System requirements

Before you deploy the product, make sure that your environment meets the hardware and software requirements. To plan the deployment, see Planning a fresh deployment.

Related topics

System requirements for the BMC Helix Intelligent Integrations on-premises gateway Open link

A root or non-root user can deploy this product. You must set up your own Kubernetes cluster. BMC supports the following:

Container Orchestration

You must set up your own Kubernetes cluster.

  • Kubernetes 1.23.x – 1.26.x
    • We recommend that you use the KUBECONFIG variable to point to the Kubernetes cluster on the controller or bastion machine.
    • BMC Helix ITOM supports Kubernetes version 1.25 and 1.26 in the restricted pod security standard for the namespace where it is being deployed. 
      However, if you are using both BMC Helix IT Operations Management and BMC Helix IT Service Management in Kubernetes version 1.25 and 1.26, make sure that you use the baseline pod security standard for the namespace where it is being deployed.
    • To use Kubernetes version 1.26, you must apply the hotfix itom-predeploy-hotfix-
      For more information, see Downloading the deployment manager.
  • Kubernetes management tools:
    • VMware Tanzu with underlying Kubernetes 1.23.x – 1.26.x
    • Rancher Kubernetes with underlying Kubernetes 1.23.x – 1.26.x
    • Nutanix Karbon with underlying Kubernetes 1.23.x – 1.26.x
  • OpenShift 4.10– 4.12
  • OKD  (Community Edition OpenShift) with underlying Kubernetes 1.23.x – 1.26.x
    Due to a lack of vendor support, we recommend not using OKD for enterprise production.
  • Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE) with underlying Kubernetes 1.23.x – 1.26.x 
  • Amazon Elastic Kubernetes Service (Amazon EKS) with underlying Kubernetes 1.23.x – 1.26.x
  • Google Kubernetes Engine (GKE) with underlying Kubernetes 1.23.x – 1.26.x
  • Azure Kubernetes Service (AKS) 1.23.x – 1.26.x

The Java Keytool is required on the system where you download the installer to handle custom certificates. OpenJDK 17 is supported.

Package Manager
  • Helm 3.11 for Kubernetes 1.23.x – 1.25.x
  • Helm 3.12 for Kubernetes 1.24.x – 1.26.x
    To use Kubernetes version 1.26, apply the hotfix itom-predeploy-hotfix-
    For more information, see Downloading the deployment manager.

Use the appropriate Helm 3.x version for your Kubernetes version according to the Helm Support Policy Open link .


We have certified nginx-ingress-controller version 1.7.0 with:

  • Kubernetes 1.24, 1.25, and 1.26
  • OpenShift 4.11 and 4.12

We have certified nginx-ingress-controller version 1.6.4 with

  • Kubernetes 1.23
  • OpenShift 4.10

nginx-ingress-controller is installed by default in the ingress-nginx namespace. Review the following parameter value requirements in the nginx-configuration configmap in the ingress-nginx namespace:

  • enable-underscores-in-headers: "true"
  • proxy-body-size: 256m
  • server-name-hash-bucket-size: "1024"
  • ssl-redirect: "false"
  • use-forwarded-headers: "true"
  • proxy-connect-timeout: "300"
  • proxy-read-timeout: "600"
  • proxy-send-timeout: "600"
  • allow-snippet-annotations: "true"

You can use the following command to view the parameters in the nginx-configuration configmap:

kubectl get cm ingress-nginx-controller -n ingress-nginx -oyaml
Container Host operating system

The product has no specific dependencies on the underlying Linux OS or release running on your worker nodes.

You can use any x86_64 GNU/Linux OS supported by your Kubernetes or OpenShift platform and release version.

For Linux, all worker nodes must have cgroup version 1. cgroup version 2 is not supported. 

To verify the cgroup version, run the following command as a root user:

mount | grep cgroup

Expected output: cgroup

If the output shows cgroup2, the worker nodes have cgroup version 2 enabled.

Host OS Bash ShellBash Shell 4.2 or later
Persistent or Elastic Storage

BMC supports a Bring-Your-Own-Storage-Class model, for any block storage supporting high performance IOPS.

A ReadWriteMany storage-class is required for BMC Helix Operations Management, SmartGraph, and BMC Helix Continuous Optimization.

CephRBD and NFS are certified by BMC.

Important: NFS is one of the supported ReadWriteMany file store. Any ReadWriteMany file stores are supported by the product.

For more information about PersistentVolumeClaim (PVC), see PersistentVolumeClaim (PVC) requirements.

Load Balancer

Any load balancer is supported. For more information, see Load balancer requirements.

Security Certificates

You can use a trusted CA SSL certificate (client root certificate) or a self-signed certificate while deploying the product. For instructions on using a self-signed or custom CA certificate, see Using self-signed or custom CA certificates. 

The CA-signed and the CA chain certificates must be present on either the ingress controller, load balancer, or both.


If you are using a self-signed or custom CA certificate, perform the following steps:

  • While logging in to use the tctl utility, make sure that the certificate authority is added to your browser security settings.
  • If you are using the LDAP sync agent Open link , perform the following steps:
    1. Make sure that you have generated the self-signed certificate.
    2. On the cluster controller, go to the <location where JAVA is installed>\Java\<jdk-version>\lib\security folder.
      OpenJDK 11 or later is supported.
    3. Replace the cacerts file with the self-signed certificate that you generated. Make sure that the file name of the self-signed certificate is cacerts.
Docker Registry
  • HTTPs access must exist to the site from the K8s cluster to pull the container images.
    Access to is required if the value of the IMAGE_REGISTRY_HOST property in the configs/infra.config file is However, we recommend that you use a local repository that has options to run in an air-gapped environment. In this scenario, the value of the IMAGE_REGISTRY_HOST property points to the local repository. 
  • A docker client is required.
    Docker client is automatically available with Docker at runtime. 
    If you use Podman, then use an alias for Docker. 

  • Direct access to BMC's Docker Trusted Repository at is available. You can also use Local Harbor 2.1 or later synchronized with BMC's Docker Trusted Repository.

Best practice

BMC highly recommends that you install a local repository. The local Harbor repository is recommended. BMC does not manage any repository other than Harbor and recommends that you use the local Harbor repository to pull the container image. However, if you are using any other repository, make sure that the repository is configured to connect to the BMC DTR to pull the container image.

A local repository provides the following benefits:

  • Improved performance
    The container images are cached and accessed locally during deployments and upgrades.
  • Security 
    You can implement your own security scan of containers before deployment.
  • Access control
    You can control access to the local repository by using authentication and authorization.
  • Air-gap support
    You can replicate the local repository to support environments that do not have internet access.
Metrics Server

BMC Helix Platform uses the HorizontalPodAutoscaler (HPA) for its services so that the product can scale based on the customer usage. For the HPA to function, Kubernetes must expose metrics that are used to trigger scaling activities, for which a Metrics Server is required.

For information about the HPA, see  this page in the Kubernetes documentation Open link .

For information about the Metrics Server, see this page in the Kubernetes documentation Open link .

Role, Rolebinding, and Service Account

To deploy BMC Helix ITOM, you must have permission to create a ServiceAccount, a Role, and a RoleBinding in the BMC Helix ITOM namespace.
If you have the necessary permissions, do not change the value of the
CUSTOM_SERVICEACCOUNT_NAME parameter in the infra.config file, which is set to helix-onprem-sa.
If you do not have the required permissions, see Creating ServiceAccount, Role, and RoleBinding.

Harbor repository requirements

The HTTPS protocol is required for the Harbor registry. For information about Harbor installation, see  Installation and Configuration Open link in Harbor documentation.

Make sure that your system meets the following requirements to access images from a local Harbor repository:

HardwareMinimum 4 CPU with 8 GB memory and 500 GB disk space

To know about software requirements for Harbor, see Harbor Installation Prerequisites Open link  in Harbor documentation.

Important: Make sure the software versions match the version of Harbor that you want to install.

Network port
Harbor installation uses the following ports as the default ports:
  • Port 443 with HTTPS protocol
  • Port 4443 with HTTPS protocol
  • Port 80 with HTTP protocol

For more information about network ports for Harbor installation, see  Harbor Installation Prerequisites Open link in Harbor documentation. 

For information about setting up Harbor repository, see Setting up a Harbor registry in a local network and synchronizing it with BMC DTR.

Browser support

Operating systemBrowsers
All supported operating systems and platforms



Windows 7     



Windows 8



Windows 10



Microsoft Edge

Windows 11



Microsoft Edge

Macintosh OS X 10.5Safari 6.3.x


Create a namespace to deploy BMC Helix IT Operations Management.

For more information about creating a namespace, see Creating a namespace for deploying BMC Helix IT Operations Management.

Requirements for BMC Helix IT Operations Management products

In addition to the requirements added so far in this document, the following items are required for BMC Helix IT Operations Management products, including BMC Helix Continuous Optimization:


BMC Discovery

The required version is 23.1.

This is mandatory for all BMC Helix IT Operations Management deployments. You can either deploy a new implementation of BMC Discovery or use an existing deployment.

The following topics provide more information from the BMC Discovery documentation:

  • Deployment information: Installing Open link
  • Sizing and scalability information: BMC Discovery sizing and scalability considerations Open link .
SwapSwap must be turned off.
IP configurationAll nodes must be configured with a static IP.
SMTPSMTP is required. All SMTP mail servers are supported.

Where to go from here

Was this page helpful? Yes No Submitting... Thank you