System requirements

Before you deploy BMC Helix IT Operations Management (BMC Helix ITOM), use the information in this topic to make sure that your environment meets the hardware and software requirements.
You must set up your own Kubernetes cluster. Both root or non-root user can deploy BMC Helix ITOM.

Important

If you plan to configure disaster recovery, make sure that both the production site and the standby site should have the same infrastructure. 



Related topics

Planning a fresh deployment

Configuring disaster recovery

System requirements for the BMC Helix Intelligent Integrations on-premises gateway Open link


BMC Software supports the following components:

ComponentDescription
Container Orchestration

Important:
You must set up your own Kubernetes cluster.

  • Kubernetes 1.24.x – 1.27.x
    Important:
    • We recommend that you use the KUBECONFIG variable to point to the Kubernetes cluster on the controller or bastion machine.
    • BMC Helix ITOM supports Kubernetes version 1.25 and above in the restricted pod security standard for the namespace where it is being deployed. 
      However, if you are using both BMC Helix IT Operations Management and BMC Helix IT Service Management in Kubernetes version 1.25, make sure that you use the baseline pod security standard for the namespace where it is being deployed.
  • Kubernetes management tools:
    • VMware Tanzu with underlying Kubernetes 1.24.x – 1.27.x
    • Rancher Kubernetes with underlying Kubernetes 1.24.x – 1.27.x
    • Nutanix Karbon with underlying Kubernetes 1.24.x – 1.27.x
  • OpenShift 4.11– 4.14
  • OKD  (Community Edition OpenShift) with underlying Kubernetes 1.24.x – 1.27.x
    Due to a lack of vendor support, we recommend not using OKD for enterprise production.
  • Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE) with underlying Kubernetes 1.24.x – 1.27.x 
  • Amazon Elastic Kubernetes Service (Amazon EKS) with underlying Kubernetes 1.24.x – 1.27.x
  • Google Kubernetes Engine (GKE) with underlying Kubernetes 1.24.x – 1.27.x
  • Azure Kubernetes Service (AKS) 1.24.x – 1.27.x
Java

The Java Keytool is required on the system where you download the installer to handle custom certificates. OpenJDK 17 is supported.

Package Manager

Helm 3.13 is supported with:

  • Kubernetes 1.27 
  • Openshift 4.13 

Helm 3.12 is supported with:

  • Kubernetes 1.26 
  • Openshift 4.13

Helm 3.11 is supported with:

  • Kubernetes 1.24 and 1.25 
  • Openshift 4.11 and 4.12

Use the appropriate 3.x version for your Kubernetes version according to the Helm Support Policy Open link .

NGINX Ingress Controller1

We have certified NGINX Ingress Controller version 1.9.3 with:

  • Kubernetes 1.27
  • OpenShift 4.13

We have certified NGINX Ingress Controller version 1.8.1 with:

  • Kubernetes 1.26
  • OpenShift 4.13

We have certified NGINX Ingress Controller version 1.7.0 with:

  • Kubernetes 1.24 and 1.25
  • OpenShift 4.11 and 4.12

nginx-ingress-controller is installed by default in the ingress-nginx namespace. Review the following parameter value requirements in the nginx-configuration configmap in the ingress-nginx namespace:

  • enable-underscores-in-headers: "true"
  • proxy-body-size: 256m
  • server-name-hash-bucket-size: "1024"
  • ssl-redirect: "false"
  • use-forwarded-headers: "true"
  • proxy-connect-timeout: "300"
  • proxy-read-timeout: "600"
  • proxy-send-timeout: "600"
  • allow-snippet-annotations: "true"

You can use the following command to view the parameters in the nginx-configuration configmap:

kubectl get cm ingress-nginx-controller -n ingress-nginx -oyaml
Container Host operating system

The product has no specific dependencies on the underlying Linux OS or release running on your worker nodes.

You can use any x86_64 GNU/Linux OS supported by your Kubernetes or OpenShift platform and release version.

For Linux, all worker nodes must have cgroup version 1. cgroup version 2 is not supported. 

To verify the cgroup version, run the following command as a root user:

mount | grep cgroup

Expected output: cgroup

If the output shows cgroup2, the worker nodes have cgroup version 2 enabled.

Host OS Bash ShellBash Shell 4.2 or later
Persistent or Elastic Storage

BMC supports a Bring-Your-Own-Storage-Class model, for any block storage supporting high performance IOPS.

A ReadWriteMany storage-class is required for BMC Helix Operations Management, SmartGraph, and BMC Helix Continuous Optimization.

CephRBD and NFS are certified by BMC.

Important: NFS is one of the supported ReadWriteMany file store. Any ReadWriteMany file stores are supported by the product.

For more information about PersistentVolumeClaim (PVC), see PersistentVolumeClaim (PVC) requirements.

Load Balancer

Any load balancer is supported. For more information, see Load balancer requirements.

Security Certificates

You can use a trusted CA SSL certificate (client root certificate) or a self-signed certificate while deploying the product. For instructions on using a self-signed or custom CA certificate, see Using self-signed or custom CA certificates. 

The CA-signed and the CA chain certificates must be present on either the ingress controller, load balancer, or both.

Important:

If you are using a self-signed or custom CA certificate, perform the following steps:

  • While logging in to use the tctl utility, make sure that the certificate authority is added to your browser security settings.
  • If you are using the LDAP sync agent Open link , perform the following steps:
    1. Make sure that you have generated the self-signed certificate.
    2. On the cluster controller, go to the <location where JAVA is installed>\Java\<jdk-version>\lib\security folder.
      OpenJDK 11 or later is supported.
    3. Replace the cacerts file with the self-signed certificate that you generated. Make sure that the file name of the self-signed certificate is cacerts.
Docker Registry
  • HTTPs access must exist to the containers.bmc.com site from the K8s cluster to pull the container images.
    Access to containers.bmc.com is required if the value of the IMAGE_REGISTRY_HOST property in the configs/infra.config file is containers.bmc.com. However, we recommend that you use a local repository that has options to run in an air-gapped environment. In this scenario, the value of the IMAGE_REGISTRY_HOST property points to the local repository. 
  • A docker client is required. If you use Podman, use an alias for the docker.
  • Direct access to BMC's Docker Trusted Repository at https://containers.bmc.com/ is available. Use latest version of Harbor synchronized with BMC’s Docker Trusted Registry.

Best practice

BMC highly recommends that you install a local repository. The local Harbor repository is recommended. BMC does not manage any repository other than Harbor and recommends using the local Harbor repository to pull the container image. However, if you are using any other repository, make sure that the repository is configured to connect to the BMC DTR to pull the container image.

A local repository provides the following benefits:

  • Improved performance
    The container images are cached and accessed locally during deployments and upgrades.
  • Security 
    You can implement your own security scan of containers before deployment.
  • Access control
    You can control access to the local repository by using authentication and authorization.
  • Air-gap support
    You can replicate the local repository to support environments that do not have internet access.
Metrics Server

BMC Helix Platform uses the HorizontalPodAutoscaler (HPA) for its services so that the product can scale based on the customer usage. For the HPA to function, Kubernetes must expose metrics that are used to trigger scaling activities, for which a Metrics Server is required.

For information about the HPA, see  this page in the Kubernetes documentation Open link .

For information about the Metrics Server, see this page in the Kubernetes documentation Open link .

Role, Rolebinding, and Service Account

To deploy BMC Helix ITOM, you must have permission to create a ServiceAccount, a Role, and a RoleBinding in the BMC Helix ITOM namespace.
If you have the necessary permissions, do not change the value of the
CUSTOM_SERVICEACCOUNT_NAME parameter in the infra.config file, which is set to helix-onprem-sa.
If you do not have the required permissions, see Creating ServiceAccount, Role, and RoleBinding.


Certified component matrix

The certified versions of NGINX Ingress Controller and Helm with the Kubernetes orchestration platform is as follows:

Kubernetes

Ingress

Helm

1.27

1.9.3

3.13

1.26

1.8.1

3.12

1.25

1.7.0

3.11

1.24

1.7.0

3.11

The certified versions of NGINX Ingress Controller and Helm with the OpenShift orchestration platform is as follows:

OpenShift

Ingress

Helm

4.13

1.9.3

3.13

4.13

1.8.1

3.12

4.12

1.7.0

3.11

4.11

1.7.0

3.11


Harbor repository requirements

The HTTPS protocol is required for the Harbor registry. For information about Harbor installation, see  Installation and Configuration Open link in Harbor documentation.

Make sure that your system meets the following requirements to access images from a local Harbor repository:

RequirementDescription
HardwareMinimum 4 CPU with 8 GB memory and 500 GB disk space
Software

To know about software requirements for Harbor, see Harbor Installation Prerequisites Open link  in Harbor documentation.

Important: Make sure the software versions match the version of Harbor that you want to install.

Network port
Harbor installation uses the following ports as the default ports:
  • Port 443 with HTTPS protocol
  • Port 4443 with HTTPS protocol
  • Port 80 with HTTP protocol

For more information about network ports for Harbor installation, see  Harbor Installation Prerequisites Open link in Harbor documentation. 

For information about setting up Harbor repository, see Setting up a Harbor registry in a local network and synchronizing it with BMC DTR.


Browser support

Operating systemBrowsers
All supported operating systems and platforms

Firefox

Chrome

Windows 7     

Firefox

Chrome

Windows 8

Firefox

Chrome

Windows 10

Firefox

Chrome

Microsoft Edge

Windows 11

Firefox

Chrome

Microsoft Edge

Macintosh OS X 10.5Safari 6.3.x


Namespaces

Create a namespace to deploy BMC Helix IT Operations Management.

For more information about creating a namespace, see Creating a namespace for deploying BMC Helix IT Operations Management.


Requirements for BMC Helix IT Operations Management products

In addition to the requirements added so far in this document, the following items are required for BMC Helix IT Operations Management products, including BMC Helix Continuous Optimization:

RequirementsDescription

BMC Discovery

The required version is 23.3.

This is mandatory for all BMC Helix IT Operations Management deployments. You can either deploy a new implementation of BMC Discovery or use an existing deployment.

The following topics provide more information from the BMC Discovery documentation:

  • Deployment information: Installing Open link
  • Sizing and scalability information: BMC Discovery sizing and scalability considerations Open link .
SwapSwap must be turned off.
IP configurationAll nodes must be configured with a static IP.
SMTPSMTP is required. All SMTP mail servers are supported.


1. In this documentation, NGINX Ingress Controller refers to the Open-Source NGINX Ingress Controller maintained by Kubernetes.


Was this page helpful? Yes No Submitting... Thank you

Comments