Deploying the on-premises gateway by using Docker containers

Use the Docker container images to deploy the BMC Helix Intelligent Integrations on-premises gateway in your on-premises environment.

Before you begin

Before you deploy the BMC Helix Intelligent Integrations on-premises gateway, review the system requirements and obtain the container images and utility files.

To deploy the on-premises gateway by using Docker containers

Go to the server where you want to deploy the gateway.
Copy the following files that you obtained from BMC Support to the /opt/bmc directory:
- Container images: bmc-hii-docker-images-<buildNumber>.tgz
- Utility file: hii-bmc-<buildNumber>.zip
Disable SELinux:
1. Open the /etc/selinux/config file with a text editor.
2. Set SELInux to disabled.
  # This file controls the state of SELinux on the system.
  # SELINUX= can take one of these three values:
  #       enforcing - SELinux security policy is enforced.
  #       permissive - SELinux prints warnings instead of enforcing.
  #       disabled - No SELinux policy is loaded.
  SELINUX=disabled
  # SELINUXTYPE= can take one of these two values:
  #       targeted - Targeted processes are protected,
  #       mls - Multi Level Security protection.
  SELINUXTYPE=targeted
Reboot the server:
/sbin/reboot now
Disable firewalld:
systemctl disable firewalld
Set the HOSTNAME variable to the fully-qualified domain name of the server if not set already, as shown in the following example:
echo "export HOSTNAME=hostA.mycompany.com" >> ~/.bash_profile
source ~/.bash_profile
Load the container images:
docker load --input /opt/bmc/bmc-hii-docker-images-<buildNumber>.tgz
Unzip hii-bmc-<buildNumber>.zip to the /opt/bmc directory.
Change permissions on the /opt/bmc/hii/logs directory to 777:
chmod 777 /opt/bmc/hii/logs
Create a file with the following contents and name it ade-default-destination-min.json:
[
  {
    "entityKind": "Destination",
    "configWithSchema": {
      "config": {
        "connection": {
  "proxyUsername": "",
          "proxyPassword": "",
          "accessSecretKey": "CHANGEME",
          "allowUnsignedCertificate": false,
          "logResponses": false,
          "pipeLiningLimit": 1,
          "proxyHost": "",
          "logRequests": false,
          "timeout": {
            "unit": "MINUTES",
            "value": 15
          },
          "proxyPort": 8888,
          "maxResponseSize": 1000000,
          "usesHttps": true,
          "accessKey": "CHANGEME",
          "port": 443,
          "minConnections": 0,
          "tenantId": "CHANGEME",
          "connectingTimeout": {
            "unit": "SECONDS",
            "value": 30
          },
          "host": "CHANGEME - BMC Helix tenant host name - for example: swp-2021-1840-disceks1.abc.com",
          "poolTimeout": {
            "unit": "MINUTES",
            "value": 30
          },
          "maxOpenRequests": 1024,
          "maxConnections": 5,
          "maxRedirects": 5,
          "usesProxy": false
        },
        "poolTimeout": {
          "unit": "MINUTES",
          "value": 30
        }
      }
    },
    "instanceName": "BMC",
    "tenantId": "CHANGEME - Must match the tenantId specified in the previous occurrence",
    "typeName": "BmcDestination",
    "id": "CHANGEME - GENERATE NEW UUID using https://www.uuidgenerator.net/version4 e.g. 2643e089-18a8-4b0d-a58a-c022926812e0 MUST BE UNIQUE in a stack",
    "moduleId": "bmc"
  }
]
Update the values of the following parameters in the file wherever you see the CHANGEME occurrences and save the file:
- proxyUsername: User name for the proxy.
- proxyPassword: Password for the proxy.
- proxyPort: Proxy port number.
- proxyHost: Host name of the proxy.
- usesProxy: Whether proxy should be used for communication. Set its value to true.
- accessKey and accessSecretKey: Access key and secret key required to the access the BMC Helix applications.
  For instructions about how to generate the access key and secret key, see Setting up access keys for programmatic access.
  Important
  The keys are generated in the following format: key:<access key>::<secret key>,tenant id: <tenant ID>. Enter <access key> and <secret key> as the values of the accessKey and accessSecretKey parameters.
  The access key and secret key must have the Administrators group and the Administrator role assigned.
- tenantId (in two occurrences): Tenant ID.
  Copy the tenant ID from the access key (key:<access key>::<secret key>,tenant id: <tenant ID>) that you generated earlier.
- host: BMC Helix tenant host name. For example, if the tenant URL is https://swp-2021-1840-disceks1.abc.com, enter swp-2021-1840-disceks1.abc.com.
- id: Universally unique identifier (UUID).
  Access https://www.uuidgenerator.net/version4 to generate UUID.
Configure SSL, see Configuring SSL for BMC Helix Intelligent Integrations.
If you have not started the docker-compose service during SSL configuration, navigate to the /opt/bmc/hii directory and start the service:
docker-compose up -d
Access the BMC Helix Intelligent Integrations UI by using the following URL:
https://<hostName>:443/swpui
Import the ade-default-destination-min.json file by using the Backup/Restore option to create the destination.
For more information, see Backing-up-and-restoring-connector-configurations.
Edit the destination connection details:
1. On the CONNECTORS tab, click Configure Mediator on the DESTINATIONS panel.
2. Replace the existing values in the Access Key and Access Secret Key fields with the values that you have copied in the ade-default-destination-min.json file in step 11.
3. Click Validate to validate the connection.
4. Click Save & Close.

Configuring SSL for BMC Helix Intelligent Integrations

Obtain the self-signed from your organization or CA-signed certificate and private keys from Certificate Authority.
Copy the certificate and private key you obtained to the /opt/bmc/hii/conf/certs directory, and ensure that the names of the certificate and private key files are in the following format:
<hostName>.crt and <hostName>.key
hostName is the fully-qualified domain name of the server where BMC Helix Intelligent Integrations is installed.
Open the /opt/bmc/hii/docker-compose.yaml file with an editor.
Uncomment the port number and certificate-related lines in the nginx-proxy and volumes sections:
  nginx-proxy:
    image: nginxproxy/nginx-proxy
    ports:
      - "80:80"
      # - "443:443"

…
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
      # - ./conf/certs:/etc/nginx/certs:ro
The updated file looks like the following:
  nginx-proxy:
    image: nginxproxy/nginx-proxy
    ports:
      - "80:80"
      - "443:443"

…
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - ./conf/certs:/etc/nginx/certs:ro
Update the VIRTUAL_HOST parameter:
1. Navigate to the ui: section.
2. Replace host.youcompany.com with the fully-qualified domain name of the computer where BMC Helix Intelligent Integrations is installed, as shown in the following example:
  VIRTUAL_HOST: localhost #,hostA.mycompany.com
Restart the docker-compose service:
docker-compose down
docker-compose up -d
Access the BMC Helix Intelligent Integrations UI by using the following URL:
https://<hostname>:443/swpui

Troubleshooting SSL issues

Problem	Possible root cause	Possible resolution
Containers restart due to the permission-denied errors.	Containers don't have permission to read the mounted directory.	Grant read permission to the mounted directory on the host. Disable SELinux.
You are not able to access the URL with the host name.	Firewall is blocking the connection.	Disable the firewall.
The swp-nginx container is not starting.	The nginx.conf file contains an invalid configuration.	Check the swp-nginx container logs. Sometimes, missing semi-colon(;) at the end of the line causes an issue.

Where to go from here

After you deploy the gateway, configure connections with the required third-party products to collect data:

Amazon Managed Services for Prometheus (Alerts)
Amazon Managed Services for Prometheus (Metrics)
Apache Kafka
AppDynamics
Aternity
AWS CloudWatch
Azure Monitor
BMC Helix CMDB
Catchpoint
CA APM
CA UIM
Datadog
Dynatrace (via API)
Dynatrace (via webhook)
Entuity
Icinga
IBM Netcool
Micro Focus NNMi (Events and Topology)
Micro Focus NNMi (Metrics)
Microsoft SCOM
Nagios Core
Nagios XI
New Relic
Prometheus (Alerts)
Prometheus (Metrics)
SAP HANA
ServiceNow
SolarWinds NPM
Splunk Enterprise
VMware Tanzu Application Service for VMs Cloud Foundry
VMware vROPS
Zabbix