Unsupported content This version of the product has reached end of support. The documentation is available for your convenience. However, you must be logged in to access it. You will not be able to leave comments.

System requirements


Third-party software

TrueSight Vulnerability Management is bundled with the following third-party software:

Product version

Elasticsearch version

PostgreSQL version

Java version

Apache Tomcat web server version

Docker Container Operating System

3.1

6.8.0

10.3.2

AdoptOpenJDK 11.0.2+9

9.0.19

Alpine Linux 3.9.2

Docker requirements and supported operating systems

TrueSight Vulnerability Management supports Docker on the following operating systems:

  • Red Hat Enterprise Linux 7.x
  • CentOS 7.x

 TrueSight Vulnerability Management requires the following version of Docker:

Utility

Version

docker

1.13.1 or later (Docker CE)
17.06 or later (Docker EE)

docker-compose

1.19.0

Note

TrueSight Vulnerability Management is also supported on the Docker versions that are provided by Red Hat Enterprise Linux 7 by default.

Python and Python module requirements

TrueSight Vulnerability Management requires version 2.7.x of Python.

You can use the pip utility version 9.0.1 or later to install the following Python modules:

Module

Version

docker

2.7.0

docker-compose

1.19.0

PyYAML

3.12

setuptools

0.9.8

netifaces

0.10.7

netaddr

0.7.19

docker-pycreds

0.2.2

Database requirements

TrueSight Vulnerability Management supports PostgreSQL version 10.3.2. You can install the database either by using the executables provided on the BMC Electronic Product Distribution (EPD) site, or you can use an existing, external PostgerSQL installation for the TrueSight Vulnerability Management application.

Note

The database encryption provided by PostgreSQL is not supported by TrueSight Vulnerability Management.

The following table describes the requirements and recommendations for a PostgreSQL database that you can use for optimal performance.

Configuration item

Recommendation/ Requirement

Users, Roles

  • The first installation of the TrueSight Vulnerability Management application automatically creates the users and roles needed by the application. The installer requests the credentials for the PostgreSQL privileged user (usually named postgres).
  • Default names are provided for users and roles but they can be customized during installation.

Password

Database password cannot contain any special character, such as question mark (?).

Schema and Tablespaces

  • TrueSight Vulnerability Management database schema uses multiple tablespaces, which are automatically created during installation of the TrueSight Vulnerability Management application server. Before launching the installation, create a directory, for example, tsvm_tablespace, at a path, for example, /opt/bmc/truesight, on the database server to host tablespaces.
  • The tsvm_tablespace directory created above must be accessible and owned by the OS user that runs the PostgreSQL process. The directory must be empty. Installer requests the location of the tsvm_tablespace directory.
  • The tsvm_tablespace directory/filesystem created above must have at least 50 GB of storage space.

Libraries

Install the libraries required for an external PostgreSQL instance using the following command:

yum install postgresql11-server postgresql11-contrib

Client Authentication

Make sure all TrueSight Vulnerability Management server computer can access the database server by allowing access to the pg_hba.conf file. 
Recommended configuration in pg_hba.conf is to use MD5 encryption for passwords. For more information, see Configuring the existing database instance.

Instance parameters

BMC recommends adding or updating the following parameters in the configuration of the database server in the postgresql.conf or equivalent file. After you change these values, you need to restart the database server.

listen_addresses = '*'
max_connections = 300
default_statistics_target = 50
constraint_exclusion = on
wal_buffers = 8MB
min_wal_size = 1GB
max_wal_size = 2GB
checkpoint_timeout = 15min
checkpoint_completion_target = 0.9
log_min_messages = fatal
log_min_error_statement = fatal
#following parameters should be tuned according
#to actual memory available to Database server machine
#example of configuration for 8GB RAM
maintenance_work_mem = 512MB
effective_cache_size = 5GB
work_mem = 48MB
shared_buffers = 2GB


Product requirements and compatibility

This section lists the endpoint manager requirements and other BMC product requirements with which Vulnerability Management is integrated.

Endpoint manager requirements

When connecting TrueSight Vulnerability Management to TrueSight Server Automation, TrueSight Network Automation, or SCCM, the following versions of endpoint managers are supported.


Endpoint manager

Supported versions

TrueSight Server Automation

TrueSight Network Automation

SCCM

Microsoft System Center 2017 Configuration Manager

  • Console version 5.0.8498.1700
  • Site version 5.0.8498.1000
  • Microsoft System Center 2016 Configuration Manager
    • Console version 5.0.8412.1313
    • Site version 5.0.8412.1000
  • Microsoft System Center 2012 Configuration Manager SP2
    • Console version 5.0.8239.1000
    • Site version 5.0.8239.1000
  • All supported versions of SCCM have the following additional requirements:

Supported target platforms for mapping of vulnerabilities

TrueSight Vulnerability Management supports different target platforms depending the type of endpoint manager you are using, as listed in the following table.

Endpoint manager

Supported target platforms

TrueSight Server Automation

  • Microsoft Windows (auto-mapping and manual mapping)
  • Red Hat Enterprise Linux (auto-mapping and manual mapping)
  • SuSE Linux (auto-mapping and manual mapping)

For other platforms, only manual mapping of vulnerabilities is permitted. Keep in mind that you cannot perform manual mapping that involves patch catalogs.

TrueSight Network Automation

Any device supported by TrueSight Network Automation can be the target of remediation as long as remediation rules have been created for that device.

SCCM

Auto-mapping and manual mapping are supported for the latest software updates supported by Windows. Manual mapping is supported for applications and application packages.

SCCM requirements

Server running the connector for SCCM must meet the following requirements.

Configuration

Required Value

Operating System

Microsoft Windows 2012 R2 

CPUs

4

Available memory

16 GB

Disk space

20 GB free space

Java

AdoptOpenJDK 11.0.2

Communication requirements

  • HTTPS outbound connection to the docker host on which the TrueSight Vulnerability Management application will be running
  • Access to the SCCM server

Active Directory domain

  • Connector host must reside in the same domain as the Active Directory server and the SCCM server.
  • Active Directory must be running on Windows 8, or Windows Server 2012 or later operating systems because the Remote Management Users group exists only on these Windows versions. SCCM remote tools use this group to store the permitted viewers that are configured in the permitted viewers list.
  • SCCM server must be configured to support Active Directory. For more information, see Configuring-SCCM-for-Active-Directory.


Compatibility with other BMC products

Some features of TrueSight Vulnerability Management work in conjunction with other BMC products and versions, as listed in the following table.

Product

Version

BMC Discovery

TrueSight Orchestration Platform

TrueSight Orchestration Content

BMC Remedy IT Service Management


Port requirements

Important

The port on which the TrueSight Vulnerability Management application wants to communicate with an endpoint manager must be open, and the application and the endpoint manager must be able to communicate with each other.


Port

Protocol

Configured on

User can choose port number?

Firewall exception needed?

Description

8443

TCP

Host containing the TrueSight Vulnerability Management application installation

Yes (at the time of installation)

Yes

Secure port used to access the TrueSight Vulnerability Management application using HTTPS

5000

TCP

Host containing the TrueSight Vulnerability Management application installation

Yes (at the time of installation)

Yes

Port used for communication with the Docker repository

9443

TCP

Host containing the TrueSight Vulnerability Management application installation

Yes (at the time of installation)

Yes

Port used for the WorkManager communication

5432


Host containing the database installation

Yes (at the time of installation)

Yes

Port used by the database (PostgreSQL) for communication

9200

HTTP

Host containing the Elasticsearch installation

Yes (at the time of installation)

Yes

Port used for monitoring the Elasticsearch server. After installation, you can disable HTTP traffic with the Elasticsearch server if an open HTTP port is a security concern.

9300

TCP

Host containing the Elasticsearch installation

Yes (at the time of installation)

Yes

Port used for required transport layer traffic with the Elasticsearch server.

Supported browsers for accessing TrueSight Vulnerability Management

  • Google Chrome 71 or later
  • Mozilla Firefox 67 or later

Minimum resolution

The minimum monitor resolution that TrueSight Vulnerability Management supports is 1280 x 1024.

Where to go next

After ensuring that minimum requirements are met, you are ready to install the product.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*