Accessing container images from an air-gapped environment

An air-gapped environment is disconnected or physically isolated from unsecured networks such as the public internet. 

The BMC Helix IT Operations Management (BMC Helix ITOM) container images are hosted on the BMC Docker Trusted Registry (DTR), which is available at containers.bmc.com. To access the BMC Helix ITOMcontainer images, we recommend setting up a registry (such as the Harbor registry) in your local network and synchronizing it with BMC DTR. If your registry is in a demilitarized zone (DMZ) or air-gapped environment, use the instructions in this topic to synchronize your registry with BMC DTR.

We have documented the steps to set up and synchronize a Harbor registry with BMC DTR only as an example. We do not supply or support Harbor or any other registry product. As an administrator, you must install, configure, and maintain the registry. For more information about the Harbor registry, see the Harbor documentation

You can use the instructions in this topic as a template to set up other registry products.

Perform the following steps to access container images from an air-gapped environment:

1. Create and configure a local Harbor registry in your network.
2. Create and configure a Harbor registry in a demilitarized zone (DMZ).
3. Set up a proxy to enable communication between the local Harbor registry in your network and the Harbor registry in a DMZ.

1. Synchronize your local Harbor repository in your network with the containers.bmc.com Docker Trusted Registry (DTR).

1. Synchronize your Harbor repository in a DMZ with your local Harbor repository in your network by performing the following steps:
   1. In the Harbor admin UI, navigate to the Administration menu, and click Replications.

   2. Click NEW REPLICATION RULE and specify the values for the following fields:
      

      The [confluence_table-plus] macro is a standalone macro and it cannot be used inline. Click on this message for details.
      This macro generates standalone content. As a consequence you need to make sure to use a syntax that separates your macro from the content before and after it so that it's on a line by itself. For example in XWiki Syntax 2.0+ this means having 2 newline characters (a.k.a line breaks) separating your macro from the content before and after it.
      The following image shows an example replication rule:
      
      

   3. Click Save.
   4. To run the rule manually, click REPLICATE.
   5. After rule execution is complete, navigate to Projects, and verify that the container images are synchronized.
   6. Create replication rules for the following source resources:
      • bmc/lp0oz
      • bmc/lp0pz
      • bmc/lp0mz
      • bmc/la0cz

For information about creating replication rules, see Setting-up-a-Harbor-repository > To synchronize your Harbor repository with BMC Docker Trusted Repository section.