GrC Services lifecycle

All environments are available to the customer at all times according the avilability SLA and do not have to be requested separately for use. The customer environments are strictly separated from each other by namespace isolation techniques. For the shared components of the underlying BMC Helix platform, client and data separation is implemented at the logical level.

The customer's data is isolated and not mixed with other customer data or between environments. 

This section covers the following topics relative to:

• • Architecture aspects
  • Storage capacity
  • Optional add-ons
  • Activation and onboarding activities
  • User access
  • Integrations
  • BMC Helix Discovery
  • BMC Helix AIOps

Architecture aspects

A BMC Helix for German Regulated Cloud customer environment consists by default of a production system that is mirrored in a failover cluster and thus designed redundantly. In addition, depending on the BMC Helix product, one or two additional non-production environments are provided for use.

• Production environment (production - redundant)
• Quality Assurance environment (non-production)
• Development environment (non-production)

Customers can subscribe for additional, non-production environments at any time by extending their subscription to the service.

The following table shows an overview of the environments that are delivered to the customer according to the selected subscription.

Service	Production	QA	Development
BMC Helix ITSM	✅️	✅️	✅️
BMC Helix Custom Applications	✅️	✅️	✅️
BMC Helix Digital Workplace	✅️	✅️	✅️
BMC Helix Business Workflows	✅️	✅️	✅️
BMC Helix Discovery	✅️		✅️
BMC Helix AIOps	✅️		✅️

Storage capacity

For Service Recipient data in BMC Helix Service Management subscriptions, the base capacity in the development, QA, and production environments is determined based on the total number of subscriptions.

The total number of subscriptions is calculated as Named + Concurrent (if any) User Subscriptions. The capacity allocation is as follows:

• Up to 199 User Subscriptions = 500 GB of storage
• For a total user subscription count of 200 or more, an additional 50 GB of storage will be al-located per 100 user subscriptions.

The calculation is based on the production database.

For BMC Helix AIOps subscriptions, your storage is accounted for within the SKUs purchased and additional storage is not applicable. 

Optional add-ons

The following table shows an overview of which additional subscriptions are possible for BMC Helix products.

Service	Additional Environment	Additional Storage	Non-Standard Integration	Special encryption for database fields
BMC Helix ITSM	✅️	✅️	✅️	✅️
BMC Helix Custom Applications	✅️	✅️	✅️	✅️
BMC Helix Digital Workplace	✅️	✅️	✅️	✅️
BMC Helix Business Workflows	✅️	✅️	✅️	✅️
BMC Helix AIOps	✅️		✅️
BMC Helix Discovery	✅️		✅️

BMC Helix additional environment

Only applicable to non-production environments. 

Additional storage capacity

In case additional database storage is needed, it can be ordered in packages of 50 GB for the environments (production and non-production). Additional storage, if purchased, will be applied to each environment (standard environments plus any additional environments purchased).

BMC Helix additional non-standard integrations

The Helix for German Regulated Cloud non-standard integration option provides for the support of an additional integration to the BMC Helix solution when needed. Use this option when there is:

• Additional email systems required (each non-standard Integration purchased entitles you to one additional email system)
• Additional FTP directories required (each non-standard integration purchased entitles you to one additional FTP site)

An approved integration method that is considered a customization – for example, an integration that uses a published web service will not require this option. However, if an integration uses an approved Java filter (which is considered a customization), you will be required to purchase the option for each filter.

Encryption of special database fields

Service Recipients may encrypt only certain character fields. This option utilizes AES 128-bit encryption. Please note that encrypted fields are not searchable. This feature is only available for Service Management and not for AIOps.

Activation and onboarding activities

Initial provisioning and activation of a customer environment that does not contain BMC Helix AIOps & Observability is completed within 5 working days. For environments that contain BMC Helix AIOps & Observability provisioning and activation will be completed within 30 working days. Within these timeframes, URLs and access information are sent to the client.

It includes licensing, import of essential master/configuration data, and so-called basic integrations:

• Configuration of the authentication source via HSSO (AD, LDAP, SAML, etc.)
• Configuration of e-mail integration
• Configuration FTP access

The integration of the BMC Helix Single Sign-On (HSSO) service is also configured with your activation. Please see the HSSO Documentation to find authentication methods.

User access

End users and users with rights to configure or administer the application access the application via a domain defined by Materna and a customer-specific prefix.

All URLs of the customer applications must be located in the helix-materna.de domain. All contained apps must be hosted under the standard product URLs defined by BMC Software.

Samples:

• ITSM Prod environment: https://<customerprefix>.helix-materna.de
• Smart IT Prod environment: https://<customerprefix>-smartit.helix-materna.de

Additional Information:

• Access to the environments is controlled via the central component BMC Helix SSO (HSSO). The product can be connected to customer backend systems
• Prerequisite on the customer side: Browser, Internet connection
• If BMC Helix AIOps & Observability is used, user administration takes place in the BMC Helix Portal. Users can be imported automatically via LDAP sync.
• With BMC Helix AIOps, user administration takes place in the BMC Helix Portal and users can be imported automatically via LDAP sync
• If multiple BMC Helix applications are used in combination with BMC Helix ITSM, the user administration (RBAC) is integrated into the BMC Helix ITSM solution

Integrations

The Helix for German Regulated Cloud service provides robust support for integrations between ITSM and Service Recipient on-prem systems. A subscription includes support for the following integrations, per environment:

• Site2Site VPN connection in between Materna DCs and Service Recipient DCs (if required)
• 1 authentication source (if required)
• 1 email integration (if required)
• 1 FTP site (if required)

Additionally, your subscription includes support for published interfaces (for example, web services and BMC Remedy AR System APIs), as long as the integration does not require additional infrastructure.

Service Recipients remain solely responsible for the development, implementation, maintenance, monitoring and troubleshooting of the integration itself. This work may be performed by Materna Professional Service, BMC Software or a trusted partner under a separate contract.

Connection with Site2Site VPN

A Site2Site VPN connection can be used to integrate GrC with the customer's backend systems.

Prerequisite on the customer side: Existing VPN gateway

Connection with BMC Helix Client Gateway

Alternatively, the integration of BMC Helix GrC with customers' backend systems can be realized using the BMC Helix Client Gateway. This is technically based on the Kaazing software.

Prerequisite on the customer side: The customer must provide a VM on which the Kaazing client can be installed. The VM must be able to communicate via the Internet.

Transferring files (file import/export)

The file transfer process defines how data files are imported into and exported from your BMC Helix environments.

An example of incoming information is the initial and ongoing loading of person, asset and related data. Examples of outbound information include reports and application debug logs.

File transfer process

For data transfer, customers receive separate accounts for each target environment (e.g. production, QA and development) on the SFTP servers provided. Within each account there are separate directories for incoming and outgoing transfers.

Storage of files

Files are retained in the directories for a maximum of 7 days.

Supported file transfer standards

The service supports encrypted connections and transfers (SFTP). User/password authentication and key authentication for SFTP are supported.

BMC Helix Discovery

For BMC Helix Discovery, the customer must deploy one or more Discovery Outposts in the desired data center(s).

Those outposts are connected to the Discovery Appliance (ideally by VPN or Kaazing), located on the BMC Helix GrC SaaS.

BMC Helix AIOps

To enable the deployed platform to monitor the customers IT-Infrastructure, the customer needs to provide the following applications within their network, depending on the use case, and connect them via Site2Site VPN or BMC Helix Client Gateway to SaaS:

Patrol Agents	Must be deployed to the customers network to monitor servers and other endpoints
Netreo Appliance	Must be deployed to the customers network to monitor network devices
BMC Helix Intelligent Integration	Might be necessary to deploy in customer network depending on architecture.

Agentic AI use case

All AI capabilities (LLM, ML) that are required for the usage of AIOps are part of the deployed AIOps solution and are running on the dedicated customer hardware. Please follow these instructions to setup your HelixGPT Agentic AI use cases. 

Please review BMC HelixGPT for AIOps for the list of agents and use cases available. For BMC Helix AIOps Agentic AI use cases, there are specific generative functions which require a Google Vertex AI account that needs to be provided by the customer. Please refer to the BMC Helix AIOps Google Vertex configuration instructions here: Configuring settings to use the AI-powered capabilities in BMC Helix AIOps.

Additional information for BMC Helix AIOps

Data Separation

For AIOps the data separation between different customers is guaranteed by the deployment model. For AIOps every customer environment will be deployed on dedicated hardware what will also result in a longer activation timeframe (30 working days).

Data Retention and storage limit

For AIOps data the following retention times and storage limits are defined:

Data type	Description	Retention period	Storage limit
Events	Open events are closed 90 days after last modification date Closed events remain in the system for 90 days prior to being deleted	90 days	400 GB of events, raw metrics and aggregated metrics for every 1,000 assets licensed
Raw metrics	All raw metrics stored in the solution	90 days
Logs	All log records that are stored in the solution	3 days	1 GB of daily ingestion for every 1,000 BMC Helix Operations Management - Monitoring and Event Management for Servers or BMC Helix Operations Management – Monitoring and Event Management - Resource Unit quantities purchased (i.e. 1 MB per license)
Spans	All distributed tracing span records stored in the solution	7 days	1 Million spans per month for every 1,000 BMC Helix Operations Management - AIOps Add-On for Servers or BMC Helix Operations Management - AIOps Add-On - Resource Unit quantities purchased (i.e. 1,000 spans per license)