FAQ

Here are some answers to the most frequently asked questions about the BMC Helix IT Operations Management containers.

BMC Helix Operations Management


Can we import BMC Helix Operations Management policies from a file?

Yes, please contact BMC Support.


Can we generate a PATROL Agent Report of all agents BHOM tenant in csv file format?

Yes, please contact BMC Support.


Device Report generated of BMC Helix Operations Management tenant to csv ?

Yes, please contact BMC Support.


Can we test connectivity between a host and the target BHOM tenant?

Yes, please contact BMC Support.


Can we generate a solution deployment report detailing all solutions and versions deployed to PATROL Agents that match the given regex pattern?

Yes, please contact BMC Support.


How to move PATROL Agents from one Helix instance to another?

See, Migrating PATROL Agents from TSOM to BHOM and Migrating PATROL Agents in the BMC PATROL Agent for BMC Helix Operations Management documentation.


What are the supported versions of PATROL Agents for BHOM?

See, BMC PATROL Agent documentation.


Where are details for Monitoring Solutions for BMC Helix Operations Management?

See, Monitoring solutions in BMC Helix Operations Management in the BMC Infrastructure Management-PATROL Repository documentation.


What are the supported versions of the Infrastructure Components?

See, System-requirements.


Does BMC Helix support Forward Proxy for PATROL Agents?

Yes, we have documented an example using Squid. However, you can utilize your own forward proxy. Discuss it with your Network Administrator.

For more information, see Configuring a Squid proxy server in the BMC PATROL Agent for BMC Helix Operations Management documentation.


BMC Helix Intelligent Integrations


How is high availability achieved for the BMC Helix Intelligent Integrations on-premises gateway?

You can achieve high availability for the on-premises gateway by deploying it in an active-passive high availability configuration. The MinIO instance available in the BMC Helix IT Operations Management on-premises deployment is used as the backup and restore location of the on-premises gateway.

For more information, see Configuring the on-premises gateway for high availability in the BMC Helix Intelligent Integrations documentation.


Certificates


Can we use self-signed or custom CA certificates?

Yes, for more information, see Using-custom-CA-signed-certificates.


How do I get a Certificate Authority (CA) signed certificate for load balancer configuration?
  1. Create a certificate signing request (csr) file by using OpenSSL.
  2. Submit the file <your.domain.com>.csr to your CA and request a signed certificate.
  3. Import the CA's reply.


Disaster recovery


How can I define a URL for the MinIO on my standby site for replication when the MinIO on my primary and standby sites is deployed with the same URL?

Perform the following steps on the standby site:

  1. To get the MinIO Ingress rule, run the following command:

    kubectl -n <namespace> get ing | grep ^minio

    <namespace> is the namespace where you deployed BMC Helix ITOM.
    Sample output:

    # kubectl -n ITOM-namespace get ing | grep ^minio
    minio                                                  <none>   serta-minio.adeonprem.bmc.com       172.20.112.175                      80      20d
    minio-api                                              <none>   serta-minio-api.adeonprem.bmc.com   172.20.112.175                      80      20d
    #
  2. Create new MinIO Ingress rules for minio and minio-api.
    For example:  
     serta-minio-India.adeonprem.bmc.com 
    serta-minio-India-api.adeonprem.bmc.com
  3. Use new MinIO Ingress rules to define the URL for the MinIO on the secondary site for replication.
What are the prerequisites to enable Disaster Recovery (DR)?

DR requires additional storage and CPU/Memory resources for backups.
See Sizing-and-scalability-considerations for additional resources required for DR.


Which version of the product supports DR?

DR is supported from version 23.4.00, but the most recommended version is 24.2.00.


What are the additional resources required for DR?

See the Sizing and scalability considerations for additional resources required for DR.
Important: The actual storage requirement depends on the stack and data. Hence, further fine-tuning might be required. 


Can I use NFS as a storage provider for DR??

No, NFS is not a supported storage provider for DR.
NFS does not provide the required performance support. Also, the PVC size increments are not supported for NFS-backed storage.


What are the RPO and RTO numbers supported by BMC?

See Sizing-and-scalability-considerations.


What should be the resource requirement for the standby site?

Both primary and standby sites should be deployed with the same resources and sizing.
See Configuring-disaster-recovery.


Will there be any downtime while enabling backups?

It takes about 30 minutes to enable backup. This process restarts storage components such as MinIO, PostgreSQL, and VictoriaMetrics.
Though you don’t require explicit downtime, we recommend enabling the backups during low-load conditions.


Will there be any impact on application performance when the backups are running?

DR is configured to run a single full backup in a day, and the rest will be incremental backups.
No major performance impacts were observed during backups performed in BMC’s test labs.


Is there any general recommendation from BMC to enable backups?

The first backup is a full backup and will take longer than the incremental backups. Therefore, we recommend that you enable the backups during low-load hours.


Can I enable backups when I have not created the standby site?

You can enable backups without a standby site, but backups will be stored on the local cluster and will not provide any protection against cluster failure. 


Is Point-in-time recovery (PITR) supported by DR?

No. Currently, PITR is not supported by DR.

Should I perform any manual steps before enabling the backups?

There are a few manual steps required apart from modifying the disaster-recovery.config file.
See Configuring-disaster-recovery for detailed steps.


Should I modify any configuration file before enabling the backups?

Yes, disaster-recovery.config file serves as an input file for DR configurations.


What are the steps to enable the backups?

See “To configure data backup on the primary site” in the Configuring-disaster-recovery topic.


Can I enable backups for partial or specific components?

No, currently we do not support backup of specific components.


How long will it take for backups to get configured?

Configuring backups for DR takes around 15-30 minutes, depending upon the cluster size.


How does the backup scheduling work?

As part of the configuration, you must provide a backup interval in hours (DR_BACKUP_INTERVAL_IN_HOUR). All the backups are scheduled based on the cron scheduling format.
For example, if you set the value of the DR_BACKUP_INTERVAL_IN_HOUR parameter to 1 hour, data backup is performed at the start of every hour according to the cron schedule (0 */1 * * *).


When will my first backup get triggered?

If your current cluster time is 2:15 P.M. on November 2, and you set the value of the DR_BACKUP_INTERVAL_IN_HOUR parameter as 1 hour

  1. The first backup will occur at 3:00 P.M. This backup will be a complete data backup.
  2. Subsequent backups will occur at 4.00 P.M., 5.00 P.M., 6.00 P.M., and so on. These backups will be incremental.
  3. At 3:00 P.M. on November 3, a complete data backup will occur.


How can I confirm that the backups are successful?

If a backup fails, an email gets triggered to the operator’s email ID specified during the stack deployment.
You can also find the backup status from MinIO. See the <bucket name>/<site name>/backupStatus/backup.log file for backup status and logs.


Will I receive a notification about the success or failure of backups?

For successful backups, you will not get any notification. If a backup fails an email notification is sent to the operator’s email ID that was defined during stack deployment.


How can I monitor the storage utilization of backups?

Go to the Object Browser on the MinIO console to check the data size uploaded to MinIO.  To check the actual storage utilization, go to the Monitoring tab on the MinIO console.


Can I temporarily disable the backups?

Yes, you can disable backups. For more information, see Configuring-disaster-recovery.


Can I customize the retention period of the backups?

Yes, you can set the retention period in the disaster-recovery.config file. For more information, see Configuring-disaster-recovery.


Should I disable backups during upgrades or while applying hotfixes?

Data backup is automatically disabled during an upgrade. You must enable backups after the upgrade. For more information, see Configuring-after-upgrade.

Before applying a hotfix, you must disable the data backup.


What should I do if my backups are not running?

Backups may fail due to multiple reasons. Please check back.log and take appropriate action. 


What are the guidelines for installing a standby site?

See the topic Configuring-disaster-recovery.


Is there a way I can save the resources required for the standby site?

After installing or upgrading BMC Helix ITOM on the standby site, scale down the application pods to reduce the resource requirement during unused periods. 


What are the guidelines for upgrading the standby site?

You must first upgrade the primary site. After completing the first full backup on the primary site, you must upgrade the standby site.


What are the guidelines for upgrading the primary site?

No explicit steps are required for upgrading the primary site. However, it is mandatory to disable the backups before upgrading the primary site, because an upgrade might hamper the overall performance.
For more information, see Configuring-after-upgrade.


Is it mandatory to keep the standby site in the scale-down mode?

No, it is not mandatory to keep the standby site in the scale-down mode. 
Keeping the standby site in the scale-down mode will reduce the overall requirement of resources during unused periods.


How to scale down and scale up?

To scale up, go to helix-on-prem-deployment-manager/utilities/disaster-recovery/dr-scale and run the command ./product_scale.sh up .
To scale down, go to helix-on-prem-deployment-manager/utilities/disaster-recovery/dr-scale and run the command ./product_scale.sh down.
For more information, see Configuring-disaster-recovery.


Are there any prerequisites to enable replication?

Make sure that the secondary MinIO is reachable from the primary MinIO. Modify the minio and minio-api ingress as described in the “Replication from the primary site to the standby site” section in the Configuring-disaster-recovery topic.


How can I configure the replication of data from the primary to the standby site?

See “Replication from the primary site to the standby site” in the Configuring-disaster-recovery topic.


Can I replicate the data from MinIO to AWS S3?

For data replication, we leverage MinIO’s bucket replication feature because it supports replication to AWS S3.
Though it is possible to replicate the data to AWS S3, it is not explicitly tested by BMC.


How do I check that the replication of data is successful?

A simple check would be to validate that the object count or size present on both the primary and standby sites is the same. Detailed checks can be done by using the MinIO client.


Are there any prerequisites before running the restore process?

Before starting the restore process, it is important to make sure that the data is available in MinIO and that the standby site runs on the same version of BMC Helix ITOM as the primary site.
The restore process will validate the version before proceeding.


What are the steps required to perform the restore operation?

See Restoring-data-on-the-standby-site.


Should I scale down or scale up my site before running the restore process?

You don't need to perform manual scaling operations; the restore operation will handle it automatically.


My product version on the standby site is different from the primary site. Will I still be able to restore data?

No, both primary and standby sites must have the same version of BMC Helix ITOM.
If the version is different, the restore operation will not continue.


Should I keep the data in MinIO after the restore process is complete?

After a successful restore, you can delete data from MinIO to free up the space.


When can I start my backup on the standby site after it is restored?

You must enable backups on the standby site after the restore is complete.


What are the steps to fall back to the original primary site?

See Disaster-recovery-deployment.


Enablement



Does BMC offer installation and migration assistance?

Yes, for more information see Success Subscriptions.


Does BMC offer Education subscriptions for on-premises deployments?

Yes, see BMC Education Subscription ServicesBMC Helix On-Premises IT Operations Management Container Deployment: Essential Subscription, and BMC Helix On-Premises IT Service Management Container Deployment: Essential Subscription


Health check


How do I obtain the ITOM and Helix Portal (Common Services) Health Check Tool?

See, BMC Helix onprem installation health check tool.


Kubernetes


How is high availability achieved?

High availability is achieved through Kubernetes, which uses virtual services to load balance application pods across the cluster.

High availability is enabled for all but the compact sized deployments using multiple pods for each service.

For more information about system usage profiles, see Sizing-and-scalability-considerations.


What is the difference between an Nginx ingress controller (internal to the cluster) and a network load balancer (external to the cluster)?

The Nginx Ingress controller is used to route requests to the appropriate services and pods within the cluster. Network load balancing is used to distribute the load of incoming requests across multiple nodes.


Do the container images of the application provide a liveliness probe and a readiness probe?

Where appropriate both readiness and liveness probes are defined in BMC images.


Does BMC support any other Ingress controllers other than Ingress NGINX?

No, currently only Ingress NGINX is supported.


How are the logs managed?

BMC Helix Logging is not available if you install BMC Helix ITOM version 23.2.02 or upgrade to BMC Helix ITOM 23.2.02 from an earlier version.
For an alternate method to view logs, see Why is Helix Logging not available in ITOM Deployment version 23.2.02? .


Does the deployment use CI/CD pipelines?

BMC provides deployment software automation and does not support Webhooks or CI/CD pipelines.


Does BMC use "latest" tags in container images?

BMC does not use "latest" tags and uses versions wherever possible.


Does the container registry require access to the internet?

BMC software supports air-gapped deployments from a local registry which has been synchronized with the BMC containers.bmc.com.

For more information, see Setting-up-a-Harbor-registry-in-an-air-gapped-environment-and-synchronizing-it-with-BMC-DTR.


Does BMC set limits in the deployment, the DeploymentConfig, the StatefulSet, or the respective Kubernetes object used?

We set default requests and limits for all services. 


Migration


Can we migrate TSOM configurations to BMC Helix Operations Management?

Yes, seeConverting PATROL Agent Pconfig rules to Policy ManagmentMigrating TSOM Infrastructure Policies to BHOM with the bhompolicymigratorMigrating PATROL Agents from TSOM to BHOMManaging BHOM with the bhomadmin toolkit


Can we migrate TSOM Blackout Policies to BMC Helix Operations Management Blackout Policies?

Yes, you must do it manually.


Network


Are application DNS aliases required before running installation?

Yes, all DNS aliases must be set up before the installation and should resolve to the network load balancer.

For more information, see Load-balancer-requirements.


What type of load balancers has BMC tested?

For local testing purposes, we have used an F5 load balancer. 
You can use your existing vendor-specific load balancer. You must make sure the DNS resolution and lookups are working fine. 

For more information, see Load-balancer-requirements.


Is Static IP mandatory for the common services (ADE platform)?

The Static IP is a requirement for the common services and not for BMC Discovery. 
To get Static IP reach out to the in-house IT team to generate or assign for the environment.

The IP requirements are for the load balancer and the DNS. If we have a Static IP then making and maintaining configuration changes becomes less cumbersome when compared to maintaining a DHCP setup. 


What ports must be enabled for the Helix Platform?

See, Network-ports.


What firewall settings are required?

See, Network-ports


On-premises deployment


Where can I find the important configuration files for on-premises deployments?

See, Configuration-file-settings.



Where can I find sample configuration files for BMC Helix Operations Management?

See, Example-configuration-files-for-BMC-Helix-Operations-Management.


How do I change the encryption or decryption password?

Perform these steps if you forget the encryption password or if you need to change it:

  1. Delete the common/certs/secrets folder and its contents.
  2. Create the secrets.txt file with new passwords.
  3. Run the deployment manager again.
    Important
    If you do not delete the secrets folder and try to create a new secrets.txt file, the process fails with a message to delete the secrets folder.


Where can I find sample configuration files for BMC Helix Continuous Optimization?

See, Example-configuration-files-for-BMC-Helix-Continuous-Optimization.


Where can I find sample configuration files for BMC Helix Intelligent Automation?

See, Example-configuration-files-for-BMC-Helix-Intelligent-Automation.


Does BMC Helix on-premises support a single Helix Portal (Common Services) with ITSM and ITOM?

Yes, we do support a single Helix portal with BMC Helix ITSM and BMC Helix ITOM.

Please raise a case with BMC Support to help you confirm requirements.


Security


Should I update the default passwords after installation?

We recommend that you update default passwords for VMs, databases, and products to be compliant with your security policy to prevent any security issues. 


Does BMC perform security scans on their images before they release?

Yes, we do. However, if you find any subsequent security vulnerabilities, please raise a case with BMC support.


Do containers have a default users?

We use our own canonical container images which use a bmcuser in the majority of cases. We will not be able to align with the base container images used by customers as these can vary widely.

For data layer services (such as Kafka, Postgres, and ElasticSearch), we use Community Edition containers which include all default users and libraries. We might amend these images if we identify security exceptions but otherwise, they are unaltered.


Sizing


I am unsure about the sizing of the Helix on-premise platform. How do I get advice?

See, Sizing-and-scalability-considerations.


Software


How do I obtain access to the on-premises software?

Please contact the BMC Account Manager.


How do I download the deployment manager and container images?

See, Downloading-the-deployment-manager.


Does BMC Helix ITOM utilize Jenkins to deploy the product?

No, BMC Helix ITOM does not utilize Jenkins to deploy the product.


Does BMC provide Docker files for each container image?

No, we do not provide a Docker manifest for container images.


Can I use latest versions software for Kubernetes, Helm, and Docker?

Supported versions are detailed in the product documentation. You may encounter issues with unsupported versions.


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*