Skip to Content

Configuring the on-premises gateway for high availability in on-premises Kubernetes and OpenShift clusters

A high-availability deployment for the BMC Helix Intelligent Integrations on-premises gateway uses object storage to back up and restore the on-premises gateway configuration. As a tenant administrator, you can use one of the following options as the object storage when configuring the on-premises gateway for high availability (HA).

  • BMC Helix object storage (Recommended) — The storage included with the current BMC Helix SaaS or BMC Helix IT Operations Management (ITOM) deployment. This storage type is available for both BMC Helix ITOM users and BMC Helix subscribers.

    Warning
    Important

    Starting with version 25.4, BMC Helix ITOM supports deploying a proxy service for communication between the on-premises gateway instances and the object storage that is included in your BMC Helix ITOM on-premises environment. The proxy service is included as part of the BMC Helix ITOM deployment. To deploy the proxy service, set the SET_INTELLIGENT_INTEGRATIONS to true during the BMC Helix ITOM deployment. For more information, see Deploy BMC Helix IT Operations Management.

  • Private object storage — A storage deployed and managed in your on-premises environment. You can use a standalone S3-compatible storage (for example, MinIO or an Amazon Simple Storage Service (S3)) available in your environment. This storage type is available for both BMC Helix ITOM on-premises users and BMC Helix subscribers.
Warning
Important

To switch from one object storage type to another, you need to reconfigure the on-premises gateway instances. When you switch, the on-premises gateway configuration is not copied automatically.

Before you begin

  • To use the BMC Helix object storage:
    • Access the UI for the on-premises gateway instances that are part of the high-availability deployment and make sure that the same destination is added for all instances.
    • Make sure that the access key and secret key used in the destination have all [*] permissions.
  • To use a private object storage, make sure that a standalone S3-compatible storage instance is set up, and you have obtained the credentials that have permissions to create and read objects. Contact your system administrator to obtain the credentials.
Warning
Important

The high-availability deployments of the on-premises gateway have been validated with the Community Edition of MinIO. The Enterprise Edition is also expected to function correctly.

To prepare the environment for data collection by using a webhook connector

If you are using a webhook connector to collect data from a third-party product in a high-availability deployment, you can use a load balancer (for example, F5) to direct the webhook data traffic to the active on-premises gateway instance. 

Warning
Important

The following steps are specific to the F5 load balancer and might differ for other load balancer types.

Perform the following steps to prepare the environment for data collection by using a webhook connector:

  1. Configure the load balancer.
    1. Create a DNS record (for example, VIP_HII) for the virtual IP (VIP).
    2. Create a pool, and add the on-premises gateway instances as members, as shown in the following example:-ltm pool VIP_HII {
          description "Gateway Pool"
          members {
              aus-pun-01.abc.com:https {
                  address 192.168.111.xx
                  session monitor-enabled
                  state down
              }
              aus-pun-02.abc.com:https {
                  address 192.168.112.xx
                  session monitor-enabled
                  state down
              }
                 }
          monitor VIP_HII
      }

      The above example creates a pool for VIP_HII, with two members: aus.pun-01.abc.com (IP address: 192.168.111.xx) and aus.pun-01.abc.com (IP address: 192.168.112.xx) 

    3. Create the monitor to check the status of an on-premises gateway instance, as shown in the following example:
      ltm monitor https VIP_HII {
        adaptive disabled
        defaults-from https
        interval 5
        ip-dscp 0   
        recv false
        recv-disable none
        send "GET /hii/api/mediator/v3/standbyStatus HTTP/1.1\r\nHost: VIP_HII\r\nConnection: Close\r\n\r\n""
        time-until-up 0
        timeout 16
      }

      Warning
      Important

      The monitor you are creating must use the standbyStatus API to determine the status of an instance, as shown in the above example.

  2. While including the webhook collector URL in the third-party product (for example, Entuity), replace the on-premises gateway host name with the DNS record in the webhook collector URL. For example, an updated webhook collector URL looks like:
    https://VIP_HII/hii/api/mediator/v3/push/9mn-6c97-4c2e-8pc5-12c0asdfd?token=385261281::Y40OSC49QZA11Q8A1H9H6::MnVLk69TNyCEponsthHJ1Hj1uKcjTB
    For more information about configuring the URL for Entuity, see Integrating with Entuity via webhook.

(For BMC Helix object storage included with the BMC Helix ITOM deployment) To configure on-premises gateway instances for HA

  1. Log on to the controller or bastion host, and as a cluster-admin user, connect to the Kubernetes or OpenShift cluster on which you want to configure the on-premises gateway for HA.
  2. Open the ConfigMap for the primary instance.
    kubectl -n <namespaceName> edit cm swp-mediator-conf
    Example:
    kubectl -n iionpremha1 edit cm swp-mediator-conf

  3. If you have already configured the on-premises gateway for HA during deployment, review the following properties and update them if needed. Otherwise, set them. 

    • If SET_INTELLIGENT_INTEGRATIONS is set to false during the BMC Helix ITOM version 25.4 or later deployment, set the properties as shown in the following table:
      Property name and descriptionProperty value for the storage included with the BMC Helix ITOM deployment

      USE_ADE_STORAGE

      Type of object storage to be used in the HA deployment

      		false

      HIIG_HA_CLUSTER_ID

      A unique cluster ID in case you have multiple clusters, each cluster containing multiple on-premises gateway instances

      An integer from 0 to 9

      The default value is 0, which indicates that you have only one cluster.

      MINIO_ACCESS_KEY

      Access key or login ID for the S3-compatible storage

      		Access key or login ID

      MINIO_SECRET_KEY

      Secret key or password for the S3-compatible storage

      		Secret key or password

      MINIO_SERVER_URL

      Endpoint URL for the S3-compatible storage

      		Endpoint URL

      MINIO_BUCKET_NAME

      Name of the bucket on the S3-compatible storage instance

      helix-hii-backup

      (default)

      Important: Don't update the bucket name.

      DATA_PUSH_INTERVAL

      Interval at which an on-premises gateway instance should push data to the object storage

      Interval in milliseconds

      Default and minimum value: 300000 milliseconds

      SOURCE_HOSTNAME

      Used for identifying the active or standby on-premises gateway instances

       

      swp-mediator-<namespace>

      The following snippet shows a sample ConfigMap:

      USE_ADE_STORAGE: "false"
      ​​​​​SOURCE_HOSTNAME: "swp-mediator-iionpremha1"
      USE_ADE_STORAGE: "true"
      HIIG_HA_CLUSTER_ID: "0"
      MINIO_ACCESS_KEY: "P3pWEoNUEmZB8i0zJAnC"
      MINIO_SECRET_KEY: "SgA3ntRrdM3nzUGpvKjRMQ2FJZNHujfngxJgTb"
      MINIO_SERVER_URL: "https://vx-push-dev26.abc.com:9000"  
      MINIO_BUCKET_NAME: "helix-hii-backup"
      DATA_PUSH_INTERVAL: "300000"
      ​​​​​SOURCE_HOSTNAME: "swp-mediator-iionpremha1"

    • If SET_INTELLIGENT_INTEGRATIONS is set to true during the BMC Helix ITOM deployment 25.4 or later, set the properties as shown in the following table:
      Property name and descriptionProperty value for the storage included with the BMC Helix ITOM deployment

      USE_ADE_STORAGE

      Type of object storage to be used in the HA deployment

      		true

      DATA_PUSH_INTERVAL

      Interval at which an on-premises gateway instance should push data to the BMC Helix object storage

      Interval in milliseconds

      Default and minimum value: 300000 milliseconds

      HIIG_HA_CLUSTER_ID

      A unique cluster ID, in case you have multiple clusters, each cluster containing multiple on-premises gateway instances

      An integer from 0 to 9

      The default value is 0, which indicates that you have only one cluster.

      MINIO_ACCESS_KEY

      Access key for S3-compatible storage

      		" "
      (default)

      MINIO_SECRET_KEY

      Secret key for the S3-compatible storage

      		" "
      (default)

      MINIO_SERVER_URL

      Endpoint URL for the S3-compatible storage

      		" "
      (default)

      MINIO_BUCKET_NAME

      Name of the bucket on the S3-compatible storage instance

      		" "
      (default)

      SOURCE_HOSTNAME

      Used for identifying the active or standby on-premises gateway instances

      swp-mediator-<namespace>

      The following snippet shows a sample ConfigMap:

      USE_ADE_STORAGE: "true"
      HIIG_HA_CLUSTER_ID: "0"
      MINIO_ACCESS_KEY: ""
      MINIO_SECRET_KEY: ""
      MINIO_SERVER_URL: ""
      MINIO_BUCKET_NAME: ""
      DATA_PUSH_INTERVAL: "300000"
      ​​​​​SOURCE_HOSTNAME: "swp-mediator-iionpremha1"
  4. Save and close the ConfigMap.
  5. Perform a rolling restart of the swp-mediator pod:
    kubectl -n <namespaceName> rollout restart deployment swp-mediator
    Example: 
    ​kubectl -n iionpremha1 rollout restart deployment swp-mediator​
  6. Back up the /<user>/ii_auth directory to another location and then delete it.
    The ii_auth directory will be required when upgrading the on-premises deployments.  
  7. Create a directory and extract the utility files, hii-bmc-<buildNumber>.zip to the directory.
  8. Deploy one or more secondary instances, if not done yet.
    For more information, see Deploying the on-premises gateway in an on-premises Kubernetes or OpenShift cluster.
  9. Repeat steps from 2 to 5 for the secondary instances.

(For BMC Helix object storage included with the BMC Helix SaaS deployment) To configure on-premises gateway instances for HA

  1. Log on to the controller or bastion host, and as a cluster-admin user, connect to the Kubernetes or OpenShift cluster on which you want to configure the on-premises gateway for HA.
  2. Open the ConfigMap for the primary instance.
    kubectl -n <namespaceName> edit cm swp-mediator-conf
    Example:
    kubectl -n iionpremha1 edit cm swp-mediator-conf

  3. If you have already configured the on-premises gateway for HA during deployment, review and update the following properties if needed. Otherwise, set them as shown in the following table.​​​​​

    Property name and descriptionProperty value for the storage included with the BMC Helix SaaS deployment

    USE_ADE_STORAGE

    Type of object storage to be used in the HA deployment

    		true

    HIIG_HA_CLUSTER_ID

    A unique cluster ID in case you have multiple clusters, each cluster containing multiple on-premises gateway instances

    An integer from 0 to 9

    The default value is 0, which indicates that you have only one cluster.

    MINIO_ACCESS_KEY

    Access key for S3-compatible storage

    		" "
    (default)

    MINIO_SECRET_KEY

    Secret key for the S3-compatible storage

    		" "
    (default)

    MINIO_SERVER_URL

    Endpoint URL for the S3-compatible storage

    		" "
    (default)

    MINIO_BUCKET_NAME

    Name of the bucket on the S3-compatible storage instance.

    		" "
    (default)

    DATA_PUSH_INTERVAL

    Interval at which an on-premises gateway instance should push data to the object storage

    Interval in milliseconds

    Default and minimum value: 300000 milliseconds

    SOURCE_HOSTNAME

    Used for identifying the active or standby on-premises gateway instances

    swp-mediator-<namespace> 

    The following snippet shows a sample ConfigMap:

    USE_ADE_STORAGE: true
    HIIG_HA_CLUSTER_ID: 0
    MINIO_ACCESS_KEY: ""
    MINIO_SECRET_KEY: ""
    MINIO_SERVER_URL: ""
    MINIO_BUCKET_NAME: ""
    DATA_PUSH_INTERVAL: "300000"
    ​​​​​SOURCE_HOSTNAME: "swp-mediator-iionpremha1"
  4.  Save and close the ConfigMap.
  5. Perform a rolling restart of the swp-mediator pod:
    kubectl -n <namespaceName> rollout restart deployment swp-mediator
    Example: 
    ​kubectl -n iionpremha1 rollout restart deployment swp-mediator​
  6. Back up the /<user>/ii_auth directory to another location and then delete it.
    The ii_auth directory will be required when upgrading the on-premises deployments.  
  7. Create a directory and extract the utility files, hii-bmc-<buildNumber>.zip to the directory.
  8. Deploy one or more secondary instances, if not done yet.
    For more information, see Deploying the on-premises gateway in an on-premises Kubernetes or OpenShift cluster.
  9. Repeat steps from 2 to 6 for the secondary instances.

(For private object storage) To configure on-premises gateway instances for HA

  1. Log on to the controller or bastion host, and as a cluster-admin user, connect to the Kubernetes or OpenShift cluster on which you want to configure the on-premises gateway for HA.

  2. Open the ConfigMap for the primary instance.
    kubectl -n <namespaceName> edit cm swp-mediator-conf
    Example:
    kubectl -n iionpremha1 edit configmap swp-mediator-conf

  3. If you have already configured the on-premises gateway for HA during deployment, review and update the properties if needed. Otherwise, set them as shown in the following table.

    Property name and descriptionProperty value for the private object storage

    USE_ADE_STORAGE

    Type of object storage to be used in the HA deployment

    		false

    HIIG_HA_CLUSTER_ID

    A unique cluster ID in case you have multiple clusters, each cluster containing multiple on-premises gateway instances.

    An integer from 0 to 9

    The default value is 0, which indicates that you have only one cluster.

    MINIO_SERVER_URL

    Endpoint URL for the S3-compatible storage

    Endpoint URL

    MINIO_BUCKET_NAME

    Name of the bucket on the S3-compatible storage instance

    Important: If you are using the same S3-compatible storage server across multiple HA environments (for example, Test and Production), make sure that each bucket has a unique name.

    		Name of the bucket

    DATA_PUSH_INTERVAL

    Interval at which an on-premises gateway instance should push data to the storage bucket

    Interval in milliseconds

    Default and minimum value: 300000 milliseconds

    SOURCE_HOSTNAME

    Used for identifying the active or standby on-premises gateway instances

    swp-mediator-<namespace> 

    The following snippet shows a sample ConfigMap:

    USE_ADE_STORAGE: false
    HIIG_HA_CLUSTER_ID: 0
    MINIO_ACCESS_KEY: "P3pWEoNUEmZB8i0zJAnC"
    MINIO_SECRET_KEY: "SgA3ntRrdM3nzUGpvKjRMQ2FJZNHujfngxJgTb"
    MINIO_SERVER_URL: https://vx-push-dev26.abc.com:9000
    MINIO_BUCKET_NAME: "hii-backup"
    DATA_PUSH_INTERVAL: "300000"
    ​​​​​SOURCE_HOSTNAME: "swp-mediator-iionpremha1"
  4. Save and close the ConfigMap.

  5. Perform a rolling restart of the swp-mediator pod:
    kubectl -n <namespaceName> rollout restart deployment swp-mediator
    Example: 
    ​kubectl -n iionpremha1 rollout restart deployment swp-mediator​

  6. Back up the /<user>/ii_auth directory and then delete it. 
  7. Create a directory and extract the utility files, hii-bmc-<buildNumber>.zip to the directory.
  8. Deploy one or more secondary instances, if not done yet.
    For more information, see Deploying the on-premises gateway in an on-premises Kubernetes or OpenShift cluster.
  9. Repeat steps from 2 to 5 for the secondary instances.

Related topics

Deployment scenarios

High-availability deployment for the on-premises gateway

Deploying the on-premises gateway in an on-premises Kubernetes or OpenShift cluster

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Helix Intelligent Integrations 26.1