
aif-clustering-service                                50221/TCP,60221/TCP,11000/TCP                              
aif-core-service                                      50177/TCP,60177/TCP,11000/TCP                              
aif-incident-ingestion-service                        50197/TCP,60197/TCP,11000/TCP                              
aif-job-manager-service                               50207/TCP,60207/TCP,11000/TCP                              
aif-machine-learning-utilities                        50052/TCP,60052/TCP,11000/TCP,8080/TCP,9080/TCP            
aif-ticket-service                                    50217/TCP,60217/TCP,11000/TCP                              
ans                                                   8000/TCP                                                   
aud                                                   8000/TCP                                                   
efk-elasticsearch-coordinating-hl                     9200/TCP,9300/TCP                                          
efk-elasticsearch-data-hl                             9200/TCP,9300/TCP                                          
efk-elasticsearch-efk-elasticsearch-coordinating-hl   9200/TCP,9300/TCP                                          
efk-elasticsearch-ingest-hl                           9200/TCP,9300/TCP                                          
efk-elasticsearch-kibana                              5601/TCP                                                   
efk-elasticsearch-master-hl                          9200/TCP,9300/TCP                                          
efk-fluent-bit                                        9880/TCP                                                   
elasticsearch-events-opendistro-es-client-service     9200/TCP,9300/TCP,9600/TCP,9650/TCP                        
elasticsearch-events-opendistro-es-data-svc           9300/TCP,9200/TCP,9600/TCP,9650/TCP                        
elasticsearch-events-opendistro-es-discovery          9300/TCP                                                   
elasticsearch-logs-opendistro-es-client-service       9200/TCP,9300/TCP,9600/TCP,9650/TCP                        
elasticsearch-logs-opendistro-es-data-svc             9300/TCP,9200/TCP,9600/TCP,9650/TCP                        
elasticsearch-logs-opendistro-es-discovery            9300/TCP                                                   
featureflag                                           8000/TCP                                                   
ims                                                   8000/TCP                                                   
imsportal                                             8000/TCP,9000/TCP                                          
kafka                                                 9092/TCP                                                   
kafka-headless                                        9092/TCP,9093/TCP                                          
kafka-zookeeper                                       2181/TCP,2888/TCP,3888/TCP                                 
kafka-zookeeper-headless                              2181/TCP,2888/TCP,3888/TCP                                 
metric-gateway-service                                50059/TCP,60059/TCP,8093/TCP,9093/TCP,11000/TCP,8080/TCP   
metric-gateway-service-svc                            50059/TCP,60059/TCP,8093/TCP,9093/TCP,11000/TCP,8080/TCP   
metric-ingestion-service                              50051/TCP,60051/TCP,8080/TCP                               
metric-ingestion-service-svc                          50051/TCP,60051/TCP,8080/TCP                               
metric-query-service                                  50051/TCP,60051/TCP,8091/TCP,8080/TCP                      
metric-query-service-svc                              50051/TCP,60051/TCP,8091/TCP,8080/TCP                      
minio                                                 9000/TCP,9001/TCP                                          
minio-headless                                        9000/TCP,9001/TCP                                          
postgres-bmc-pg-ha                                    5432/TCP                                                   
postgres-bmc-pg-ha-config                             <none>                                                     
postgres-bmc-pg-ha-pool                               5432/TCP                                                   
postgres-bmc-pg-ha-repl                              5432/TCP                                                   
redis-redis-ha                                        6379/TCP,26379/TCP                                         
redis-redis-ha-announce-0                             6379/TCP,26379/TCP                                         
redis-redis-ha-announce-1                             6379/TCP,26379/TCP                                         
redis-redis-ha-announce-2                            6379/TCP,26379/TCP                                         
redis-redis-ha-haproxy                                6379/TCP                                                   
rsso                                                  8080/TCP                                                   
smart-graph-api                                       8000/TCP                                                   
smart-graph-controller                                25210/TCP,25677/TCP                                        
tas                                                   8000/TCP                                                   
tms                                                   8000/TCP,9000/TCP                                          
tmsportal                                             8000/TCP                                                   
ucs                                                   8000/TCP                                                   
victoria-metrics-cluster-vminsert                     8480/TCP,2003/TCP,2003/UDP,8189/TCP,8189/UDP               
victoria-metrics-cluster-vmselect                     8481/TCP                                                   
victoria-metrics-cluster-vmstorage         8482/TCP,8401/TCP,8400/TCP                 

To get more information about the ports used by the BMC Helix Platform Common Services , run the following command:

kubectl get svc -n <Platform Common Services namespace>

Jenkins server requirements

Review the following requirements for the Jenkins server: 




Operating System


Disk space (GB)

Jenkins server12
  • RHEL 7.x and 8.x are certified.
  • CentOS 7.x and CentOS Core 8.x  are certified.
  • Equivalent releases of Fedora and Oracle Linux are supported.
Minimum 8100

For information about setting up BMC Deployment Engine, see Setting up BMC Deployment Engine.

Harbor repository requirements

Use Harbor latest version. For information about Harbor installation requirements, see Harbor Installation and Configuration Open link and Harbor Installation Prerequisites Open link in Harbor documentation.

 To access images from a local Harbor repository, make sure that your system has minimum 4 CPU with 8 GB memory and the following disk space:

  • 750 GB disk space when you are setting up the Harbor repository for the first time.
  • 100 GB approximately when you are synchronizing the container images in BMC DTR with the Harbor repository for an upgrade.

For information about setting up Harbor repository, see Setting up a Harbor repository to synchronize container images.

Controller machine requirements

If you are using BMC Helix Platform Common Services 24.1.00, make sure that the controller machine supports the following operating systems:

Operating System



8.5 or higher

Red Hat Enterprise Linux (RHEL)


8 or higher


20.04.6 or higher

Browser support

 Operating System


All supported operating systems and platforms






Microsoft Edge

HARMAN Packaged Browser

Macintosh OS X



Review the following requirements for the namespaces in your cluster: 

  • Namespace to install BMC Helix Platform Common Services and EFK for logging.
    For information about creating a namespace to install BMC Helix Platform Common Services and EFK, see Installing BMC Helix Platform Common Services 23.2.02.
  • Namespace to install BMC Helix Service Management.
    Make sure that the namespace name consists of only lowercase alphanumerics and hyphens. Example, 'bmc-itsm'.


  • In your network policy, you must allow communication between the two namespaces - namespace where you will install BMC Helix Platform Common Services and the namespace where you will install BMC Helix Service Management.
  • If you are using BMC Helix Service Management in Kubernetes version 1.25, make sure that you use the baseline pod security standard for the namespace where it is being deployed.

The actual namespace names are specific to your environment.


To support Elastic deployment, increase the maximum number of memory maps on each worker node by running following command:

 # echo vm.max_map_count=262144 > /etc/sysctl.d/es-custom.conf

 # sysctl -w vm.max_map_count=262144

 For more information, see

1. In this documentation, NGINX Ingress Controller refers to the Open-Source NGINX Ingress Controller maintained by Kubernetes.

Where to go from here

Next taskProceed with Downloading the installation files.
Back to process

If you are finished understanding the Persistent Volume Claim requirements, return to the appropriate installation or upgrade process:

Was this page helpful? Yes No Submitting... Thank you


  1. Supriya Gera

    Please mention OS version for Harbor Repository as well

    Sep 01, 2023 05:49
    1. Poonam Morti

      Hi Supriya,

      For information about the operating system for Harbor repository, see  Harbor Installation Prerequisites Open link in the Harbor documentation.



      Sep 20, 2023 01:35
  2. Margery Waithaka

    Is OpenShift 4.13 supported?

    Sep 20, 2023 01:20
    1. Poonam Morti

      Hi Margery,

      OpenShift 4.13 is not supported for installation of  BMC Helix IT Service Management 22.1.06.



      Sep 21, 2023 01:17
      1. Andreas Wiencek


        we just heard from our BMC contact that OpenShift 4.13 was certified for 22.1.06 now. Could you please double-check if there has been a change? Thanks.

        Dec 04, 2023 04:03
        1. Poonam Morti

          Hi Andreas,

          BMC Helix IT Service Management Deployment 22.1.06 is supported with OpenShift 4.13 now. We have updated the system requirements with this support.



          Dec 08, 2023 06:05