System requirements


Before you install the product, ensure that your environment meets the hardware and software requirements listed in the following sections:

Third-party software

TrueSight Vulnerability Management is bundled with the following third-party software:

Product versionElasticsearch versionPostgreSQL versionJava versionApache Tomcat web server versionDocker Container Operating System
3.16.8.010.3.2AdoptOpenJDK 11.0.2+99.0.19Alpine Linux 3.9.2

Docker requirements and supported operating systems

TrueSight Vulnerability Management supports Docker on the following operating systems:

  • Red Hat Enterprise Linux 7.1 
  • CentOS 7.1

 TrueSight Vulnerability Management requires the following version of Docker:

UtilityVersion
docker1.13.1 or later (Docker CE)
17.06 or later (Docker EE)
docker-compose1.19.0

Note

TrueSight Vulnerability Management is also supported on the Docker versions that are provided by Red Hat Enterprise Linux 7 by default.

Python and Python module requirements

TrueSight Vulnerability Management requires version 2.7.x of Python.

You can use the pip utility version 9.0.1 or later to install the following Python modules:

ModuleVersion
docker2.7.0
docker-compose1.19.0
PyYAML3.12
setuptools0.9.8

netifaces

0.10.7
netaddr0.7.19
docker-pycreds0.2.2

Database requirements

TrueSight Vulnerability Management supports PostgreSQL version 10.3.2. You can install the database either by using the executables provided on the BMC Electronic Product Distribution (EPD) site, or you can use an existing PostgerSQL installation for the TrueSight Vulnerability Management application.

Note

The database encryption provided by PostgreSQL is not supported by TrueSight Vulnerability Management.

The following table describes the requirements and recommendations for a PostgreSQL database that you can use for optimal performance.

Configuration itemRecommendation/ Requirement

Users, Roles

  • The first installation of the TrueSight Vulnerability Management application automatically creates the users and roles needed by the application. The installer requests the credentials for the PostgreSQL privileged user (usually named postgres).
  • Default names are provided for users and roles but they can be customized during installation.
PasswordDatabase password cannot contain any special character, such as question mark (?).
Schema and Tablespaces
  • TrueSight Vulnerability Management database schema uses multiple tablespaces, which are automatically created during installation of the TrueSight Vulnerability Management application server. Before launching the installation, create a directory, for example, tsvm_tablespace, at a path, for example, /opt/bmc/truesight, on the database server to host tablespaces.
  • The tsvm_tablespace directory created above must be accessible and owned by the OS user that runs the PostgreSQL process. The directory must be empty. Installer requests the location of the tsvm_tablespace directory.
  • The tsvm_tablespace directory/filesystem created above must have at least 50 GB of storage space.
Client Authentication

Make sure all TrueSight Vulnerability Management server computer can access the database server by allowing access to the pg_hba.conf file. 
Recommended configuration in pg_hba.conf is to use MD5 encryption for passwords. For more information, see Configuring the existing database instance.

Instance parameters

BMC recommends adding or updating the following parameters in the configuration of the database server in the postgresql.conf or equivalent file. After you change these values, you need to restart the database server.

listen_addresses = '*' 
max_connections = 300 
default_statistics_target = 50 
constraint_exclusion = on 
wal_buffers = 8MB 
min_wal_size = 1GB
max_wal_size = 2GB
checkpoint_timeout = 15min 
checkpoint_completion_target = 0.9 
log_min_messages = fatal 
log_min_error_statement = fatal 
#following parameters should be tuned according 
#to actual memory available to Database server machine
#example of configuration for 8GB RAM 
maintenance_work_mem = 512MB
effective_cache_size = 5GB
work_mem = 48MB
shared_buffers = 2GB


Product requirements and compatibility

This section lists the endpoint manager requirements and other BMC product requirements with which Vulnerability Management is integrated.

Endpoint manager requirements

When connecting TrueSight Vulnerability Management to TrueSight Server Automation, TrueSight Network Automation, or SCCM, the following versions of endpoint managers are supported.


Endpoint managerSupported versions
TrueSight Server Automation

20.02
8.9.04.001
 
8.9.04 
8.9.03

TrueSight Network Automation

20.02
8.9.04.001
8.9.04
8.9.03

SCCMMicrosoft System Center 2017 Configuration Manager
  • Console version 5.0.8498.1700
  • Site version 5.0.8498.1000
  • Microsoft System Center 2016 Configuration Manager
    • Console version 5.0.8412.1313
    • Site version 5.0.8412.1000
  • Microsoft System Center 2012 Configuration Manager SP2
    • Console version 5.0.8239.1000
    • Site version 5.0.8239.1000
  • All supported versions of SCCM have the following additional requirements:

Supported target platforms for mapping of vulnerabilities

TrueSight Vulnerability Management supports different target platforms depending the type of endpoint manager you are using, as listed in the following table.

Endpoint managerSupported target platforms

TrueSight Server Automation

  • Microsoft Windows (auto-mapping and manual mapping)
  • Red Hat Enterprise Linux (auto-mapping and manual mapping)
  • SuSE Linux (auto-mapping and manual mapping)

For other platforms, only manual mapping of vulnerabilities is permitted. Keep in mind that you cannot perform manual mapping that involves patch catalogs.

TrueSight Network Automation

Any device supported by TrueSight Network Automation can be the target of remediation as long as remediation rules have been created for that device.

SCCMAuto-mapping and manual mapping are supported for the latest software updates supported by Windows. Manual mapping is supported for applications and application packages.

SCCM requirements

Server running the connector for SCCM must meet the following requirements.

ConfigurationRequired Value
Operating SystemMicrosoft Windows 2012 R2 
CPUs4
Available memory16 GB
Disk space

20 GB free space

Java

AdoptOpenJDK 11.0.2

Communication requirements
  • HTTPS outbound connection to the docker host on which the TrueSight Vulnerability Management application will be running
  • Access to the SCCM server
Active Directory domain
  • Connector host must reside in the same domain as the Active Directory server and the SCCM server.
  • Active Directory must be running on Windows 8, or Windows Server 2012 or later operating systems because the Remote Management Users group exists only on these Windows versions. SCCM remote tools use this group to store the permitted viewers that are configured in the permitted viewers list.
  • SCCM server must be configured to support Active Directory. For more information, see Configuring SCCM for Active Directory.

Compatibility with other BMC products

Some features of TrueSight Vulnerability Management work in conjunction with other BMC products and versions, as listed in the following table.

ProductVersion
BMC Discovery11.3
TrueSight Orchestration Platform

8.2,
8.1

TrueSight Orchestration Content

20.19.01 Patch 1,
20.18.01 + 20.19.01 Patch 1

BMC Remedy IT Service Management

9.1.03 - 19.02


Port requirements

Important

The port on which the TrueSight Vulnerability Management application wants to communicate with an endpoint manager must be open, and the application and the endpoint manager must be able to communicate with each other.


PortProtocolConfigured onUser can choose port number?Firewall exception needed?Description

8443

TCP

Host containing the TrueSight Vulnerability Management application installation

Yes (at the time of installation)

Yes

Secure port used to access the TrueSight Vulnerability Management application using HTTPS

5000TCP

Host containing the TrueSight Vulnerability Management application installation

Yes (at the time of installation)YesPort used for communication with the Docker repository

9443

TCP

Host containing the TrueSight Vulnerability Management application installation

Yes (at the time of installation)YesPort used for the WorkManager communication
5432
Host containing the database installationYes (at the time of installation)YesPort used by the database (PostgreSQL) for communication
9200HTTPHost containing the Elasticsearch installationYes (at the time of installation)YesPort used for monitoring the Elasticsearch server. After installation, you can disable HTTP traffic with the Elasticsearch server if an open HTTP port is a security concern.
9300TCP

Host containing the Elasticsearch installation

Yes (at the time of installation)Yes

Port used for required transport layer traffic with the Elasticsearch server.

Supported browsers for accessing TrueSight Vulnerability Management

  • Google Chrome 71 or later
  • Mozilla Firefox 67 or later

Minimum resolution

The minimum monitor resolution that TrueSight Vulnerability Management supports is 1280 x 1024.

Where to go next

After ensuring that minimum requirements are met, you are ready to install the product.

Was this page helpful? Yes No Submitting... Thank you

Comments