Space banner


This documentation supports an earlier version of BMC Helix IT Operations Management on-premises deployment.

To view the documentation for the latest version, select 22.4 from the Product version picker.

System requirements

Before you deploy the product, make sure that your environment meets the hardware and software requirements.

Related topic

Planning a fresh deployment

BMC Discovery sizing and scalability considerations Open link

ComponentSupported versions
Container Orchestration
  • Kubernetes 1.18.x – 1.21.x


    • We recommend that you use  the KUBECONFIG variable to point to the Kubernetes cluster on the controller or bastion machine.
    • BMC Helix IT Service Management does not support Kubernetes version 1.22 and later.
  • Kubernetes management tools
    • VMware Tanzu with underlying Kubernetes 1.18.x – 1.21.x
    • Rancher Kubernetes with underlying Kubernetes 1.18.x – 1.21.x
    • Nutanix Karbon with underlying Kubernetes 1.18.x – 1.21.x
  • OpenShift 4.6 – 4.8
  • Public Cloud Managed Kubernetes: Oracle Kubernetes 
  • OKD  (Community Edition OpenShift) with underlying Kubernetes 1.18.x - 1.21.x
    Due to a lack of vendor support, BMC recommends that you do not use OKD for enterprise production usage.
  • Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE) with underlying Kubernetes 1.18.x – 1.21x 
  • Elastic Kubernetes Service (EKS) with underlying Kubernetes 1.18.x – 1.21.x
  • Google Kubernetes Engine (GKE) with underlying Kubernetes 1.18.x – 1.21.x

The Java Keytool is required on the system where you download the installer. OpenJDK 11 or later is supported.
The Java Keytool is required for the handling custom certificates.

Package ManagerHelm 3.2.3


nginx-ingress-controller is installed by default in the ingress-nginx namespace. Review the following parameter value requirements in the nginx-configuration configmap in the ingress-nginx namespace:

  • enable-underscores-in-headerstrue
  • proxy-body-size256m
  • proxy-connect-timeout300
  • proxy-read-timeout600
  • proxy-send-timeout600
  • use-forwarded-headerstrue

You can use the following command to view the parameters in the nginx-configuration configmap:

kubectl describe cm nginx-configuration -n ingress-nginx

Container Host operating system

BMC Helix IT Operations Management has no specific dependencies on the underlying Linux OS or release running on your Worker Nodes.

You can use any x86_64 GNU/Linux OS supported by your Kubernetes or OpenShift platform and release version.

The following is required:

  • The cluster-admin permission is required for deployment.
  • (Linux) All worker nodes must have cgroup version 1.
    cgroup version 2 is not supported. 
    To verify the cgroup version, run the following command as a root user:

    mount | grep cgroup

    Expected output: cgroup
    If the output shows cgroup2, the worker nodes have cgroup version 2 enabled.

Host OS Bash ShellBash Shell 4.2 or later
Persistent or Elastic Storage

BMC supports a Bring-Your-Own-Storage-Class model, for any block storage supporting high performance IOPS.

CephRBD is certified by BMC.

For NFS storage, an NFS mount point is required. Perform the following steps:

  1. Create a folder under the NFS mount point. Use the resulting complete path to populate the NFS_MOUNT_PATH property in the configs/infra.config during deployment.
  2. Grant permissions on the folder that you created. Use the following commands:
    chown 786:998 <NFS_MOUNT_PATH>
    chmod +x <NFS_MOUNT_PATH>

For sizing information, see Sizing considerations.

Load Balancer

F5 Load Balancer or other Load Balancer is supported. 

The following load balancer SSL methods are supported:

  • SSL Offloading at the load balancer
  • SSL Passthrough to offload at the Ingress Controller
  • SSL Full Proxy

For an improved performance, we recommend SSL offloading at the load balancer. However, all other methods are also supported.

The following headers are required for SSL offloading or SSL full proxy:

  • X-Forwarded-proto
  • X-Forwarded-port
  • X-Forwarded-host

You can also add the X-Forwarded-for header for debugging purposes.

The following host names must be created with a DNS entry that points to the load balancer. The property names are used in the infra.config and deployment.config files during deployment. Make sure that the URLs are in the same domain.

DescriptionFormatExampleMust be configured in the load balancer?Must have a DNS entry?File nameProperty name
Host for Helix RSSO<any unique string>.$DOMAINmycomputer-rsso.lab.bmc.comYesYesconfigs/infra.configLB_HOST
Host for tenant management system<any unique string>.$DOMAINmycomputer-tms.lab.bmc.comYesYesconfigs/infra.configTMS_LB_HOST
MinIO storage URL<any unique string>.$DOMAINmycomputer-minio.lab.bmc.comYesYesconfigs/infra.configMINIO_LB_HOST
Tenant URL$COMPANY_NAME-$TENANT_TYPE-$ENVIRONMENT.$DOMAINacme-private-poc.lab.bmc.comYesYesconfigs/deployment.config for ENVIRONMENT and configs/infra.config for the othersCOMPANY_NAME TENANT_TYPE ENVIRONMENT FQDN
Discovery Appliance URL$COMPANY_NAME-disc-$TENANT_TYPE-$ENVIRONMENT.$DOMAINacme-disc-private-poc.lab.bmc.comNoYesconfigs/deployment.config for ENVIRONMENT and configs/infra.config for the othersCOMPANY_NAME TENANT_TYPE ENVIRONMENT FQDN

BMC Helix Continuous Optimization

$COMPANY_NAME-optimize-$TENANT_TYPE-$ENVIRONMENT.$DOMAINacme-optimize-private-poc.lab.bmc.comNoYesconfigs/deployment.config for ENVIRONMENT and configs/infra.config for the othersCOMPANY_NAME TENANT_TYPE ENVIRONMENT DOMAIN
Security Certificates

DigiCert and R3 certificates.

Other CA signed certificates and self-signed certificates are not supported by default. If you want to use any other DigiCert CA, ensure that in the configs/infra.config file, the value of the CUSTOM_CA_SIGNED_CERT_IN_USE parameter is set to true.

You can use a trusted CA SSL certificate (client root certificate) or a self-signed certificate while deploying the product. For instructions on using a self-signed or custom CA certificate, see Using self-signed or custom CA certificates. 


If you are using a self-signed or custom CA certificate, perform the following steps:

  • While logging in to use the tctl utility, make sure that the certificate authority is added to your browser security settings.
  • If you are using the LDAP sync agent Open link , perform the following steps:
    1. Ensure that you have generated the self-signed certificate.
    2. Go to the <location where JAVA is installed>\Java\<jdk-version>\lib\security folder. OpenJDK 11 or later is supported.
    3. Replace the cacerts file with the self-signed certificate that you generated. Ensure that the file name of the self-signed certificate is cacerts.
Docker Registry
  • HTTPs access must exist to the site from the K8s cluster to pull the container images.
    Access to is required if the value of the IMAGE_REGISTRY_HOST property in the configs/infra.config file is However, we recommend that you use a local repository that has options to run in an air-gapped environment. In this scenario, the value of the IMAGE_REGISTRY_HOST property points to the local repository. 
  • A docker client is required. If you use Podman, use an alias for the docker.
  • Direct access to BMC's Docker Trusted Repository at is available. You can also use Local Harbor 2.1 or later synchronized with BMC's Docker Trusted Repository.

Best practice

BMC does not manage any repository other than Harbor and recommends that you use the local Harbor repository to pull the container image. However, if you are using any other repository, make sure that the repository is configured to connect to the BMC DTR to pull the container image.

A local repository provides the following benefits:

  • Improved performance
    The container images are cached and accessed locally during deployments and upgrades.
  • Security 
    You can implement your own security scan of containers before deployment.
  • Access control
    You can control access to the local repository by using authentication and authorization.
  • Air-gap support
    You can replicate the local repository to support environments that do not have internet access.
Metrics Server

BMC Helix Platform uses the HorizontalPodAutoscaler (HPA) for its services so that the product can scale based on the customer usage. For the HPA to function, Kubernetes must expose metrics that are used to trigger scaling activities, for which a Metrics Server is required.

For information about the HPA, see  this page in the Kubernetes documentation Open link .

For information about the Metrics Server, see this page in the Kubernetes documentation Open link .

General requirements
  • Swap must be turned off.
  • All nodes must be configured with static IP.
  • The product can be deployed by a root or non-root user.

Was this page helpful? Yes No Submitting... Thank you


  1. Dima Seliverstov

    It appears that the link for Deploying the ingress controller for OpenShift or Kubernetes. is invalid and should be updated.

    Jan 13, 2022 09:54
    1. Manisha Moon

      Hi Dima, Thanks for bringing this to our attention. We have fixed the broken link. Thanks, Manisha

      Jan 14, 2022 05:07
  2. Jeremy Schlosky

    The examples listed in the table under Load balancer requirements should be updated to reflect that they need to be unique ( checks for this). Listing 3 times leads to believing that you can use the same URL for all 3 load balancer URLs. They should be updated to reflect something like,,

    Jan 23, 2022 12:26
    1. Mukta Kirloskar

      Thank you. This change is incorporated.

      Feb 24, 2022 10:15
  3. Nacho Capdepon

    just a small question: where are the HW requirements? how many VMs? size? POC/Small/Medium/Large ...

    Apr 08, 2022 10:25
    1. Mukta Kirloskar

      Please see Sizing considerations.

      May 18, 2022 01:36
  4. Alfredo Camacho

    Where we can find the sizing tables with the hardware needed to deploy this solution?

    May 04, 2022 05:37
    1. Mukta Kirloskar

      Please see Sizing considerations.

      May 18, 2022 01:36
  5. Dima Seliverstov

    Persistent Volume Claim (PVC) requirements section has MinIO listed twice.

    May 18, 2022 09:18
    1. Mukta Kirloskar

      Updated the documentation. Deleting this comment.

      Jun 03, 2022 06:29
  6. Brad Taylor

    In the load balancer requirements table, there is reference to $FQDN variable/property.

    The configs/infra.config file does not have this property (nor does configs/deployment.config); it is called DOMAIN in the configs/infra.config file.

    Why invent another variable when one already exists?

    Overall the documentation for this installation is 2/10. very poor.

    May 26, 2022 05:35