Deployment requirements checklist

Use the planning worksheets to design the installation and implementation of BMC Helix IT Operations Management in your on-premises environment. 

Tip

To export the current page to Word format, from the Export menu in the upper-right, select Export to Word.

Related topics

Deployment-assessment-questionnaire

Planning-worksheets


Requirements checklist

Use the following check list to plan and prepare for BMC Helix IT Operations Management installation:

Requirement

Description

Reference

Verification method

Expected outcome

Customer recorded outcome

Name of customer owner

Completion date

Status

Hardware

Master nodes

Check the overall deployment sizing requirements
for your containerized environment such as total
number of servers, total number of CPU,
memory, and disk space.

We do not provide sizing guidelines for master
nodes.
You can configure the master nodes based on
your environment requirements.







Master node disk space

Master nodes must have a minimum of 150GB
of free disk space.







Worker nodes

Check the overall deployment sizing requirements
for your containerized environment such as total
number of servers, total number of CPU, memory,
and disk space.







Worker node disk space

Worker nodes must have a minimum of 100GB
of free disk space.

Storage

High performance of Kubernetes Persistent
Volume Disk is essential for the overall system
performance. 
Persistent Volume Disk requires block and NFS
storage.

We support a Bring-Your-Own-Storage model for
Kubernetes Persistent Volumes.







We recommend that you use solid-state drive (SSD).

Important: PVc storage is mandatory for ITOM
implementation with a small requirement NFS. 

See Sizing-and-scalability-considerations to know
the latency and IOPS required for 
BMC Helix IT Operations Management

Run IOSTAT or equivalent disk
performance tool.

Performance should be as per BMC's recommendation.





BMC Helix Operations Management requires that
two Services - Smart-Graph Controller
(EFS_STORAGE_CLASS) and Repository
use NFS Storage Class.

Important: Block Storage is not supported for 
these two Services.

Run the following command to check if
storage is in 'Bound' state:
kubectl get pv -o wide

Storage should be in 'Bound' state.





Operating System

For all worker nodes, set the
sysctl -w vm.max_map_count parameter
to 262144 before deployment.

Discuss with system administrator of
the Operating Systems.






Install the time synchronization protocol to
synchronize the date and time on all nodes.

Discuss with system administrator.






High Availability (HA) and Disaster Recovery (DR)

Check how the containerized platform is built
for HA and DR.

HA is built as default with all production ready
configurations.

Contact BMC Product Manager for more details
for DR. 







Disk storage

Make sure that Kubernetes storage is in a 'Bound'
state and PCV is binding to the storage class.

The StorageClass Resource
in Kubernetes documentation.

Create a PersistentVolumeClaim
in Kubernetes documentation.







Software

Harbor registry

Install Harbor registry and set up SSL.

We recommend you deploy the Harbor registry
on a different system than the Kubernetes cluster.

Registry the Harbor registry with DNS and
configure it to use SSL.







Install latest version of SSL on the Harbor server.







Docker

Install Docker Compose version 1.29.2 on Harbor
Server.







Email Engine

The Common Services script
(deployment-manager.sh) attempts to connect
to an SMTP server and validates login.
The SMTP server is required to activate
a tenant through email.

We support all SMTP server types that can
communicate with the cluster.

A valid SMTP server is required for Production.
If you are running a POC or a Demo system
you might use the SMTP Sink process to
generate the activation email in a text file
on the Server.







Security Certificates

BMC Helix IT Operations Management 21.3.03 onwards,
you can use self-signed or custom CA certificates
while deploying BMC Helix Operations Management.

BMC Helix Continuous Optimization supports

self-signed or custom CA certificates for
version 22.2.01 or later.

Both Harbor registry and load balancer must
use SSL certificates (wild card certification
is supported).








Network

Firewall Ports

To deploy the BMC Helix IT Operations Managementa few network ports must be open for
both Ingress and Egress.
Within the cluster, each pod has open ports to
communicate with each other and with
persistent storage.


All names are resolved.





Firewall policies

Update your firewall policies to enable access to
BMC DTR.
Use the following fully qualified domain names:

  • containers.bmc.com
  • containers-glb.bmc.com
  • containers-irl.bmc.com
  • containers-msr-irl.bmc.com








Platform Software

Configure Static IP for Kubernetes environment,
on all master and worker nodes.

Static IP is recommended for easy LB
configuration and DNS entries.


Run the following command:
cat /etc/sysconfig/network-
scripts/ifcfg-ens<ethnum>


TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
IPADDR=<IP that is assigned>





DNS and URL Formation

Configure the following URLs and DNS with the
help of your internal IT team:

  • Tenant Management Service (TMS) 
  • BMC Helix Single Sign-on(HSSO)
  • Tenant access
  • MinIO (MINIO_LB_HOST and MINIO_API_LB_HOST)
  • Kibana load balancer host
  • BMC Discovery

URL for TMS, RSSO, and MinIO:
<any unique string>.$FQDN

URL for tenant access:
$COMPANY_NAME-
$TENANT_TYPE-
$ENVIRONMENT.$FQDN

URL forBMC Discovery:

$COMPANY_NAME-disc-
$TENANT_TYPE-
$ENVIRONMENT.$FQDN

nslookup okd-tms.pe.example.com

Server:  gtm-prod-usa-phx-01-idns.example.com
Address:  xxx.xxx.xxx.xxx


Name:    loadbalancer-vip.example.com
Address:  xxx.xxx.xxx.xxx
Aliases:  okd-tms.pe.example.com





Load balancer

Configure the load balancer.

F5 load balancer and other
load balancers are supported.

The following load balancer

SSL methods are supported:

  • SSL Offloading at the
    load balancer
  • SSL Passthrough to offload
    at the Ingress Controller
  • SSL Full Proxy

Allow X-Forwarded- Headers
Upstream of Ingress.

Make sure that you
configure the following headers
for SSL Offloading at the
load balancer:

    X-Forwarded-Proto—https
    X-Forwarded-Host
    X-Forwarded-Port—443





Make sure you set the following parameters:

  • LB_HOST
  • TMS_LB_HOST
  • MINIO_LB_HOST
  • MINIO_API_LB_HOST
  • KIBANA_LB_HOST 
  • TMS

A network administrator must validate
the parameters on a load balancer. 

After the ingress controller is configured, if you browse to the URLs, you must get 'default backend -404' error.





Monitor

Configure a forward proxy for Patrol Agents, if used.

Configuring a Squid proxy server
in the BMC PATROL Agent for BMC Helix Operations Managementdocumentation.





Kubernetes

Container

Review the supported Kubernetes versions forBMC Helix IT Operations Managementinstallation.





Review the container orchestration and the versions (For example, Rancher, OpenShift) used forBMC Helix IT Operations Managementinstallation. 





Functional

Test simple pod deployment.

Make sure that the Kubernetes cluster with master and worker nodes are fully functional before installation.

Getting started
in the Kubernetes documentation.

Run the following command to test
the deployment:

kubectl get pods -o wide

Make sure the pods

are in a running state and deployed across the nodes.





Ingress

Nginx Ingress controller is used to distribute the load between the services.

Review the supported Ingress controller versions and the parameter value requirements in the nginx-configuration configmap.

Run the following command to 
check the version of the ingress controller:
kubectl exec -it -n internet-ingress internet-ingress-controller-5vzrv -- /nginx-ingress-controller --version






Create a sample Ingress resource and test to make sure it's functioning with the load balancer.

Ingress
in Kubernetes documentation.

See "Hello world" yaml as an example.Set up Ingress on Minikube

in Kubernetes documentation.


Ingress resources must function with the external load balancer before installing   BMC Helix IT Operations Management





Ingress parameters

Review parameter value requirements in the nginx-configuration configmap in the ingress-nginx namespace:

enable-underscores-in-headers—true
proxy-body-size—256m
proxy-connect-timeout—300
proxy-read-timeout—600
proxy-send-timeout—600
use-forwarded-headers—true

server-name-hash-bucket-size       1024
ssl-redirect        false

ConfigMaps
in Kubernetes documentation.

Run the following command:
kubectl describe cm nginx-configuration 
-n ingress-nginx





Helm

Review the supported Helm version for BMC Helix IT Operations Management installation.







KUBECONFIG

KUBECONFIG must be configured to point to the Kubernetes cluster on the installation workstation.






Platform software

Verify that all nodes are in ready state.

For Kubernetes, run the command on the node
where kubectl is installed:
kubectl get nodes -n namespace

For Openshift, run the command where the OC
CLI is installed:
oc get nodes -n namespace

All nodes must be in ready state.





OpenShift only

For all the product components, make sure that you increase the number of threads to 4096 per node so that sufficient threads are available to the processes running in the containers

Number of threads
in the Elasticsearch documentation.





Deploying the ingress controller for OpenShift






OpenShift cluster must have access to the NGINX Ingress Controller or Operator.

Run the following commands:

kubectl get ns
kubectl get pod -n OpenShift-
ingress-operator

OpenShift-ingress Active 20d
OpenShift-ingress-operator Active 20d

NAME READY STATUS RESTARTS AGE
ingress-operator-7f6bf4f94b-bzrv5 2/2 Running 0 20d





Discovery

BMC Discovery

Install and set up BMC Discovery.

BMC Discovery is a mandatory requirement to deploy 

BMC Helix Operations Management and is optional for

BMC Helix Continuous Optimization.

Log in to the
BMC Discovery Console
and navigate to various UI options.





BMC Helix Single Sign-on

Disconnect from existing BMC Helix Single Sign-on.

If BMC Discovery is connected to LDAP, you must disconnect it during the installation of BMC Helix Operations Management, as BMC Helix Operations Managementdeploys a new SSO Service. The installer connects BMC Discovery to this new SSO Service which then can be added back to LDAP manually.


If you are able to log in to BMC Discovery
with local user account, RSSO is not integrated.





Backup

Docker 

Download the required software from
BMC Docker Trusted Registry (DTR)
 and access the tokens from
BMC Electronic Product Distribution  (EPD).

Important: You need a license to download
the required software.
Contact your Account Manager for license.

Trial licences are time limited. 


Software is downloaded from BMC DTR to local Harbor registry.





Snapshot

If you are using VMware or similar platform, we recommend that you take a snapshot of BMC Discovery, and control and worker nodes before starting the deployment

NA


Confirm if an action is taken.
Yes or No





BMC Helix Operations Management

Make sure you have deployed the latest version of PATROL Agents.






Health Check Validation

Health Check Tool

The Health Check Tool helps you validate that your environment is configured correctly. The Health Check Tool artifacts are available in the BMC Helix Containerization Group on BMC Community. Alternatively, you can contact BMC Support and log a support case to obtain the tool artifacts.

After updating the infra.config, run the tool on the server which is connected to the cluster.

All checks must pass before proceeding with the installation.







 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*